Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:58 ignoring optional flag "type"="gce" 1970/01/01 00:00:58 parsed 1 programs [ 58.703879][ T6703] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:58 executed programs: 0 [ 58.736734][ T6057] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.737456][ T6057] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.737807][ T6057] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.738514][ T6057] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.738954][ T6057] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.832729][ T6708] chnl_net:caif_netlink_parms(): no params data found [ 58.872577][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.872682][ T6708] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.872784][ T6708] bridge_slave_0: entered allmulticast mode [ 58.873621][ T6708] bridge_slave_0: entered promiscuous mode [ 58.875487][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.875577][ T6708] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.875676][ T6708] bridge_slave_1: entered allmulticast mode [ 58.876940][ T6708] bridge_slave_1: entered promiscuous mode [ 58.895004][ T6708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.896712][ T6708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.910785][ T6708] team0: Port device team_slave_0 added [ 58.912625][ T6708] team0: Port device team_slave_1 added [ 58.925683][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.925730][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.925768][ T6708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.927223][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.927249][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.927276][ T6708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.953428][ T6708] hsr_slave_0: entered promiscuous mode [ 58.953926][ T6708] hsr_slave_1: entered promiscuous mode [ 59.794817][ T6708] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.798507][ T6708] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.802021][ T6708] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.805816][ T6708] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.822107][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.822185][ T6708] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.822313][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.822367][ T6708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.848843][ T40] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.851257][ T40] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.863849][ T6708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.879925][ T6708] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.882883][ T742] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.882969][ T742] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.889165][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.889259][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.986854][ T6708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.010990][ T6708] veth0_vlan: entered promiscuous mode [ 60.014646][ T6708] veth1_vlan: entered promiscuous mode [ 60.032422][ T6708] veth0_macvtap: entered promiscuous mode [ 60.038903][ T6708] veth1_macvtap: entered promiscuous mode [ 60.053852][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.057883][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.059299][ T6708] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.059340][ T6708] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.059370][ T6708] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.059399][ T6708] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.112724][ T679] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.112799][ T679] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.131651][ T679] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.131705][ T679] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.180397][ T6790] jffs2: notice: (6790) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 60.208410][ T6796] jffs2: notice: (6796) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 60.249897][ T6801] jffs2: notice: (6801) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 60.257549][ T6792] ================================================================== [ 60.257575][ T6792] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x144/0x2190 [ 60.257600][ T6792] Read of size 8 at addr ffff0000c2000130 by task jffs2_gcd_mtd0/6792 [ 60.257616][ T6792] [ 60.257627][ T6792] CPU: 1 UID: 0 PID: 6792 Comm: jffs2_gcd_mtd0 Not tainted 6.15.0-rc6-syzkaller-ga82e92598ab1 #0 PREEMPT [ 60.257640][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.257647][ T6792] Call trace: [ 60.257651][ T6792] show_stack+0x2c/0x3c (C) [ 60.257665][ T6792] __dump_stack+0x30/0x40 [ 60.257675][ T6792] dump_stack_lvl+0xd8/0x12c [ 60.257685][ T6792] print_address_description+0xa8/0x254 [ 60.257699][ T6792] print_report+0x68/0x84 [ 60.257711][ T6792] kasan_report+0xb0/0x110 [ 60.257725][ T6792] __asan_report_load8_noabort+0x20/0x2c [ 60.257736][ T6792] __mutex_lock_common+0x144/0x2190 [ 60.257749][ T6792] mutex_lock_interruptible_nested+0x2c/0x38 [ 60.257773][ T6792] jffs2_garbage_collect_pass+0xa0/0x19c0 [ 60.257787][ T6792] jffs2_garbage_collect_thread+0x3c0/0x430 [ 60.257799][ T6792] kthread+0x5fc/0x75c [ 60.257813][ T6792] ret_from_fork+0x10/0x20 [ 60.257824][ T6792] [ 60.257904][ T6792] Allocated by task 6790: [ 60.257916][ T6792] kasan_save_track+0x40/0x78 [ 60.257933][ T6792] kasan_save_alloc_info+0x44/0x54 [ 60.257948][ T6792] __kasan_kmalloc+0x9c/0xb4 [ 60.257965][ T6792] __kmalloc_cache_noprof+0x2a4/0x3fc [ 60.257980][ T6792] jffs2_init_fs_context+0x58/0xc0 [ 60.257999][ T6792] alloc_fs_context+0x538/0x76c [ 60.258016][ T6792] fs_context_for_mount+0x34/0x44 [ 60.258033][ T6792] do_new_mount+0xfc/0x814 [ 60.258049][ T6792] path_mount+0x5b4/0xde0 [ 60.258064][ T6792] __arm64_sys_mount+0x3e8/0x468 [ 60.258080][ T6792] invoke_syscall+0x98/0x2b8 [ 60.258095][ T6792] el0_svc_common+0x130/0x23c [ 60.258109][ T6792] do_el0_svc+0x48/0x58 [ 60.258123][ T6792] el0_svc+0x58/0x17c [ 60.258140][ T6792] el0t_64_sync_handler+0x78/0x108 [ 60.258157][ T6792] el0t_64_sync+0x198/0x19c [ 60.258172][ T6792] [ 60.258180][ T6792] Freed by task 6708: [ 60.258191][ T6792] kasan_save_track+0x40/0x78 [ 60.258208][ T6792] kasan_save_free_info+0x58/0x70 [ 60.258223][ T6792] __kasan_slab_free+0x68/0x88 [ 60.258240][ T6792] kfree+0x17c/0x474 [ 60.258257][ T6792] jffs2_kill_sb+0x9c/0xb0 [ 60.258273][ T6792] deactivate_locked_super+0xc4/0x12c [ 60.258289][ T6792] deactivate_super+0xe0/0x100 [ 60.258304][ T6792] cleanup_mnt+0x31c/0x3ac [ 60.258320][ T6792] __cleanup_mnt+0x20/0x30 [ 60.258336][ T6792] task_work_run+0x1dc/0x260 [ 60.258351][ T6792] do_notify_resume+0x16c/0x1ec [ 60.258367][ T6792] el0_svc+0xb4/0x17c [ 60.258384][ T6792] el0t_64_sync_handler+0x78/0x108 [ 60.258401][ T6792] el0t_64_sync+0x198/0x19c [ 60.258415][ T6792] [ 60.258423][ T6792] The buggy address belongs to the object at ffff0000c2000000 [ 60.258423][ T6792] which belongs to the cache kmalloc-4k of size 4096 [ 60.258439][ T6792] The buggy address is located 304 bytes inside of [ 60.258439][ T6792] freed 4096-byte region [ffff0000c2000000, ffff0000c2001000) [ 60.258457][ T6792] [ 60.258466][ T6792] The buggy address belongs to the physical page: [ 60.258477][ T6792] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102000 [ 60.258493][ T6792] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.258508][ T6792] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 60.258525][ T6792] page_type: f5(slab) [ 60.258541][ T6792] raw: 05ffc00000000040 ffff0000c0002140 dead000000000122 0000000000000000 [ 60.258556][ T6792] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 60.258572][ T6792] head: 05ffc00000000040 ffff0000c0002140 dead000000000122 0000000000000000 [ 60.258588][ T6792] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 60.258604][ T6792] head: 05ffc00000000003 fffffdffc3080001 00000000ffffffff 00000000ffffffff [ 60.258619][ T6792] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 60.258631][ T6792] page dumped because: kasan: bad access detected [ 60.258641][ T6792] [ 60.258649][ T6792] Memory state around the buggy address: [ 60.258661][ T6792] ffff0000c2000000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.258675][ T6792] ffff0000c2000080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.258688][ T6792] >ffff0000c2000100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.258699][ T6792] ^ [ 60.258712][ T6792] ffff0000c2000180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.258725][ T6792] ffff0000c2000200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.258736][ T6792] ================================================================== [ 60.258781][ T6792] Disabling lock debugging due to kernel taint [ 60.258832][ T6792] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 60.258869][ T6792] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 60.258900][ T6792] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 60.258931][ T6792] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 60.258961][ T6792] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 60.258992][ T6792] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 60.259022][ T6792] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 60.259052][ T6792] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 60.259082][ T6792] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 60.259112][ T6792] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 60.259143][ T6792] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 60.259173][ T6792] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 60.259203][ T6792] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 60.259232][ T6792] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 60.259262][ T6792] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 60.259293][ T6792] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 60.259323][ T6792] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 60.259357][ T6792] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 60.259387][ T6792] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 60.259417][ T6792] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 60.259447][ T6792] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 60.259476][ T6792] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 60.259506][ T6792] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 60.259539][ T6792] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 60.259569][ T6792] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 60.259599][ T6792] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 60.259632][ T6792] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 60.259662][ T6792] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 60.259692][ T6792] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 60.259718][ T6792] slab kmalloc-4k start ffff0000c7f60000 pointer offset 0 size 4096 [ 60.259799][ T6792] list_del corruption. next->prev should be ffff0000c7f60048, but was 044003c300001a34. (next=ffff0000c7f60000) [ 60.260161][ T6792] ------------[ cut here ]------------ [ 60.260174][ T6792] kernel BUG at lib/list_debug.c:67! [ 60.260187][ T6792] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 60.450737][ T6792] Modules linked in: [ 60.451793][ T6792] CPU: 1 UID: 0 PID: 6792 Comm: jffs2_gcd_mtd0 Tainted: G B 6.15.0-rc6-syzkaller-ga82e92598ab1 #0 PREEMPT [ 60.455385][ T6792] Tainted: [B]=BAD_PAGE [ 60.456448][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 60.459165][ T6792] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 60.461238][ T6792] pc : __list_del_entry_valid_or_report+0x1b0/0x1b4 [ 60.463045][ T6792] lr : __list_del_entry_valid_or_report+0x1b0/0x1b4 [ 60.464756][ T6792] sp : ffff8000a0e67880 [ 60.465914][ T6792] x29: ffff8000a0e67880 x28: ffff0000c2000238 x27: ffff0000c2000238 [ 60.468031][ T6792] x26: ffff0000c2000208 x25: ffff0000c2000228 x24: dfff800000000000 [ 60.470134][ T6792] x23: 1fffe00018fec001 x22: dfff800000000000 x21: ffff0000c7f60008 [ 60.472265][ T6792] x20: ffff0000c7f60000 x19: ffff0000c7f60048 x18: 1fffe0003386f276 [ 60.474451][ T6792] x17: 20747562202c3834 x16: ffff80008ad22c48 x15: ffff700011e740b4 [ 60.476631][ T6792] x14: 1ffff00011e740b4 x13: 0000000000000004 x12: ffffffffffffffff [ 60.478867][ T6792] x11: ffff700011e740b4 x10: 0000000000ff0100 x9 : 1235c63fa86d9000 [ 60.480968][ T6792] x8 : 1235c63fa86d9000 x7 : 0000000000000001 x6 : 0000000000000001 [ 60.483069][ T6792] x5 : ffff8000a0e67218 x4 : ffff80008f415b40 x3 : ffff8000805486f0 [ 60.485243][ T6792] x2 : 0000000000000000 x1 : 0000000100000001 x0 : 000000000000006d [ 60.487385][ T6792] Call trace: [ 60.488263][ T6792] __list_del_entry_valid_or_report+0x1b0/0x1b4 (P) [ 60.490043][ T6792] jffs2_erase_pending_blocks+0x2dc/0x1ca4 [ 60.491595][ T6792] jffs2_garbage_collect_pass+0x524/0x19c0 [ 60.493121][ T6792] jffs2_garbage_collect_thread+0x3c0/0x430 [ 60.494668][ T6792] kthread+0x5fc/0x75c [ 60.495727][ T6792] ret_from_fork+0x10/0x20 [ 60.496922][ T6792] Code: 910f0000 aa1303e1 aa1403e3 97439a15 (d4210000) [ 60.498694][ T6792] ---[ end trace 0000000000000000 ]--- [ 60.848552][ T6792] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 60.850590][ T6792] SMP: stopping secondary CPUs [ 60.851901][ T6792] Kernel Offset: disabled [ 60.853068][ T6792] CPU features: 0x0800,000040e0,01000250,82017203 [ 60.854792][ T6792] Memory Limit: none [ 61.191672][ T6792] Rebooting in 86400 seconds..