Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts.
2025/07/07 03:18:56 ignoring optional flag "sandboxArg"="0"
2025/07/07 03:18:56 ignoring optional flag "type"="gce"
2025/07/07 03:18:56 parsed 1 programs
2025/07/07 03:18:58 executed programs: 0
[ 109.494275][ T6156] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 109.556384][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 109.564473][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 109.573214][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 109.582197][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 109.590989][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 109.765721][ T6165] chnl_net:caif_netlink_parms(): no params data found
[ 109.847136][ T6165] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.854347][ T6165] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.862034][ T6165] bridge_slave_0: entered allmulticast mode
[ 109.869340][ T6165] bridge_slave_0: entered promiscuous mode
[ 109.877877][ T6165] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.885040][ T6165] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.892448][ T6165] bridge_slave_1: entered allmulticast mode
[ 109.899823][ T6165] bridge_slave_1: entered promiscuous mode
[ 109.933800][ T6165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 109.946191][ T6165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 109.981828][ T6165] team0: Port device team_slave_0 added
[ 109.990139][ T6165] team0: Port device team_slave_1 added
[ 110.020620][ T6165] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 110.027686][ T6165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.053819][ T6165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 110.066789][ T6165] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 110.073788][ T6165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 110.100757][ T6165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 110.147819][ T6165] hsr_slave_0: entered promiscuous mode
[ 110.154310][ T6165] hsr_slave_1: entered promiscuous mode
[ 110.810793][ T6165] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 110.824303][ T6165] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 110.838815][ T6165] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 110.853053][ T6165] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 110.971782][ T6165] 8021q: adding VLAN 0 to HW filter on device bond0
[ 111.000732][ T6165] 8021q: adding VLAN 0 to HW filter on device team0
[ 111.017966][ T2139] bridge0: port 1(bridge_slave_0) entered blocking state
[ 111.025223][ T2139] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 111.060466][ T2139] bridge0: port 2(bridge_slave_1) entered blocking state
[ 111.067719][ T2139] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 111.345615][ T6165] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 111.409924][ T6165] veth0_vlan: entered promiscuous mode
[ 111.432704][ T6165] veth1_vlan: entered promiscuous mode
[ 111.473389][ T6165] veth0_macvtap: entered promiscuous mode
[ 111.488094][ T6165] veth1_macvtap: entered promiscuous mode
[ 111.513802][ T6165] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 111.532447][ T6165] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 111.548455][ T6165] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.559691][ T6165] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.570474][ T6165] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.579854][ T6165] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.616097][ T51] Bluetooth: hci0: command tx timeout
[ 111.674966][ T2139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.693107][ T2139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.730295][ T77] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 111.738688][ T77] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 111.848365][ T6225] loop0: detected capacity change from 0 to 2048
[ 111.884671][ T6225] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 111.919668][ T6225] jffs2: notice: (6225) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[ 112.018146][ T6228] ==================================================================
[ 112.026292][ T6228] BUG: KASAN: slab-use-after-free in __mutex_lock+0x144/0xe80
[ 112.033789][ T6228] Read of size 8 at addr ffff88807d5f8130 by task jffs2_gcd_mtd0/6228
[ 112.041951][ T6228]
[ 112.044315][ T6228] CPU: 0 UID: 0 PID: 6228 Comm: jffs2_gcd_mtd0 Not tainted 6.16.0-rc5-syzkaller-gd7b8f8e20813 #0 PREEMPT(full)
[ 112.044336][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 112.044353][ T6228] Call Trace:
[ 112.044363][ T6228]
[ 112.044369][ T6228] dump_stack_lvl+0x189/0x250
[ 112.044390][ T6228] ? __virt_addr_valid+0x1c8/0x5c0
[ 112.044409][ T6228] ? rcu_is_watching+0x15/0xb0
[ 112.044426][ T6228] ? __kasan_check_byte+0x12/0x40
[ 112.044453][ T6228] ? __pfx_dump_stack_lvl+0x10/0x10
[ 112.044470][ T6228] ? rcu_is_watching+0x15/0xb0
[ 112.044486][ T6228] ? lock_release+0x4b/0x3e0
[ 112.044502][ T6228] ? __virt_addr_valid+0x1c8/0x5c0
[ 112.044521][ T6228] ? __virt_addr_valid+0x4a5/0x5c0
[ 112.044540][ T6228] print_report+0xd2/0x2b0
[ 112.044564][ T6228] ? __mutex_lock+0x144/0xe80
[ 112.044577][ T6228] kasan_report+0x118/0x150
[ 112.044601][ T6228] ? __mutex_lock+0x144/0xe80
[ 112.044617][ T6228] __mutex_lock+0x144/0xe80
[ 112.044632][ T6228] ? __lock_acquire+0xab9/0xd20
[ 112.044647][ T6228] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 112.044666][ T6228] ? __pfx___mutex_lock+0x10/0x10
[ 112.044678][ T6228] ? __free_object+0x4d4/0x6c0
[ 112.044701][ T6228] ? __lock_acquire+0xab9/0xd20
[ 112.044719][ T6228] jffs2_garbage_collect_pass+0xad/0x20e0
[ 112.044735][ T6228] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 112.044761][ T6228] ? _raw_spin_lock_irq+0xae/0xf0
[ 112.044781][ T6228] ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 112.044802][ T6228] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[ 112.044822][ T6228] ? _raw_spin_unlock_irq+0x23/0x50
[ 112.044842][ T6228] ? lockdep_hardirqs_on+0x9c/0x150
[ 112.044866][ T6228] ? sigprocmask+0x15d/0x1a0
[ 112.044884][ T6228] jffs2_garbage_collect_thread+0x618/0x6c0
[ 112.044908][ T6228] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 112.044929][ T6228] ? __kthread_parkme+0x7b/0x200
[ 112.044947][ T6228] ? __kthread_parkme+0x1a1/0x200
[ 112.044974][ T6228] kthread+0x711/0x8a0
[ 112.044995][ T6228] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 112.045013][ T6228] ? __pfx_kthread+0x10/0x10
[ 112.045033][ T6228] ? _raw_spin_unlock_irq+0x23/0x50
[ 112.045054][ T6228] ? lockdep_hardirqs_on+0x9c/0x150
[ 112.045079][ T6228] ? __pfx_kthread+0x10/0x10
[ 112.045104][ T6228] ret_from_fork+0x3fc/0x770
[ 112.045124][ T6228] ? __pfx_ret_from_fork+0x10/0x10
[ 112.045144][ T6228] ? __switch_to_asm+0x39/0x70
[ 112.045166][ T6228] ? __switch_to_asm+0x33/0x70
[ 112.045189][ T6228] ? __pfx_kthread+0x10/0x10
[ 112.045213][ T6228] ret_from_fork_asm+0x1a/0x30
[ 112.045245][ T6228]
[ 112.045251][ T6228]
[ 112.295206][ T6228] Allocated by task 6225:
[ 112.299540][ T6228] kasan_save_track+0x3e/0x80
[ 112.304235][ T6228] __kasan_kmalloc+0x93/0xb0
[ 112.308898][ T6228] __kmalloc_cache_noprof+0x230/0x3d0
[ 112.314310][ T6228] jffs2_init_fs_context+0x4f/0xc0
[ 112.319467][ T6228] alloc_fs_context+0x651/0x7d0
[ 112.324345][ T6228] do_new_mount+0x10e/0xa40
[ 112.328868][ T6228] __se_sys_mount+0x317/0x410
[ 112.333555][ T6228] do_syscall_64+0xfa/0x3b0
[ 112.338072][ T6228] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.343984][ T6228]
[ 112.346315][ T6228] Freed by task 6165:
[ 112.350296][ T6228] kasan_save_track+0x3e/0x80
[ 112.354984][ T6228] kasan_save_free_info+0x46/0x50
[ 112.360050][ T6228] __kasan_slab_free+0x62/0x70
[ 112.364841][ T6228] kfree+0x18e/0x440
[ 112.368773][ T6228] deactivate_locked_super+0xb9/0x130
[ 112.374266][ T6228] cleanup_mnt+0x425/0x4c0
[ 112.378688][ T6228] task_work_run+0x1d4/0x260
[ 112.383291][ T6228] exit_to_user_mode_loop+0xec/0x110
[ 112.388582][ T6228] do_syscall_64+0x2bd/0x3b0
[ 112.393182][ T6228] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.399176][ T6228]
[ 112.401507][ T6228] The buggy address belongs to the object at ffff88807d5f8000
[ 112.401507][ T6228] which belongs to the cache kmalloc-4k of size 4096
[ 112.415684][ T6228] The buggy address is located 304 bytes inside of
[ 112.415684][ T6228] freed 4096-byte region [ffff88807d5f8000, ffff88807d5f9000)
[ 112.429574][ T6228]
[ 112.431914][ T6228] The buggy address belongs to the physical page:
[ 112.438338][ T6228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d5f8
[ 112.447639][ T6228] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 112.456146][ T6228] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 112.463724][ T6228] page_type: f5(slab)
[ 112.467711][ T6228] raw: 00fff00000000040 ffff88801a442140 dead000000000100 dead000000000122
[ 112.476298][ T6228] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 112.484892][ T6228] head: 00fff00000000040 ffff88801a442140 dead000000000100 dead000000000122
[ 112.493598][ T6228] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[ 112.502278][ T6228] head: 00fff00000000003 ffffea0001f57e01 00000000ffffffff 00000000ffffffff
[ 112.510960][ T6228] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 112.519631][ T6228] page dumped because: kasan: bad access detected
[ 112.526052][ T6228] page_owner tracks the page as allocated
[ 112.531773][ T6228] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5508, tgid 5508 (cat), ts 58223570993, free_ts 57973658713
[ 112.551776][ T6228] post_alloc_hook+0x240/0x2a0
[ 112.556563][ T6228] get_page_from_freelist+0x21d5/0x22b0
[ 112.562118][ T6228] __alloc_frozen_pages_noprof+0x181/0x370
[ 112.567935][ T6228] alloc_pages_mpol+0x232/0x4a0
[ 112.572801][ T6228] allocate_slab+0x8a/0x3b0
[ 112.577311][ T6228] ___slab_alloc+0xbfc/0x1480
[ 112.581993][ T6228] __kmalloc_cache_noprof+0x296/0x3d0
[ 112.587378][ T6228] tomoyo_init_log+0x183/0x1f70
[ 112.592234][ T6228] tomoyo_supervisor+0x340/0x1480
[ 112.597261][ T6228] tomoyo_path_permission+0x25a/0x380
[ 112.602640][ T6228] tomoyo_check_open_permission+0x24d/0x3b0
[ 112.608547][ T6228] security_file_open+0xb1/0x270
[ 112.613497][ T6228] do_dentry_open+0x35e/0x1970
[ 112.618268][ T6228] vfs_open+0x3b/0x340
[ 112.622341][ T6228] path_openat+0x2ee5/0x3830
[ 112.626942][ T6228] do_filp_open+0x1fa/0x410
[ 112.631455][ T6228] page last free pid 5500 tgid 5500 stack trace:
[ 112.637800][ T6228] __free_frozen_pages+0xc65/0xe60
[ 112.643166][ T6228] __put_partials+0x161/0x1c0
[ 112.647879][ T6228] put_cpu_partial+0x17c/0x250
[ 112.652676][ T6228] __slab_free+0x2f7/0x400
[ 112.657112][ T6228] qlist_free_all+0x97/0x140
[ 112.661716][ T6228] kasan_quarantine_reduce+0x148/0x160
[ 112.667189][ T6228] __kasan_slab_alloc+0x22/0x80
[ 112.672054][ T6228] kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[ 112.677970][ T6228] __alloc_skb+0x112/0x2d0
[ 112.682407][ T6228] netlink_sendmsg+0x5c6/0xb30
[ 112.687184][ T6228] __sock_sendmsg+0x21c/0x270
[ 112.691875][ T6228] ____sys_sendmsg+0x505/0x830
[ 112.696745][ T6228] ___sys_sendmsg+0x21f/0x2a0
[ 112.701430][ T6228] __x64_sys_sendmsg+0x19b/0x260
[ 112.706372][ T6228] do_syscall_64+0xfa/0x3b0
[ 112.710876][ T6228] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 112.716782][ T6228]
[ 112.719109][ T6228] Memory state around the buggy address:
[ 112.724740][ T6228] ffff88807d5f8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.732816][ T6228] ffff88807d5f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.740881][ T6228] >ffff88807d5f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.749204][ T6228] ^
[ 112.754841][ T6228] ffff88807d5f8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.762909][ T6228] ffff88807d5f8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 112.770976][ T6228] ==================================================================
[ 112.923488][ T6233] loop0: detected capacity change from 0 to 2048
[ 112.959304][ T6233] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 113.024614][ T6233] jffs2: notice: (6233) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[ 113.046439][ T6228] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 113.053723][ T6228] CPU: 1 UID: 0 PID: 6228 Comm: jffs2_gcd_mtd0 Not tainted 6.16.0-rc5-syzkaller-gd7b8f8e20813 #0 PREEMPT(full)
[ 113.065576][ T6228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 113.075674][ T6228] Call Trace:
[ 113.078993][ T6228]
[ 113.081960][ T6228] dump_stack_lvl+0x99/0x250
[ 113.086592][ T6228] ? __asan_memcpy+0x40/0x70
[ 113.091217][ T6228] ? __pfx_dump_stack_lvl+0x10/0x10
[ 113.096447][ T6228] ? __pfx__printk+0x10/0x10
[ 113.101091][ T6228] panic+0x2db/0x790
[ 113.105034][ T6228] ? __pfx_panic+0x10/0x10
[ 113.109496][ T6228] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 113.115438][ T6228] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 113.121818][ T6228] ? print_memory_metadata+0x314/0x400
[ 113.127329][ T6228] ? __mutex_lock+0x144/0xe80
[ 113.132041][ T6228] check_panic_on_warn+0x89/0xb0
[ 113.137054][ T6228] ? __mutex_lock+0x144/0xe80
[ 113.141767][ T6228] end_report+0x78/0x160
[ 113.146052][ T6228] kasan_report+0x129/0x150
[ 113.150607][ T6228] ? __mutex_lock+0x144/0xe80
[ 113.155324][ T6228] __mutex_lock+0x144/0xe80
[ 113.159854][ T6228] ? __lock_acquire+0xab9/0xd20
[ 113.164807][ T6228] ? jffs2_garbage_collect_pass+0xad/0x20e0
[ 113.170737][ T6228] ? __pfx___mutex_lock+0x10/0x10
[ 113.175768][ T6228] ? __free_object+0x4d4/0x6c0
[ 113.180548][ T6228] ? __lock_acquire+0xab9/0xd20
[ 113.185412][ T6228] jffs2_garbage_collect_pass+0xad/0x20e0
[ 113.191138][ T6228] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 113.196530][ T6228] ? _raw_spin_lock_irq+0xae/0xf0
[ 113.201565][ T6228] ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 113.207122][ T6228] ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[ 113.213376][ T6228] ? _raw_spin_unlock_irq+0x23/0x50
[ 113.218585][ T6228] ? lockdep_hardirqs_on+0x9c/0x150
[ 113.223798][ T6228] ? sigprocmask+0x15d/0x1a0
[ 113.228401][ T6228] jffs2_garbage_collect_thread+0x618/0x6c0
[ 113.234309][ T6228] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 113.240750][ T6228] ? __kthread_parkme+0x7b/0x200
[ 113.245698][ T6228] ? __kthread_parkme+0x1a1/0x200
[ 113.250827][ T6228] kthread+0x711/0x8a0
[ 113.254915][ T6228] ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[ 113.261343][ T6228] ? __pfx_kthread+0x10/0x10
[ 113.265955][ T6228] ? _raw_spin_unlock_irq+0x23/0x50
[ 113.271256][ T6228] ? lockdep_hardirqs_on+0x9c/0x150
[ 113.276468][ T6228] ? __pfx_kthread+0x10/0x10
[ 113.281157][ T6228] ret_from_fork+0x3fc/0x770
[ 113.285765][ T6228] ? __pfx_ret_from_fork+0x10/0x10
[ 113.290892][ T6228] ? __switch_to_asm+0x39/0x70
[ 113.295695][ T6228] ? __switch_to_asm+0x33/0x70
[ 113.300473][ T6228] ? __pfx_kthread+0x10/0x10
[ 113.305255][ T6228] ret_from_fork_asm+0x1a/0x30
[ 113.310393][ T6228]
[ 113.313681][ T6228] Kernel Offset: disabled
[ 113.318012][ T6228] Rebooting in 86400 seconds..