Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:01 parsed 1 programs [ 61.849617][ T6573] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:01:01 executed programs: 0 [ 61.884081][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.887614][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.890368][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.893482][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.895924][ T5940] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.898670][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.961379][ T6579] chnl_net:caif_netlink_parms(): no params data found [ 61.989178][ T6579] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.991174][ T6579] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.993204][ T6579] bridge_slave_0: entered allmulticast mode [ 61.995384][ T6579] bridge_slave_0: entered promiscuous mode [ 61.998845][ T6579] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.000863][ T6579] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.002941][ T6579] bridge_slave_1: entered allmulticast mode [ 62.005057][ T6579] bridge_slave_1: entered promiscuous mode [ 62.016876][ T6579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.021189][ T6579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.032964][ T6579] team0: Port device team_slave_0 added [ 62.035898][ T6579] team0: Port device team_slave_1 added [ 62.046377][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.048454][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.055523][ T6579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.059815][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.061681][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.068753][ T6579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.139125][ T6579] hsr_slave_0: entered promiscuous mode [ 62.177507][ T6579] hsr_slave_1: entered promiscuous mode [ 63.141764][ T6579] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.146414][ T6579] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.154384][ T6579] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.161567][ T6579] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.198593][ T6579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.206926][ T6579] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.212116][ T6378] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.214140][ T6378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.230549][ T6378] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.232575][ T6378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.242362][ T6579] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.309952][ T6579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.331212][ T6579] veth0_vlan: entered promiscuous mode [ 63.335524][ T6579] veth1_vlan: entered promiscuous mode [ 63.350036][ T6579] veth0_macvtap: entered promiscuous mode [ 63.353320][ T6579] veth1_macvtap: entered promiscuous mode [ 63.361551][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.367519][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.372093][ T6579] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.374553][ T6579] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.376827][ T6579] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.380962][ T6579] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.422936][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.425174][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.444044][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.446202][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.501577][ T6692] jffs2: notice: (6692) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.528385][ T6697] jffs2: notice: (6697) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.561047][ T6703] jffs2: notice: (6703) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.567972][ T6695] ================================================================== [ 63.570259][ T6695] BUG: KASAN: slab-use-after-free in __mutex_lock_common+0x100/0x21a0 [ 63.572560][ T6695] Read of size 8 at addr ffff0000db498130 by task jffs2_gcd_mtd0/6695 [ 63.574786][ T6695] [ 63.575415][ T6695] CPU: 1 PID: 6695 Comm: jffs2_gcd_mtd0 Not tainted 6.10.0-rc7-syzkaller-00109-gc912bf709078 #0 [ 63.578351][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 63.581246][ T6695] Call trace: [ 63.582121][ T6695] dump_backtrace+0x1b8/0x1e4 [ 63.583397][ T6695] show_stack+0x2c/0x3c [ 63.584527][ T6695] dump_stack_lvl+0xe4/0x150 [ 63.585777][ T6695] print_report+0x198/0x538 [ 63.587010][ T6695] kasan_report+0xd8/0x138 [ 63.588235][ T6695] __asan_report_load8_noabort+0x20/0x2c [ 63.589775][ T6695] __mutex_lock_common+0x100/0x21a0 [ 63.591164][ T6695] mutex_lock_interruptible_nested+0x2c/0x38 [ 63.592869][ T6695] jffs2_garbage_collect_pass+0xa4/0x1a50 [ 63.594556][ T6695] jffs2_garbage_collect_thread+0x414/0x48c [ 63.596195][ T6695] kthread+0x288/0x310 [ 63.597348][ T6695] ret_from_fork+0x10/0x20 [ 63.598578][ T6695] [ 63.599216][ T6695] Allocated by task 6692: [ 63.600369][ T6695] kasan_save_track+0x40/0x78 [ 63.601643][ T6695] kasan_save_alloc_info+0x40/0x50 [ 63.603080][ T6695] __kasan_kmalloc+0xac/0xc4 [ 63.604337][ T6695] kmalloc_trace_noprof+0x244/0x374 [ 63.605744][ T6695] jffs2_init_fs_context+0x58/0xc8 [ 63.607201][ T6695] alloc_fs_context+0x514/0x7a4 [ 63.608551][ T6695] fs_context_for_mount+0x34/0x44 [ 63.609927][ T6695] do_new_mount+0x14c/0x900 [ 63.611139][ T6695] path_mount+0x590/0xe04 [ 63.612333][ T6695] __arm64_sys_mount+0x3c4/0x488 [ 63.613721][ T6695] invoke_syscall+0x98/0x2b8 [ 63.614992][ T6695] el0_svc_common+0x130/0x23c [ 63.616234][ T6695] do_el0_svc+0x48/0x58 [ 63.617359][ T6695] el0_svc+0x54/0x168 [ 63.618454][ T6695] el0t_64_sync_handler+0x84/0xfc [ 63.619689][ T6699] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 63.619832][ T6695] el0t_64_sync+0x190/0x194 [ 63.621863][ T6699] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 63.622924][ T6695] [ 63.622930][ T6695] Freed by task 6579: [ 63.624930][ T6699] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 63.625467][ T6695] kasan_save_track+0x40/0x78 [ 63.626481][ T6699] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 63.628365][ T6695] kasan_save_free_info+0x54/0x6c [ 63.628385][ T6695] poison_slab_object+0x128/0x180 [ 63.628394][ T6695] __kasan_slab_free+0x3c/0x70 [ 63.628404][ T6695] kfree+0x154/0x3e0 [ 63.628415][ T6695] jffs2_kill_sb+0x9c/0xb0 [ 63.628426][ T6695] deactivate_locked_super+0xc4/0x12c [ 63.636064][ T6699] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 63.636617][ T6695] deactivate_super+0xe0/0x100 [ 63.638159][ T6699] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 63.639251][ T6695] cleanup_mnt+0x34c/0x3dc [ 63.641164][ T6699] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 63.642421][ T6695] __cleanup_mnt+0x20/0x30 [ 63.644349][ T6699] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 63.645520][ T6695] task_work_run+0x230/0x2e0 [ 63.648225][ T6699] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 63.648627][ T6695] do_notify_resume+0x178/0x1f4 [ 63.650649][ T6699] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 63.651874][ T6695] el0_svc+0xac/0x168 [ 63.653870][ T6699] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 63.655130][ T6695] el0t_64_sync_handler+0x84/0xfc [ 63.657040][ T6699] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 63.658090][ T6695] el0t_64_sync+0x190/0x194 [ 63.658111][ T6695] [ 63.658116][ T6695] The buggy address belongs to the object at ffff0000db498000 [ 63.658116][ T6695] which belongs to the cache kmalloc-4k of size 4096 [ 63.658127][ T6695] The buggy address is located 304 bytes inside of [ 63.658127][ T6695] freed 4096-byte region [ffff0000db498000, ffff0000db499000) [ 63.658139][ T6695] [ 63.658142][ T6695] The buggy address belongs to the physical page: [ 63.658148][ T6695] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b498 [ 63.658159][ T6695] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 63.661903][ T6699] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 63.663416][ T6695] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 63.664639][ T6699] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 63.665211][ T6695] page_type: 0xffffefff(slab) [ 63.672786][ T6699] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 63.673242][ T6695] raw: 05ffc00000000040 ffff0000c0002140 fffffdffc36d3400 dead000000000002 [ 63.674948][ T6699] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 63.677312][ T6695] raw: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 63.677328][ T6695] head: 05ffc00000000040 ffff0000c0002140 fffffdffc36d3400 dead000000000002 [ 63.677339][ T6695] head: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000 [ 63.677350][ T6695] head: 05ffc00000000003 fffffdffc36d2601 ffffffffffffffff 0000000000000000 [ 63.677360][ T6695] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 63.680496][ T6699] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 63.681573][ T6695] page dumped because: kasan: bad access detected [ 63.683582][ T6699] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 63.685542][ T6695] [ 63.686706][ T6699] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 63.688689][ T6695] Memory state around the buggy address: [ 63.688705][ T6695] ffff0000db498000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.688714][ T6695] ffff0000db498080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.688722][ T6695] >ffff0000db498100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.688728][ T6695] ^ [ 63.688735][ T6695] ffff0000db498180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.688743][ T6695] ffff0000db498200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.688749][ T6695] ================================================================== [ 63.736288][ T6695] Disabling lock debugging due to kernel taint [ 63.738137][ T6695] jffs2: Erase at 0x0001e000 failed immediately: errno -524 [ 63.740081][ T6695] jffs2: Erase at 0x0001d000 failed immediately: errno -524 [ 63.742129][ T6695] jffs2: Erase at 0x0001c000 failed immediately: errno -524 [ 63.744074][ T6695] jffs2: Erase at 0x0001b000 failed immediately: errno -524 [ 63.746093][ T6695] jffs2: Erase at 0x0001a000 failed immediately: errno -524 [ 63.748991][ T6695] jffs2: Erase at 0x00019000 failed immediately: errno -524 [ 63.750982][ T6695] jffs2: Erase at 0x00018000 failed immediately: errno -524 [ 63.754706][ T6695] jffs2: Erase at 0x00017000 failed immediately: errno -524 [ 63.756794][ T6695] jffs2: Erase at 0x00016000 failed immediately: errno -524 [ 63.762683][ T6695] jffs2: Erase at 0x00015000 failed immediately: errno -524 [ 63.765472][ T6716] jffs2: notice: (6716) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.771493][ T6695] jffs2: Erase at 0x00014000 failed immediately: errno -524 [ 63.771928][ T6699] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 63.775690][ T6699] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 63.783536][ T6699] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 63.785570][ T6699] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 63.790726][ T6699] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 63.792489][ T6722] jffs2: notice: (6722) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.792911][ T6699] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 63.799763][ T6695] jffs2: Erase at 0x00013000 failed immediately: errno -524 [ 63.801907][ T6699] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 63.803571][ T6695] jffs2: Erase at 0x00012000 failed immediately: errno -524 [ 63.817158][ T6727] jffs2: notice: (6727) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 63.822054][ T6699] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 63.824360][ T6695] jffs2: Erase at 0x00011000 failed immediately: errno -524 [ 63.838328][ T6699] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 63.840546][ T6695] jffs2: Erase at 0x00010000 failed immediately: errno -524 [ 63.842628][ T6699] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 63.844654][ T6695] jffs2: Erase at 0x0000f000 failed immediately: errno -524 [ 63.847196][ T6699] list_del corruption. next->prev should be ffff0000da044048, but was 048403bf000019b3. (next=ffff0000da044000) [ 63.850863][ T6699] ------------[ cut here ]------------ [ 63.852354][ T6699] kernel BUG at lib/list_debug.c:67! [ 63.853781][ T6699] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 63.855848][ T6699] Modules linked in: [ 63.856876][ T6699] CPU: 1 PID: 6699 Comm: jffs2_gcd_mtd0 Tainted: G B 6.10.0-rc7-syzkaller-00109-gc912bf709078 #0 [ 63.859543][ T6695] jffs2: Erase at 0x0000e000 failed immediately: errno -524 [ 63.860051][ T6699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 63.862076][ T6695] jffs2: Erase at 0x0000d000 failed immediately: errno -524 [ 63.864799][ T6699] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.866784][ T6695] jffs2: Erase at 0x0000c000 failed immediately: errno -524 [ 63.868916][ T6699] pc : __list_del_entry_valid_or_report+0x154/0x158 [ 63.868942][ T6699] lr : __list_del_entry_valid_or_report+0x154/0x158 [ 63.868953][ T6699] sp : ffff80009abf7870 [ 63.868958][ T6699] x29: ffff80009abf7870 [ 63.870907][ T6695] jffs2: Erase at 0x0000b000 failed immediately: errno -524 [ 63.872628][ T6699] x28: ffff0000d9682000 [ 63.874496][ T6695] jffs2: Erase at 0x0000a000 failed immediately: errno -524 [ 63.875588][ T6699] x27: ffff0000d96823a8 [ 63.876683][ T6695] jffs2: Erase at 0x00009000 failed immediately: errno -524 [ 63.878600][ T6699] [ 63.878609][ T6699] x26: ffff0000da044048 x25: dfff800000000000 x24: ffff0000d9682170 [ 63.878631][ T6699] x23: ffff0000d9682278 x22: dfff800000000000 x21: ffff0000da044008 [ 63.879689][ T6695] jffs2: Erase at 0x00008000 failed immediately: errno -524 [ 63.881717][ T6699] x20: ffff0000da044000 [ 63.882868][ T6695] jffs2: Erase at 0x00007000 failed immediately: errno -524 [ 63.884726][ T6699] x19: ffff0000da044048 [ 63.885320][ T6695] jffs2: Erase at 0x00006000 failed immediately: errno -524 [ 63.887378][ T6699] x18: 0000000000000008 [ 63.887396][ T6699] x17: 20747562202c3834 x16: ffff80008b07c030 x15: ffff700011e6a694 [ 63.887415][ T6699] x14: 1ffff00011e6a694 x13: 0000000000000004 [ 63.889506][ T6695] jffs2: Erase at 0x00005000 failed immediately: errno -524 [ 63.891421][ T6699] x12: ffffffffffffffff [ 63.892551][ T6695] jffs2: Erase at 0x00004000 failed immediately: errno -524 [ 63.894392][ T6699] [ 63.895484][ T6695] jffs2: Erase at 0x00003000 failed immediately: errno -524 [ 63.897398][ T6699] x11: 0000000000000002 x10: 0000000000ff0100 x9 : c9a6f72dd36e1900 [ 63.897425][ T6699] x8 : c9a6f72dd36e1900 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.897441][ T6699] x5 : ffff80009abf6fd8 [ 63.898611][ T6695] jffs2: Erase at 0x00002000 failed immediately: errno -524 [ 63.900747][ T6699] x4 : ffff80008f3c53a0 [ 63.902264][ T6695] list_del corruption. next->prev should be ffff0000db4d0048, but was 048403bf000019b3. (next=ffff0000db4d0000) [ 63.904230][ T6699] x3 : ffff800080369018 [ 63.905818][ T6695] ------------[ cut here ]------------ [ 63.907307][ T6699] [ 63.907947][ T6695] kernel BUG at lib/list_debug.c:67! [ 63.909896][ T6699] x2 : 0000000000000000 x1 : 0000000000000001 x0 : 000000000000006d [ 63.928318][ T6699] Call trace: [ 63.929188][ T6699] __list_del_entry_valid_or_report+0x154/0x158 [ 63.930891][ T6699] jffs2_erase_pending_blocks+0x33c/0x1fcc [ 63.932453][ T6699] jffs2_garbage_collect_pass+0x554/0x1a50 [ 63.934034][ T6699] jffs2_garbage_collect_thread+0x414/0x48c [ 63.935689][ T6699] kthread+0x288/0x310 [ 63.936773][ T6699] ret_from_fork+0x10/0x20 [ 63.937929][ T6699] Code: 91238000 aa1303e1 aa1403e3 953e67b5 (d4210000) [ 63.939811][ T6699] ---[ end trace 0000000000000000 ]--- [ 64.436858][ T6699] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 64.438812][ T6699] SMP: stopping secondary CPUs [ 65.521603][ T6699] SMP: failed to stop secondary CPUs 0-1 [ 65.523189][ T6699] Kernel Offset: disabled [ 65.524382][ T6699] CPU features: 0x00,00000103,80100128,42017203 [ 65.526113][ T6699] Memory Limit: none [ 65.929417][ T6699] Rebooting in 86400 seconds..