Warning: Permanently added '10.128.1.136' (ED25519) to the list of known hosts. 1970/01/01 00:01:02 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:03 parsed 1 programs 1970/01/01 00:01:03 executed programs: 0 [ 63.129243][ T6585] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 63.164838][ T5942] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.170789][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.173661][ T5942] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.176312][ T5942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.179151][ T5942] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.181244][ T5942] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.240420][ T6590] chnl_net:caif_netlink_parms(): no params data found [ 63.265843][ T6590] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.267846][ T6590] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.270370][ T6590] bridge_slave_0: entered allmulticast mode [ 63.272461][ T6590] bridge_slave_0: entered promiscuous mode [ 63.275387][ T6590] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.277460][ T6590] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.279688][ T6590] bridge_slave_1: entered allmulticast mode [ 63.281783][ T6590] bridge_slave_1: entered promiscuous mode [ 63.293276][ T6590] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.298498][ T6590] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.310857][ T6590] team0: Port device team_slave_0 added [ 63.313858][ T6590] team0: Port device team_slave_1 added [ 63.324531][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.326514][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.333666][ T6590] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.337715][ T6590] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.339830][ T6590] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.346682][ T6590] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.419515][ T6590] hsr_slave_0: entered promiscuous mode [ 63.468340][ T6590] hsr_slave_1: entered promiscuous mode [ 64.381969][ T6590] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.385997][ T6590] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.394768][ T6590] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.401534][ T6590] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.438439][ T6590] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.446867][ T6590] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.453063][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.455345][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.469315][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.471285][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.480505][ T2322] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.482425][ T2322] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.487715][ T6590] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.551134][ T6590] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.570834][ T6590] veth0_vlan: entered promiscuous mode [ 64.576777][ T6590] veth1_vlan: entered promiscuous mode [ 64.591253][ T6590] veth0_macvtap: entered promiscuous mode [ 64.595041][ T6590] veth1_macvtap: entered promiscuous mode [ 64.604842][ T6590] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.610701][ T6590] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.615018][ T6590] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.617339][ T6590] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.621551][ T6590] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.623985][ T6590] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.664322][ T295] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.666504][ T295] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.679917][ T295] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.682146][ T295] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.763369][ T6705] loop0: detected capacity change from 0 to 2048 [ 64.779212][ T6705] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 64.797407][ T6705] jffs2: notice: (6705) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 64.858468][ T6710] ================================================================== [ 64.860634][ T6710] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x100/0x21a0 [ 64.862834][ T6710] Read of size 8 at addr ffff0000d8da6130 by task jffs2_gcd_mtd0/6710 [ 64.864950][ T6710] [ 64.865550][ T6710] CPU: 0 PID: 6710 Comm: jffs2_gcd_mtd0 Not tainted 6.10.0-rc7-syzkaller-00109-gc912bf709078 #0 [ 64.868352][ T6710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 64.871179][ T6710] Call trace: [ 64.872106][ T6710] dump_backtrace+0x1b8/0x1e4 [ 64.873437][ T6710] show_stack+0x2c/0x3c [ 64.874598][ T6710] dump_stack_lvl+0xe4/0x150 [ 64.875866][ T6710] print_report+0x198/0x538 [ 64.877107][ T6710] kasan_report+0xd8/0x138 [ 64.878339][ T6710] __asan_report_load8_noabort+0x20/0x2c [ 64.879887][ T6710] __mutex_lock_common+0x100/0x21a0 [ 64.881252][ T6710] mutex_lock_interruptible_nested+0x2c/0x38 [ 64.883009][ T6710] jffs2_garbage_collect_pass+0xa4/0x1a50 [ 64.884530][ T6710] jffs2_garbage_collect_thread+0x414/0x48c [ 64.886190][ T6710] kthread+0x288/0x310 [ 64.887374][ T6710] ret_from_fork+0x10/0x20 [ 64.888600][ T6710] [ 64.889261][ T6710] Allocated by task 6705: [ 64.890469][ T6710] kasan_save_track+0x40/0x78 [ 64.891773][ T6710] kasan_save_alloc_info+0x40/0x50 [ 64.893220][ T6710] __kasan_kmalloc+0xac/0xc4 [ 64.894460][ T6710] kmalloc_trace_noprof+0x244/0x374 [ 64.895884][ T6710] jffs2_init_fs_context+0x58/0xc8 [ 64.897275][ T6710] alloc_fs_context+0x514/0x7a4 [ 64.898579][ T6710] fs_context_for_mount+0x34/0x44 [ 64.900005][ T6710] do_new_mount+0x14c/0x900 [ 64.901275][ T6710] path_mount+0x590/0xe04 [ 64.902480][ T6710] __arm64_sys_mount+0x3c4/0x488 [ 64.903869][ T6710] invoke_syscall+0x98/0x2b8 [ 64.905136][ T6710] el0_svc_common+0x130/0x23c [ 64.906405][ T6710] do_el0_svc+0x48/0x58 [ 64.907553][ T6710] el0_svc+0x54/0x168 [ 64.908666][ T6710] el0t_64_sync_handler+0x84/0xfc [ 64.910059][ T6710] el0t_64_sync+0x190/0x194 [ 64.911293][ T6710] [ 64.911918][ T6710] Freed by task 6590: [ 64.913008][ T6710] kasan_save_track+0x40/0x78 [ 64.914289][ T6710] kasan_save_free_info+0x54/0x6c [ 64.915655][ T6710] poison_slab_object+0x128/0x180 [ 64.917108][ T6710] __kasan_slab_free+0x3c/0x70 [ 64.918418][ T6710] kfree+0x154/0x3e0 [ 64.919495][ T6710] jffs2_kill_sb+0x9c/0xb0 [ 64.920700][ T6710] deactivate_locked_super+0xc4/0x12c [ 64.922201][ T6710] deactivate_super+0xe0/0x100 [ 64.923489][ T6710] cleanup_mnt+0x34c/0x3dc [ 64.924763][ T6710] __cleanup_mnt+0x20/0x30 [ 64.925999][ T6710] task_work_run+0x230/0x2e0 [ 64.927318][ T6710] do_notify_resume+0x178/0x1f4 [ 64.928655][ T6710] el0_svc+0xac/0x168 [ 64.929724][ T6710] el0t_64_sync_handler+0x84/0xfc [ 64.931143][ T6710] el0t_64_sync+0x190/0x194 [ 64.932448][ T6710] [ 64.933101][ T6710] The buggy address belongs to the object at ffff0000d8da6000 [ 64.933101][ T6710] which belongs to the cache kmalloc-4k of size 4096 [ 64.937014][ T6710] The buggy address is located 304 bytes inside of [ 64.937014][ T6710] freed 4096-byte region [ffff0000d8da6000, ffff0000d8da7000) [ 64.940911][ T6710] [ 64.941565][ T6710] The buggy address belongs to the physical page: [ 64.943378][ T6710] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118da0 [ 64.945785][ T6710] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.948036][ T6710] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 64.950181][ T6710] page_type: 0xffffefff(slab) [ 64.951437][ T6710] raw: 05ffc00000000040 ffff0000c0002140 dead000000000100 dead000000000122 [ 64.953849][ T6710] raw: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 64.956257][ T6710] head: 05ffc00000000040 ffff0000c0002140 dead000000000100 dead000000000122 [ 64.958728][ T6710] head: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 64.961114][ T6710] head: 05ffc00000000003 fffffdffc3636801 ffffffffffffffff 0000000000000000 [ 64.963664][ T6710] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 64.966199][ T6710] page dumped because: kasan: bad access detected [ 64.967910][ T6710] [ 64.968530][ T6710] Memory state around the buggy address: [ 64.970107][ T6710] ffff0000d8da6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.972307][ T6710] ffff0000d8da6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.974574][ T6710] >ffff0000d8da6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.976785][ T6710] ^ [ 64.978301][ T6710] ffff0000d8da6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.980697][ T6710] ffff0000d8da6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.983053][ T6710] ================================================================== [ 64.997299][ T6716] loop0: detected capacity change from 0 to 2048 [ 65.004086][ T6716] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 65.013322][ T6710] Disabling lock debugging due to kernel taint [ 65.014961][ T6710] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 65.016874][ T6710] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 65.019936][ T6710] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 65.022495][ T6710] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 65.024948][ T6716] jffs2: notice: (6716) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 65.030099][ T6710] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 65.032760][ T6710] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 65.034846][ T6710] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 65.036831][ T6710] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 65.039327][ T6710] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 65.042199][ T6710] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 65.044358][ T6710] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 65.046417][ T6710] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 65.048573][ T6710] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 65.050570][ T6710] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 65.052501][ T6710] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 65.054482][ T6710] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 65.056484][ T6710] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 65.058753][ T6710] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 65.060771][ T6710] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 65.062669][ T6710] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 65.064535][ T6710] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 65.066534][ T6710] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 65.068786][ T6710] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 65.070806][ T6710] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 65.072781][ T6710] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 65.074750][ T6710] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 65.076733][ T6710] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 65.095268][ T6710] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 65.097308][ T6710] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 65.099373][ T6730] Unable to handle kernel paging request at virtual address dfff800000000fde [ 65.102549][ T6740] loop0: detected capacity change from 0 to 2048 [ 65.106510][ T6740] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 65.111452][ T6730] KASAN: probably user-memory-access in range [0x0000000000007ef0-0x0000000000007ef7] [ 65.114056][ T6730] Mem abort info: [ 65.115006][ T6730] ESR = 0x0000000096000005 [ 65.116260][ T6730] EC = 0x25: DABT (current EL), IL = 32 bits [ 65.117913][ T6730] SET = 0, FnV = 0 [ 65.120117][ T6710] list_del corruption. next->prev should be ffff0000d8da2048, but was 013c03c2000019be. (next=ffff0000d8da2000) [ 65.123826][ T6710] ------------[ cut here ]------------ [ 65.125347][ T6710] kernel BUG at lib/list_debug.c:67! [ 65.126397][ T6730] EA = 0, S1PTW = 0 [ 65.126802][ T6710] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 65.127940][ T6730] FSC = 0x05: level 1 translation fault [ 65.129921][ T6710] Modules linked in: [ 65.129937][ T6710] CPU: 1 PID: 6710 Comm: jffs2_gcd_mtd0 Tainted: G B 6.10.0-rc7-syzkaller-00109-gc912bf709078 #0 [ 65.131469][ T6730] Data abort info: [ 65.132467][ T6710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 65.136066][ T6730] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 65.136797][ T6710] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 65.139697][ T6730] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 65.141298][ T6710] pc : __list_del_entry_valid_or_report+0x154/0x158 [ 65.143412][ T6730] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 65.145009][ T6710] lr : __list_del_entry_valid_or_report+0x154/0x158 [ 65.146791][ T6730] [dfff800000000fde] address between user and kernel address ranges [ 65.148404][ T6710] sp : ffff8000a0e37870 [ 65.148416][ T6710] x29: ffff8000a0e37870 x28: ffff0000d8da6000 x27: ffff0000d8da63a8 [ 65.155804][ T6710] x26: ffff0000d8da2048 x25: dfff800000000000 x24: ffff0000d8da6170 [ 65.158059][ T6710] x23: ffff0000d8da6278 x22: dfff800000000000 x21: ffff0000d8da2008 [ 65.160330][ T6710] x20: ffff0000d8da2000 x19: ffff0000d8da2048 x18: 0000000000000008 [ 65.162534][ T6710] x17: 20747562202c3834 x16: ffff80008b07c030 x15: ffff700011e6a694 [ 65.164823][ T6710] x14: 1ffff00011e6a694 x13: 0000000000000004 x12: ffffffffffffffff [ 65.167154][ T6710] x11: 0000000000000002 x10: 0000000000ff0100 x9 : 654b242b8a963a00 [ 65.169354][ T6710] x8 : 654b242b8a963a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 65.171551][ T6710] x5 : ffff8000a0e36fd8 x4 : ffff80008f3c53a0 x3 : ffff800080369018 [ 65.173732][ T6710] x2 : 0000000000000000 x1 : 0000000000000001 x0 : 000000000000006d [ 65.176003][ T6710] Call trace: [ 65.176931][ T6710] __list_del_entry_valid_or_report+0x154/0x158 [ 65.178703][ T6710] jffs2_erase_pending_blocks+0x33c/0x1fcc [ 65.180384][ T6710] jffs2_garbage_collect_pass+0x554/0x1a50 [ 65.181967][ T6710] jffs2_garbage_collect_thread+0x414/0x48c [ 65.183558][ T6710] kthread+0x288/0x310 [ 65.184753][ T6710] ret_from_fork+0x10/0x20 [ 65.186034][ T6710] Code: 91238000 aa1303e1 aa1403e3 953e67b5 (d4210000) [ 65.188061][ T6710] ---[ end trace 0000000000000000 ]--- [ 65.539812][ T6710] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 65.541856][ T6710] SMP: stopping secondary CPUs [ 66.624122][ T6710] SMP: failed to stop secondary CPUs 0-1 [ 66.625676][ T6710] Kernel Offset: disabled [ 66.626812][ T6710] CPU features: 0x00,00000103,80100128,42017203 [ 66.628378][ T6710] Memory Limit: none [ 66.958509][ T6710] Rebooting in 86400 seconds..