Warning: Permanently added '10.128.1.126' (ED25519) to the list of known hosts.
2025/11/27 05:43:25 ignoring optional flag "type"="gce"
2025/11/27 05:43:25 parsed 1 programs
2025/11/27 05:43:28 executed programs: 0
[  107.538323][ T5938] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.595898][   T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.601291][   T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.602271][   T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.603485][   T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.604209][   T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.827101][ T6001] chnl_net:caif_netlink_parms(): no params data found
[  108.086075][ T6001] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.086205][ T6001] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.086313][ T6001] bridge_slave_0: entered allmulticast mode
[  108.087791][ T6001] bridge_slave_0: entered promiscuous mode
[  108.090321][ T6001] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.090447][ T6001] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.090546][ T6001] bridge_slave_1: entered allmulticast mode
[  108.092201][ T6001] bridge_slave_1: entered promiscuous mode
[  108.249767][ T6001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.252556][ T6001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.417391][ T6001] team0: Port device team_slave_0 added
[  108.419703][ T6001] team0: Port device team_slave_1 added
[  108.586916][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.586933][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.586948][ T6001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.588491][ T6001] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.588503][ T6001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  108.588524][ T6001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.760994][ T6001] hsr_slave_0: entered promiscuous mode
[  108.761789][ T6001] hsr_slave_1: entered promiscuous mode
[  109.624653][ T5121] Bluetooth: hci0: command tx timeout
[  110.605410][ T6001] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  110.639315][ T6001] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  110.681405][ T6001] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  110.720917][ T6001] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  110.883446][ T6001] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.909207][ T6001] 8021q: adding VLAN 0 to HW filter on device team0
[  110.917032][ T1471] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.917297][ T1471] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.930804][ T1471] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.930998][ T1471] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.299562][ T6001] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.363705][ T6001] veth0_vlan: entered promiscuous mode
[  111.381108][ T6001] veth1_vlan: entered promiscuous mode
[  111.439836][ T6001] veth0_macvtap: entered promiscuous mode
[  111.450270][ T6001] veth1_macvtap: entered promiscuous mode
[  111.472653][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.487132][ T6001] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.501225][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.501475][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.501509][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.501540][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.713002][ T5121] Bluetooth: hci0: command tx timeout
[  111.768042][ T6088] loop0: detected capacity change from 0 to 2048
[  111.845693][ T6088] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  111.939213][ T6088] jffs2: notice: (6088) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  112.024617][ T6094] ==================================================================
[  112.024630][ T6094] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.024662][ T6094] Read of size 1 at addr ffff888038db0128 by task jffs2_gcd_mtd0/6094
[  112.024674][ T6094] 
[  112.024695][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.024709][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.024724][ T6094] Call Trace:
[  112.024733][ T6094]  <TASK>
[  112.024740][ T6094]  dump_stack_lvl+0x189/0x250
[  112.024760][ T6094]  ? __virt_addr_valid+0x1c8/0x5c0
[  112.024778][ T6094]  ? rcu_is_watching+0x15/0xb0
[  112.024791][ T6094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.024808][ T6094]  ? rcu_is_watching+0x15/0xb0
[  112.024819][ T6094]  ? lock_release+0x4b/0x3e0
[  112.024835][ T6094]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  112.024854][ T6094]  ? __virt_addr_valid+0x1c8/0x5c0
[  112.024871][ T6094]  ? __virt_addr_valid+0x4a5/0x5c0
[  112.024888][ T6094]  print_report+0xca/0x240
[  112.024905][ T6094]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.024919][ T6094]  kasan_report+0x118/0x150
[  112.024937][ T6094]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.024953][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.024967][ T6094]  __kasan_check_byte+0x2a/0x40
[  112.024984][ T6094]  lock_acquire+0x8d/0x360
[  112.025000][ T6094]  ? do_raw_spin_lock+0x121/0x290
[  112.025016][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.025041][ T6094]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.025071][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.025086][ T6094]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  112.025105][ T6094]  jffs2_garbage_collect_pass+0xad/0x20e0
[  112.025120][ T6094]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  112.025141][ T6094]  ? rt_mutex_slowunlock+0x493/0x8a0
[  112.025157][ T6094]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  112.025172][ T6094]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  112.025190][ T6094]  ? rt_spin_unlock+0x161/0x200
[  112.025205][ T6094]  ? sigprocmask+0x15d/0x1a0
[  112.025223][ T6094]  jffs2_garbage_collect_thread+0x613/0x6b0
[  112.025244][ T6094]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  112.025262][ T6094]  ? __kthread_parkme+0x7b/0x200
[  112.025280][ T6094]  ? __kthread_parkme+0x1a1/0x200
[  112.025299][ T6094]  kthread+0x711/0x8a0
[  112.025318][ T6094]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  112.025334][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.025352][ T6094]  ? rt_spin_unlock+0x150/0x200
[  112.025370][ T6094]  ? rt_spin_unlock+0x161/0x200
[  112.025382][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.025399][ T6094]  ret_from_fork+0x4bc/0x870
[  112.025414][ T6094]  ? __pfx_ret_from_fork+0x10/0x10
[  112.025431][ T6094]  ? __switch_to_asm+0x39/0x70
[  112.025444][ T6094]  ? __switch_to_asm+0x33/0x70
[  112.025455][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.025473][ T6094]  ret_from_fork_asm+0x1a/0x30
[  112.025493][ T6094]  </TASK>
[  112.025498][ T6094] 
[  112.025508][ T6094] Allocated by task 6088:
[  112.025516][ T6094]  kasan_save_track+0x3e/0x80
[  112.025531][ T6094]  __kasan_kmalloc+0x93/0xb0
[  112.025545][ T6094]  __kmalloc_cache_noprof+0x1ef/0x6c0
[  112.025562][ T6094]  jffs2_init_fs_context+0x4f/0xc0
[  112.025576][ T6094]  alloc_fs_context+0x65c/0x7e0
[  112.025594][ T6094]  do_new_mount+0x172/0xa10
[  112.025610][ T6094]  __se_sys_mount+0x313/0x410
[  112.025625][ T6094]  do_syscall_64+0xfa/0xfa0
[  112.025642][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.025655][ T6094] 
[  112.025658][ T6094] Freed by task 6001:
[  112.025665][ T6094]  kasan_save_track+0x3e/0x80
[  112.025680][ T6094]  __kasan_save_free_info+0x46/0x50
[  112.025692][ T6094]  __kasan_slab_free+0x5c/0x80
[  112.025707][ T6094]  kfree+0x197/0x950
[  112.025721][ T6094]  deactivate_locked_super+0xbc/0x130
[  112.025734][ T6094]  cleanup_mnt+0x425/0x4c0
[  112.025745][ T6094]  task_work_run+0x1d4/0x260
[  112.025757][ T6094]  exit_to_user_mode_loop+0xe9/0x130
[  112.025775][ T6094]  do_syscall_64+0x2bd/0xfa0
[  112.025792][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.025806][ T6094] 
[  112.025810][ T6094] The buggy address belongs to the object at ffff888038db0000
[  112.025810][ T6094]  which belongs to the cache kmalloc-4k of size 4096
[  112.025823][ T6094] The buggy address is located 296 bytes inside of
[  112.025823][ T6094]  freed 4096-byte region [ffff888038db0000, ffff888038db1000)
[  112.025840][ T6094] 
[  112.025845][ T6094] The buggy address belongs to the physical page:
[  112.025867][ T6094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38db0
[  112.025882][ T6094] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  112.025895][ T6094] flags: 0x80000000000040(head|node=0|zone=1)
[  112.025913][ T6094] page_type: f5(slab)
[  112.025928][ T6094] raw: 0080000000000040 ffff88813ff27140 dead000000000122 0000000000000000
[  112.025942][ T6094] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  112.025956][ T6094] head: 0080000000000040 ffff88813ff27140 dead000000000122 0000000000000000
[  112.025967][ T6094] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  112.025980][ T6094] head: 0080000000000003 ffffea0000e36c01 00000000ffffffff 00000000ffffffff
[  112.025992][ T6094] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  112.026000][ T6094] page dumped because: kasan: bad access detected
[  112.026012][ T6094] page_owner tracks the page as allocated
[  112.026017][ T6094] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6088, tgid 6086 (syz-executor.0), ts 111937957039, free_ts 111902421481
[  112.026046][ T6094]  post_alloc_hook+0x234/0x290
[  112.026072][ T6094]  get_page_from_freelist+0x28c0/0x2960
[  112.026093][ T6094]  __alloc_frozen_pages_noprof+0x181/0x370
[  112.026114][ T6094]  alloc_pages_mpol+0xd1/0x380
[  112.026132][ T6094]  allocate_slab+0x96/0x350
[  112.026146][ T6094]  ___slab_alloc+0xb10/0x1400
[  112.026158][ T6094]  __slab_alloc+0xc6/0x1f0
[  112.026171][ T6094]  __kmalloc_cache_noprof+0xec/0x6c0
[  112.026189][ T6094]  jffs2_init_fs_context+0x4f/0xc0
[  112.026206][ T6094]  alloc_fs_context+0x65c/0x7e0
[  112.026225][ T6094]  do_new_mount+0x172/0xa10
[  112.026241][ T6094]  __se_sys_mount+0x313/0x410
[  112.026258][ T6094]  do_syscall_64+0xfa/0xfa0
[  112.026276][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.026291][ T6094] page last free pid 6003 tgid 6003 stack trace:
[  112.026301][ T6094]  __free_frozen_pages+0xfb6/0x1140
[  112.026318][ T6094]  __put_partials+0x149/0x170
[  112.026331][ T6094]  __slab_free+0x29e/0x370
[  112.026345][ T6094]  qlist_free_all+0x97/0x140
[  112.026362][ T6094]  kasan_quarantine_reduce+0x148/0x160
[  112.026379][ T6094]  __kasan_slab_alloc+0x22/0x80
[  112.026395][ T6094]  __kmalloc_noprof+0x1e1/0x7d0
[  112.026413][ T6094]  tomoyo_encode+0x28b/0x550
[  112.026430][ T6094]  tomoyo_path_perm+0x2b3/0x4b0
[  112.026443][ T6094]  tomoyo_path_symlink+0xa3/0xe0
[  112.026461][ T6094]  security_path_symlink+0x177/0x380
[  112.026481][ T6094]  do_symlinkat+0x107/0x3f0
[  112.026498][ T6094]  __x64_sys_symlink+0x7a/0x90
[  112.026516][ T6094]  do_syscall_64+0xfa/0xfa0
[  112.026535][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.026549][ T6094] 
[  112.026553][ T6094] Memory state around the buggy address:
[  112.026562][ T6094]  ffff888038db0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.026573][ T6094]  ffff888038db0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.026582][ T6094] >ffff888038db0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.026590][ T6094]                                   ^
[  112.026598][ T6094]  ffff888038db0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.026609][ T6094]  ffff888038db0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  112.026617][ T6094] ==================================================================
[  112.026633][ T6094] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  112.026646][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  112.026666][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  112.026675][ T6094] Call Trace:
[  112.026682][ T6094]  <TASK>
[  112.026690][ T6094]  dump_stack_lvl+0x99/0x250
[  112.026712][ T6094]  ? __asan_memcpy+0x40/0x70
[  112.026731][ T6094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.026753][ T6094]  ? __pfx__printk+0x10/0x10
[  112.026790][ T6094]  vpanic+0x237/0x6d0
[  112.026805][ T6094]  ? __pfx_vpanic+0x10/0x10
[  112.026824][ T6094]  panic+0xb9/0xc0
[  112.026839][ T6094]  ? __pfx_panic+0x10/0x10
[  112.026853][ T6094]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  112.026877][ T6094]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  112.026902][ T6094]  ? is_module_address+0x17/0xf0
[  112.026920][ T6094]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.026939][ T6094]  check_panic_on_warn+0x89/0xb0
[  112.026954][ T6094]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.026971][ T6094]  end_report+0x78/0x160
[  112.026992][ T6094]  kasan_report+0x129/0x150
[  112.027014][ T6094]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.027037][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.027054][ T6094]  __kasan_check_byte+0x2a/0x40
[  112.027085][ T6094]  lock_acquire+0x8d/0x360
[  112.027107][ T6094]  ? do_raw_spin_lock+0x121/0x290
[  112.027128][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.027196][ T6094]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  112.027216][ T6094]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  112.027240][ T6094]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  112.027264][ T6094]  jffs2_garbage_collect_pass+0xad/0x20e0
[  112.027282][ T6094]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  112.027310][ T6094]  ? rt_mutex_slowunlock+0x493/0x8a0
[  112.027331][ T6094]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  112.027350][ T6094]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  112.027372][ T6094]  ? rt_spin_unlock+0x161/0x200
[  112.027391][ T6094]  ? sigprocmask+0x15d/0x1a0
[  112.027413][ T6094]  jffs2_garbage_collect_thread+0x613/0x6b0
[  112.027439][ T6094]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  112.027461][ T6094]  ? __kthread_parkme+0x7b/0x200
[  112.027482][ T6094]  ? __kthread_parkme+0x1a1/0x200
[  112.027505][ T6094]  kthread+0x711/0x8a0
[  112.027528][ T6094]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  112.027548][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.027569][ T6094]  ? rt_spin_unlock+0x150/0x200
[  112.027589][ T6094]  ? rt_spin_unlock+0x161/0x200
[  112.027606][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.027629][ T6094]  ret_from_fork+0x4bc/0x870
[  112.027649][ T6094]  ? __pfx_ret_from_fork+0x10/0x10
[  112.027670][ T6094]  ? __switch_to_asm+0x39/0x70
[  112.027687][ T6094]  ? __switch_to_asm+0x33/0x70
[  112.027703][ T6094]  ? __pfx_kthread+0x10/0x10
[  112.027725][ T6094]  ret_from_fork_asm+0x1a/0x30
[  112.027749][ T6094]  </TASK>
[  112.028386][ T6094] Kernel Offset: disabled