Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts.
1970/01/01 00:00:57 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:57 ignoring optional flag "type"="gce"
1970/01/01 00:00:57 parsed 1 programs
[   58.028792][ T6642] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SS
1970/01/01 00:00:58 executed programs: 0
[   58.066280][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   58.069562][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   58.072349][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   58.076421][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   58.078868][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   58.081101][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   58.158601][ T6648] chnl_net:caif_netlink_parms(): no params data found
[   58.185199][ T6648] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.187314][ T6648] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.189322][ T6648] bridge_slave_0: entered allmulticast mode
[   58.191422][ T6648] bridge_slave_0: entered promiscuous mode
[   58.194295][ T6648] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.196524][ T6648] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.198458][ T6648] bridge_slave_1: entered allmulticast mode
[   58.200550][ T6648] bridge_slave_1: entered promiscuous mode
[   58.212606][ T6648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.216726][ T6648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.229859][ T6648] team0: Port device team_slave_0 added
[   58.232799][ T6648] team0: Port device team_slave_1 added
[   58.242707][ T6648] batman_adv: batadv0: Adding interface: batadv_slave_0
[   58.244680][ T6648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.252202][ T6648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   58.257454][ T6648] batman_adv: batadv0: Adding interface: batadv_slave_1
[   58.259300][ T6648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   58.266614][ T6648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   58.283804][ T6648] hsr_slave_0: entered promiscuous mode
[   58.286418][ T6648] hsr_slave_1: entered promiscuous mode
[   59.118930][ T6648] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   59.122422][ T6648] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   59.129073][ T6648] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   59.132572][ T6648] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   59.153762][ T6648] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.155783][ T6648] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.157917][ T6648] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.159807][ T6648] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.189801][ T6648] 8021q: adding VLAN 0 to HW filter on device bond0
[   59.198522][   T41] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.201433][   T41] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.212676][ T6648] 8021q: adding VLAN 0 to HW filter on device team0
[   59.222861][  T119] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.224731][  T119] bridge0: port 1(bridge_slave_0) entered forwarding state
[   59.228975][  T119] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.230976][  T119] bridge0: port 2(bridge_slave_1) entered forwarding state
[   59.322204][ T6648] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.343799][ T6648] veth0_vlan: entered promiscuous mode
[   59.352304][ T6648] veth1_vlan: entered promiscuous mode
[   59.370007][ T6648] veth0_macvtap: entered promiscuous mode
[   59.373561][ T6648] veth1_macvtap: entered promiscuous mode
[   59.383143][ T6648] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.389706][ T6648] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.394250][ T6648] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.398131][ T6648] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.400551][ T6648] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.402818][ T6648] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.447014][   T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.449205][   T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.465100][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.468460][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.559300][ T6758] loop0: detected capacity change from 0 to 2048
[   59.572381][ T6758] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   59.600131][ T6758] jffs2: notice: (6758) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   59.664536][ T6771] loop0: detected capacity change from 0 to 2048
[   59.668136][ T6766] ==================================================================
[   59.670364][ T6766] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x160/0x24b8
[   59.672589][ T6766] Read of size 8 at addr ffff0000d7d30130 by task jffs2_gcd_mtd0/6766
[   59.674780][ T6766] 
[   59.675349][ T6766] CPU: 1 UID: 0 PID: 6766 Comm: jffs2_gcd_mtd0 Not tainted 6.14.0-rc3-syzkaller-ge6747d19291c #0
[   59.675364][ T6766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   59.675371][ T6766] Call trace:
[   59.675375][ T6766]  show_stack+0x2c/0x3c (C)
[   59.675393][ T6766]  dump_stack_lvl+0xe4/0x150
[   59.675407][ T6766]  print_report+0x198/0x538
[   59.675420][ T6766]  kasan_report+0xd8/0x138
[   59.675431][ T6766]  __asan_report_load8_noabort+0x20/0x2c
[   59.675445][ T6766]  __mutex_lock_common+0x160/0x24b8
[   59.675458][ T6766]  mutex_lock_interruptible_nested+0x2c/0x38
[   59.675472][ T6766]  jffs2_garbage_collect_pass+0xa4/0x1a50
[   59.675485][ T6766]  jffs2_garbage_collect_thread+0x410/0x488
[   59.675498][ T6766]  kthread+0x65c/0x7b0
[   59.675509][ T6766]  ret_from_fork+0x10/0x20
[   59.675520][ T6766] 
[   59.676316][ T6771] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   59.678409][ T6766] Allocated by task 6758:
[   59.692036][ T6771] jffs2: notice: (6771) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   59.692570][ T6766]  kasan_save_track+0x40/0x78
[   59.706168][ T6766]  kasan_save_alloc_info+0x40/0x50
[   59.707450][ T6766]  __kasan_kmalloc+0xac/0xc4
[   59.708627][ T6766]  __kmalloc_cache_noprof+0x2cc/0x428
[   59.710040][ T6766]  jffs2_init_fs_context+0x58/0xc8
[   59.711436][ T6766]  alloc_fs_context+0x514/0x7a4
[   59.712659][ T6766]  fs_context_for_mount+0x34/0x44
[   59.713991][ T6766]  do_new_mount+0x14c/0x900
[   59.715172][ T6766]  path_mount+0x590/0xe04
[   59.716397][ T6766]  __arm64_sys_mount+0x4f4/0x5d0
[   59.717711][ T6766]  invoke_syscall+0x98/0x2b8
[   59.718962][ T6766]  el0_svc_common+0x130/0x23c
[   59.720214][ T6766]  do_el0_svc+0x48/0x58
[   59.721285][ T6766]  el0_svc+0x54/0x168
[   59.722302][ T6766]  el0t_64_sync_handler+0x84/0x108
[   59.723665][ T6766]  el0t_64_sync+0x198/0x19c
[   59.724857][ T6766] 
[   59.725511][ T6766] Freed by task 6648:
[   59.726629][ T6766]  kasan_save_track+0x40/0x78
[   59.727899][ T6766]  kasan_save_free_info+0x54/0x6c
[   59.729366][ T6766]  __kasan_slab_free+0x64/0x8c
[   59.730638][ T6766]  kfree+0x180/0x478
[   59.731743][ T6766]  jffs2_kill_sb+0x9c/0xb0
[   59.732954][ T6766]  deactivate_locked_super+0xc4/0x12c
[   59.734406][ T6766]  deactivate_super+0xe0/0x100
[   59.735803][ T6766]  cleanup_mnt+0x34c/0x3dc
[   59.737090][ T6766]  __cleanup_mnt+0x20/0x30
[   59.738301][ T6766]  task_work_run+0x230/0x2e0
[   59.739609][ T6766]  do_notify_resume+0x178/0x1f4
[   59.740960][ T6766]  el0_svc+0xac/0x168
[   59.742074][ T6766]  el0t_64_sync_handler+0x84/0x108
[   59.743524][ T6766]  el0t_64_sync+0x198/0x19c
[   59.744727][ T6766] 
[   59.745393][ T6766] The buggy address belongs to the object at ffff0000d7d30000
[   59.745393][ T6766]  which belongs to the cache kmalloc-4k of size 4096
[   59.749064][ T6766] The buggy address is located 304 bytes inside of
[   59.749064][ T6766]  freed 4096-byte region [ffff0000d7d30000, ffff0000d7d31000)
[   59.752666][ T6766] 
[   59.753309][ T6766] The buggy address belongs to the physical page:
[   59.754999][ T6766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x117d30
[   59.757320][ T6766] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   59.759517][ T6766] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff)
[   59.761546][ T6766] page_type: f5(slab)
[   59.762603][ T6766] raw: 05ffc00000000040 ffff0000c0002140 fffffdffc36d8400 dead000000000002
[   59.765048][ T6766] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   59.767402][ T6766] head: 05ffc00000000040 ffff0000c0002140 fffffdffc36d8400 dead000000000002
[   59.769706][ T6766] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   59.772139][ T6766] head: 05ffc00000000003 fffffdffc35f4c01 ffffffffffffffff 0000000000000000
[   59.774442][ T6766] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   59.776586][ T6766] page dumped because: kasan: bad access detected
[   59.778547][ T6766] 
[   59.779187][ T6766] Memory state around the buggy address:
[   59.780791][ T6766]  ffff0000d7d30000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.783206][ T6766]  ffff0000d7d30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.785532][ T6766] >ffff0000d7d30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.787838][ T6766]                                      ^
[   59.789508][ T6766]  ffff0000d7d30180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.791758][ T6766]  ffff0000d7d30200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   59.794145][ T6766] ==================================================================
[   59.801620][ T6766] Disabling lock debugging due to kernel taint
[   59.803736][ T6766] jffs2: Erase at 0x0001e000 failed immediately: errno -524
[   59.808331][ T6766] jffs2: Erase at 0x0001d000 failed immediately: errno -524
[   59.810415][ T6766] jffs2: Erase at 0x0001c000 failed immediately: errno -524
[   59.812447][ T6766] jffs2: Erase at 0x0001b000 failed immediately: errno -524
[   59.814237][ T6766] jffs2: Erase at 0x0001a000 failed immediately: errno -524
[   59.834587][ T6778] loop0: detected capacity change from 0 to 2048
[   59.848275][ T6766] jffs2: Erase at 0x00019000 failed immediately: errno -524
[   59.850297][ T6766] jffs2: Erase at 0x00018000 failed immediately: errno -524
[   59.852291][ T6766] jffs2: Erase at 0x00017000 failed immediately: errno -524
[   59.854443][ T6766] jffs2: Erase at 0x00016000 failed immediately: errno -524
[   59.854465][ T6778] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   59.859045][ T6773] Unable to handle kernel paging request at virtual address dfff8001ffff7a90
[   59.861281][ T6773] KASAN: probably user-memory-access in range [0x0000000ffffbd480-0x0000000ffffbd487]
[   59.863776][ T6773] Mem abort info:
[   59.864702][ T6773]   ESR = 0x0000000096000005
[   59.867444][ T6773]   EC = 0x25: DABT (current EL), IL = 32 bits
[   59.869349][ T6773]   SET = 0, FnV = 0
[   59.870501][ T6773]   EA = 0, S1PTW = 0
[   59.872046][ T6773]   FSC = 0x05: level 1 translation fault
[   59.873987][ T6773] Data abort info:
[   59.877040][ T6778] jffs2: notice: (6778) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   59.883346][ T6773]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[   59.886497][ T6773]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[   59.908547][ T6789] loop0: detected capacity change from 0 to 2048
[   59.912723][ T6773]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[   59.914508][ T6773] [dfff8001ffff7a90] address between user and kernel address ranges
[   59.919181][ T6789] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   59.925173][ T6789] jffs2: notice: (6789) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   59.932569][ T6766] jffs2: Erase at 0x00015000 failed immediately: errno -524
[   59.932743][ T6773] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
[   59.936553][ T6773] Modules linked in:
[   59.937712][ T6773] CPU: 1 UID: 0 PID: 6773 Comm: jffs2_gcd_mtd0 Tainted: G    B              6.14.0-rc3-syzkaller-ge6747d19291c #0
[   59.940893][ T6773] Tainted: [B]=BAD_PAGE
[   59.942119][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   59.944845][ T6773] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   59.947080][ T6773] pc : mtd_erase+0x98/0x5cc
[   59.948345][ T6773] lr : mtd_erase+0xb4/0x5cc
[   59.949649][ T6773] sp : ffff8000a37d76c0
[   59.950975][ T6773] x29: ffff8000a37d77c0 x28: dfff800000000000 x27: ffff7000146faee8
[   59.953237][ T6773] x26: ffff8000a37d7760 x25: dfff800000000000 x24: ffff0000d1124c80
[   59.955422][ T6773] x23: ffff0000d863da00 x22: 1fffe00018e62110 x21: 0000000ffffbd485
[   59.957515][ T6773] x20: 0000000ffffbce45 x19: 0000000ffffbce45 x18: 0000000000000008
[   59.959717][ T6773] x17: 6b636f6c62726570 x16: ffff80008b7c5854 x15: 0000000000000001
[   59.961986][ T6773] x14: 00000000ffff8000 x13: 00000000985dff38 x12: ffff800085493d6c
[   59.964148][ T6773] x11: ffff80008f30f6dc x10: 0000000000ff0100 x9 : 0000000000000000
[   59.966321][ T6773] x8 : 00000001ffff7a90 x7 : 0000000000000000 x6 : 000000000000003f
[   59.968616][ T6773] x5 : 0000000000000040 x4 : 0000000000000001 x3 : ffff800085493e14
[   59.970825][ T6773] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[   59.973023][ T6773] Call trace:
[   59.973874][ T6773]  mtd_erase+0x98/0x5cc (P)
[   59.975164][ T6773]  jffs2_erase_pending_blocks+0xa94/0x1fd4
[   59.976786][ T6773]  jffs2_garbage_collect_pass+0x554/0x1a50
[   59.978376][ T6773]  jffs2_garbage_collect_thread+0x410/0x488
[   59.980098][ T6773]  kthread+0x65c/0x7b0
[   59.981277][ T6773]  ret_from_fork+0x10/0x20
[   59.982543][ T6773] Code: 96c831c8 aa1703f3 91190275 d343fea8 (387c6908) 
[   59.984441][ T6773] ---[ end trace 0000000000000000 ]---
[   60.326651][ T6773] Kernel panic - not syncing: Oops: Fatal exception
[   60.328548][ T6773] SMP: stopping secondary CPUs
[   60.329978][ T6773] Kernel Offset: disabled
[   60.331213][ T6773] CPU features: 0x200,00002070,00800250,82017203
[   60.332895][ T6773] Memory Limit: none
[   60.631601][ T6773] Rebooting in 86400 seconds..