Warning: Permanently added '10.128.0.232' (ED25519) to the list of known hosts.
2025/07/31 17:34:33 ignoring optional flag "sandboxArg"="0"
2025/07/31 17:34:33 ignoring optional flag "type"="gce"
2025/07/31 17:34:34 parsed 1 programs
2025/07/31 17:34:37 executed programs: 0
[ 126.228101][ T6034] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 126.359384][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 126.362718][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 126.367022][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 126.368328][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 126.369766][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 126.749637][ T6095] chnl_net:caif_netlink_parms(): no params data found
[ 127.134606][ T6095] bridge0: port 1(bridge_slave_0) entered blocking state
[ 127.134902][ T6095] bridge0: port 1(bridge_slave_0) entered disabled state
[ 127.135108][ T6095] bridge_slave_0: entered allmulticast mode
[ 127.137888][ T6095] bridge_slave_0: entered promiscuous mode
[ 127.143969][ T6095] bridge0: port 2(bridge_slave_1) entered blocking state
[ 127.144306][ T6095] bridge0: port 2(bridge_slave_1) entered disabled state
[ 127.144546][ T6095] bridge_slave_1: entered allmulticast mode
[ 127.147819][ T6095] bridge_slave_1: entered promiscuous mode
[ 127.356356][ T6095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 127.367806][ T6095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 127.575196][ T6095] team0: Port device team_slave_0 added
[ 127.581532][ T6095] team0: Port device team_slave_1 added
[ 127.904786][ T6095] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 127.904806][ T6095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 127.904832][ T6095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 127.907723][ T6095] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 127.907739][ T6095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 127.907766][ T6095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 128.157601][ T6095] hsr_slave_0: entered promiscuous mode
[ 128.158951][ T6095] hsr_slave_1: entered promiscuous mode
[ 128.410526][ T59] Bluetooth: hci0: command tx timeout
[ 130.493095][ T59] Bluetooth: hci0: command tx timeout
[ 130.857668][ T6095] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 130.885554][ T6095] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 130.925292][ T6095] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 130.969258][ T6095] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 131.168505][ T6095] 8021q: adding VLAN 0 to HW filter on device bond0
[ 131.202418][ T6095] 8021q: adding VLAN 0 to HW filter on device team0
[ 131.222640][ T161] bridge0: port 1(bridge_slave_0) entered blocking state
[ 131.223134][ T161] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 131.255168][ T67] bridge0: port 2(bridge_slave_1) entered blocking state
[ 131.259945][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 131.339093][ T6095] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 131.657811][ T6095] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 131.748704][ T6095] veth0_vlan: entered promiscuous mode
[ 131.764957][ T6095] veth1_vlan: entered promiscuous mode
[ 131.844794][ T6095] veth0_macvtap: entered promiscuous mode
[ 131.859399][ T6095] veth1_macvtap: entered promiscuous mode
[ 131.907290][ T6095] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 131.927450][ T6095] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 131.955398][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.958146][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.959063][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 131.959323][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 132.248371][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 132.248411][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 132.371096][ T161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 132.371120][ T161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/07/31 17:34:43 executed programs: 1
[ 132.496233][ T6255] jffs2: notice: (6255) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[ 132.570912][ T59] Bluetooth: hci0: command tx timeout
[ 132.591224][ T6256] ==================================================================
[ 132.591247][ T6256] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.591296][ T6256] Read of size 1 at addr ffff888021730128 by task jffs2_gcd_mtd0/6256
[ 132.591340][ T6256]
[ 132.591368][ T6256] CPU: 0 UID: 0 PID: 6256 Comm: jffs2_gcd_mtd0 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)}
[ 132.591398][ T6256] Tainted: [W]=WARN
[ 132.591406][ T6256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 132.591419][ T6256] Call Trace:
[ 132.591427][ T6256]
[ 132.591436][ T6256] dump_stack_lvl+0x189/0x250
[ 132.591466][ T6256] ? __virt_addr_valid+0x1c8/0x5c0
[ 132.591504][ T6256] ? rcu_is_watching+0x15/0xb0
[ 132.591535][ T6256] ? __pfx_dump_stack_lvl+0x10/0x10
[ 132.591563][ T6256] ? rcu_is_watching+0x15/0xb0
[ 132.591591][ T6256] ? lock_release+0x4b/0x3e0
[ 132.591614][ T6256] ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 132.591641][ T6256] ? __virt_addr_valid+0x1c8/0x5c0
[ 132.591668][ T6256] ? __virt_addr_valid+0x4a5/0x5c0
[ 132.591698][ T6256] print_report+0xca/0x240
[ 132.591722][ T6256] ? mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.591756][ T6256] kasan_report+0x118/0x150
[ 132.591784][ T6256] ? mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.591824][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.591857][ T6256] __kasan_check_byte+0x2a/0x40
[ 132.591884][ T6256] lock_acquire+0x8d/0x360
[ 132.591909][ T6256] ? do_raw_spin_lock+0x121/0x290
[ 132.591931][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.591963][ T6256] mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.591996][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.592029][ T6256] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 132.592057][ T6256] jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.592090][ T6256] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.592122][ T6256] ? rt_mutex_slowunlock+0x493/0x8a0
[ 132.592141][ T6256] ? reacquire_held_locks+0x127/0x1d0
[ 132.592170][ T6256] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[ 132.592204][ T6256] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 132.592226][ T6256] ? rt_spin_unlock+0x65/0x80
[ 132.592248][ T6256] ? sigprocmask+0x15d/0x1a0
[ 132.592274][ T6256] jffs2_garbage_collect_thread+0x618/0x6c0
[ 132.592317][ T6256] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 132.592354][ T6256] ? __kthread_parkme+0x7b/0x200
[ 132.592379][ T6256] ? __kthread_parkme+0x1a1/0x200
[ 132.592406][ T6256] kthread+0x70e/0x8a0
[ 132.592436][ T6256] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 132.592480][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.592511][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.592540][ T6256] ret_from_fork+0x3f9/0x770
[ 132.592565][ T6256] ? __pfx_ret_from_fork+0x10/0x10
[ 132.592590][ T6256] ? __switch_to_asm+0x39/0x70
[ 132.592623][ T6256] ? __switch_to_asm+0x33/0x70
[ 132.592654][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.592685][ T6256] ret_from_fork_asm+0x1a/0x30
[ 132.592725][ T6256]
[ 132.592733][ T6256]
[ 132.592738][ T6256] Allocated by task 6255:
[ 132.592749][ T6256] kasan_save_track+0x3e/0x80
[ 132.592770][ T6256] __kasan_kmalloc+0x93/0xb0
[ 132.592791][ T6256] __kmalloc_cache_noprof+0x1a8/0x320
[ 132.592820][ T6256] jffs2_init_fs_context+0x4f/0xc0
[ 132.592838][ T6256] alloc_fs_context+0x659/0x7e0
[ 132.592862][ T6256] do_new_mount+0x16f/0x9e0
[ 132.592886][ T6256] __se_sys_mount+0x317/0x410
[ 132.592910][ T6256] do_syscall_64+0xfa/0x3b0
[ 132.592935][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.592954][ T6256]
[ 132.592959][ T6256] Freed by task 6095:
[ 132.592969][ T6256] kasan_save_track+0x3e/0x80
[ 132.592989][ T6256] kasan_save_free_info+0x46/0x50
[ 132.593019][ T6256] __kasan_slab_free+0x62/0x70
[ 132.593041][ T6256] kfree+0x195/0x550
[ 132.593065][ T6256] deactivate_locked_super+0xbc/0x130
[ 132.593097][ T6256] cleanup_mnt+0x425/0x4c0
[ 132.593126][ T6256] task_work_run+0x1d4/0x260
[ 132.593155][ T6256] exit_to_user_mode_loop+0xec/0x110
[ 132.593179][ T6256] do_syscall_64+0x2bd/0x3b0
[ 132.593204][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.593223][ T6256]
[ 132.593229][ T6256] The buggy address belongs to the object at ffff888021730000
[ 132.593229][ T6256] which belongs to the cache kmalloc-4k of size 4096
[ 132.593247][ T6256] The buggy address is located 296 bytes inside of
[ 132.593247][ T6256] freed 4096-byte region [ffff888021730000, ffff888021731000)
[ 132.593266][ T6256]
[ 132.593271][ T6256] The buggy address belongs to the physical page:
[ 132.593289][ T6256] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21730
[ 132.593315][ T6256] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 132.593331][ T6256] flags: 0x80000000000040(head|node=0|zone=1)
[ 132.593351][ T6256] page_type: f5(slab)
[ 132.593370][ T6256] raw: 0080000000000040 ffff888019842140 dead000000000122 0000000000000000
[ 132.593388][ T6256] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 132.593407][ T6256] head: 0080000000000040 ffff888019842140 dead000000000122 0000000000000000
[ 132.593425][ T6256] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 132.593444][ T6256] head: 0080000000000003 ffffea000085cc01 00000000ffffffff 00000000ffffffff
[ 132.593461][ T6256] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 132.593481][ T6256] page dumped because: kasan: bad access detected
[ 132.593499][ T6256] page_owner tracks the page as allocated
[ 132.593507][ T6256] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6255, tgid 6254 (syz-executor.0), ts 132473468326, free_ts 132452975585
[ 132.593544][ T6256] post_alloc_hook+0x240/0x2a0
[ 132.593573][ T6256] get_page_from_freelist+0x2119/0x21b0
[ 132.593591][ T6256] __alloc_frozen_pages_noprof+0x181/0x370
[ 132.593608][ T6256] alloc_pages_mpol+0xd1/0x380
[ 132.593632][ T6256] allocate_slab+0x8a/0x370
[ 132.593648][ T6256] ___slab_alloc+0x8d1/0xdd0
[ 132.593674][ T6256] __kmalloc_cache_noprof+0xe6/0x320
[ 132.593698][ T6256] jffs2_init_fs_context+0x4f/0xc0
[ 132.593715][ T6256] alloc_fs_context+0x659/0x7e0
[ 132.593738][ T6256] do_new_mount+0x16f/0x9e0
[ 132.593760][ T6256] __se_sys_mount+0x317/0x410
[ 132.593783][ T6256] do_syscall_64+0xfa/0x3b0
[ 132.593805][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.593823][ T6256] page last free pid 5180 tgid 5180 stack trace:
[ 132.593836][ T6256] __free_frozen_pages+0xbe5/0xdf0
[ 132.593862][ T6256] __put_partials+0x159/0x1a0
[ 132.593890][ T6256] __slab_free+0x2b3/0x390
[ 132.593907][ T6256] qlist_free_all+0x97/0x140
[ 132.593926][ T6256] kasan_quarantine_reduce+0x148/0x160
[ 132.593945][ T6256] __kasan_slab_alloc+0x22/0x80
[ 132.593966][ T6256] kmem_cache_alloc_noprof+0x143/0x310
[ 132.593990][ T6256] getname_flags+0xb8/0x540
[ 132.594016][ T6256] do_readlinkat+0xbc/0x500
[ 132.594031][ T6256] __x64_sys_readlink+0x7f/0x90
[ 132.594058][ T6256] do_syscall_64+0xfa/0x3b0
[ 132.594081][ T6256] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 132.594100][ T6256]
[ 132.594105][ T6256] Memory state around the buggy address:
[ 132.594116][ T6256] ffff888021730000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 132.594130][ T6256] ffff888021730080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 132.594145][ T6256] >ffff888021730100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 132.594156][ T6256] ^
[ 132.594166][ T6256] ffff888021730180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 132.594181][ T6256] ffff888021730200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 132.594191][ T6256] ==================================================================
[ 132.594204][ T6256] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 132.594231][ T6256] CPU: 0 UID: 0 PID: 6256 Comm: jffs2_gcd_mtd0 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)}
[ 132.594263][ T6256] Tainted: [W]=WARN
[ 132.594271][ T6256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 132.594284][ T6256] Call Trace:
[ 132.594292][ T6256]
[ 132.594301][ T6256] dump_stack_lvl+0x99/0x250
[ 132.594330][ T6256] ? __asan_memcpy+0x40/0x70
[ 132.594351][ T6256] ? __pfx_dump_stack_lvl+0x10/0x10
[ 132.594379][ T6256] ? __pfx__printk+0x10/0x10
[ 132.594405][ T6256] vpanic+0x27a/0x730
[ 132.594436][ T6256] ? __pfx_vpanic+0x10/0x10
[ 132.594486][ T6256] panic+0xb9/0xc0
[ 132.594514][ T6256] ? __pfx_panic+0x10/0x10
[ 132.594540][ T6256] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 132.594568][ T6256] ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 132.594596][ T6256] ? is_module_address+0x17/0xf0
[ 132.594618][ T6256] ? mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.594652][ T6256] check_panic_on_warn+0x89/0xb0
[ 132.594686][ T6256] ? mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.594721][ T6256] end_report+0x78/0x160
[ 132.594748][ T6256] kasan_report+0x129/0x150
[ 132.594776][ T6256] ? mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.594819][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.594849][ T6256] __kasan_check_byte+0x2a/0x40
[ 132.594873][ T6256] lock_acquire+0x8d/0x360
[ 132.594895][ T6256] ? do_raw_spin_lock+0x121/0x290
[ 132.594914][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.594940][ T6256] mutex_lock_interruptible_nested+0x5a/0x1d0
[ 132.594967][ T6256] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.594993][ T6256] ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 132.595016][ T6256] jffs2_garbage_collect_pass+0xad/0x20e0
[ 132.595043][ T6256] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 132.595068][ T6256] ? rt_mutex_slowunlock+0x493/0x8a0
[ 132.595084][ T6256] ? reacquire_held_locks+0x127/0x1d0
[ 132.595108][ T6256] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[ 132.595135][ T6256] ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 132.595152][ T6256] ? rt_spin_unlock+0x65/0x80
[ 132.595169][ T6256] ? sigprocmask+0x15d/0x1a0
[ 132.595190][ T6256] jffs2_garbage_collect_thread+0x618/0x6c0
[ 132.595225][ T6256] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 132.595256][ T6256] ? __kthread_parkme+0x7b/0x200
[ 132.595276][ T6256] ? __kthread_parkme+0x1a1/0x200
[ 132.595299][ T6256] kthread+0x70e/0x8a0
[ 132.595323][ T6256] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 132.595351][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.595376][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.595399][ T6256] ret_from_fork+0x3f9/0x770
[ 132.595426][ T6256] ? __pfx_ret_from_fork+0x10/0x10
[ 132.595448][ T6256] ? __switch_to_asm+0x39/0x70
[ 132.595478][ T6256] ? __switch_to_asm+0x33/0x70
[ 132.595502][ T6256] ? __pfx_kthread+0x10/0x10
[ 132.595525][ T6256] ret_from_fork_asm+0x1a/0x30
[ 132.595558][ T6256]
[ 132.595883][ T6256] Kernel Offset: disabled