Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts.
2026/02/05 07:25:17 ignoring optional flag "type"="gce"
2026/02/05 07:25:17 parsed 1 programs
2026/02/05 07:25:19 executed programs: 0
[  101.695987][ T5940] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.755467][ T5818] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.757501][ T5818] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.758525][ T5818] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.759584][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.760253][ T5818] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  101.967399][ T5961] chnl_net:caif_netlink_parms(): no params data found
[  102.326205][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.326273][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.326366][ T5961] bridge_slave_0: entered allmulticast mode
[  102.327660][ T5961] bridge_slave_0: entered promiscuous mode
[  102.329321][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.329386][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.329470][ T5961] bridge_slave_1: entered allmulticast mode
[  102.330737][ T5961] bridge_slave_1: entered promiscuous mode
[  102.539924][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.543425][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.729347][ T5961] team0: Port device team_slave_0 added
[  102.732796][ T5961] team0: Port device team_slave_1 added
[  102.928951][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0
[  102.928967][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.928990][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  102.931067][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1
[  102.931081][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  102.931102][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.380460][ T5961] hsr_slave_0: entered promiscuous mode
[  103.381196][ T5961] hsr_slave_1: entered promiscuous mode
[  103.845020][ T5818] Bluetooth: hci0: command tx timeout
[  104.877124][ T5961] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.909104][ T5961] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.950377][ T5961] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  105.000961][ T5961] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  105.169454][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.193247][ T5961] 8021q: adding VLAN 0 to HW filter on device team0
[  105.201825][ T1927] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.202008][ T1927] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.222977][ T1927] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.223112][ T1927] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.573189][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.642181][ T5961] veth0_vlan: entered promiscuous mode
[  105.653741][ T5961] veth1_vlan: entered promiscuous mode
[  105.702858][ T5961] veth0_macvtap: entered promiscuous mode
[  105.716736][ T5961] veth1_macvtap: entered promiscuous mode
[  105.733673][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.754349][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1
[  105.763445][  T185] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  105.763793][  T185] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  105.777255][  T185] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  105.784176][  T185] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  105.935083][ T5818] Bluetooth: hci0: command tx timeout
[  106.032620][ T6084] loop0: detected capacity change from 0 to 2048
[  106.099674][ T6084] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  106.190125][ T6084] jffs2: notice: (6084) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  106.265044][ T6089] ==================================================================
[  106.265061][ T6089] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.265105][ T6089] Read of size 1 at addr ffff888030e7a128 by task jffs2_gcd_mtd0/6089
[  106.265121][ T6089] 
[  106.265150][ T6089] CPU: 1 UID: 0 PID: 6089 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  106.265200][ T6089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  106.265231][ T6089] Call Trace:
[  106.265238][ T6089]  <TASK>
[  106.265250][ T6089]  dump_stack_lvl+0xe8/0x150
[  106.265276][ T6089]  print_report+0xba/0x230
[  106.265296][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.265316][ T6089]  kasan_report+0x117/0x150
[  106.265348][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.265371][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.265398][ T6089]  __kasan_check_byte+0x2a/0x40
[  106.265423][ T6089]  lock_acquire+0x84/0x330
[  106.265445][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.265474][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.265499][ T6089]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.265518][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.265543][ T6089]  ? do_raw_spin_lock+0x12b/0x2f0
[  106.265572][ T6089]  jffs2_garbage_collect_pass+0xb0/0x2150
[  106.265602][ T6089]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  106.265626][ T6089]  ? lockdep_hardirqs_on+0x7a/0x110
[  106.265650][ T6089]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  106.265674][ T6089]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  106.265694][ T6089]  ? rt_spin_lock+0x1e0/0x400
[  106.265712][ T6089]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  106.265740][ T6089]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  106.265762][ T6089]  ? rt_spin_unlock+0x160/0x200
[  106.265782][ T6089]  ? sigprocmask+0x15c/0x1a0
[  106.265802][ T6089]  jffs2_garbage_collect_thread+0x67c/0x710
[  106.265837][ T6089]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  106.265867][ T6089]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  106.265898][ T6089]  ? __kthread_parkme+0x7a/0x1f0
[  106.265918][ T6089]  ? __kthread_parkme+0x19c/0x1f0
[  106.265939][ T6089]  kthread+0x726/0x8b0
[  106.265962][ T6089]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  106.265990][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.266010][ T6089]  ? rt_spin_unlock+0x14f/0x200
[  106.266031][ T6089]  ? rt_spin_unlock+0x160/0x200
[  106.266049][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.266071][ T6089]  ret_from_fork+0x51b/0xa40
[  106.266091][ T6089]  ? __pfx_ret_from_fork+0x10/0x10
[  106.266109][ T6089]  ? __switch_to+0xc82/0x1410
[  106.266136][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.266158][ T6089]  ret_from_fork_asm+0x1a/0x30
[  106.266191][ T6089]  </TASK>
[  106.266197][ T6089] 
[  106.266206][ T6089] Allocated by task 6084:
[  106.266215][ T6089]  kasan_save_track+0x3e/0x80
[  106.266236][ T6089]  __kasan_kmalloc+0x93/0xb0
[  106.266258][ T6089]  __kmalloc_cache_noprof+0x1f2/0x6b0
[  106.266282][ T6089]  jffs2_init_fs_context+0x4f/0xc0
[  106.266297][ T6089]  alloc_fs_context+0x9e3/0xd60
[  106.266314][ T6089]  do_new_mount+0x179/0xa50
[  106.266338][ T6089]  __se_sys_mount+0x31d/0x420
[  106.266362][ T6089]  do_syscall_64+0xe2/0xf80
[  106.266384][ T6089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.266401][ T6089] 
[  106.266405][ T6089] Freed by task 5961:
[  106.266413][ T6089]  kasan_save_track+0x3e/0x80
[  106.266433][ T6089]  kasan_save_free_info+0x46/0x50
[  106.266451][ T6089]  __kasan_slab_free+0x5c/0x80
[  106.266472][ T6089]  kfree+0x1bb/0x8f0
[  106.266492][ T6089]  deactivate_locked_super+0xbc/0x130
[  106.266509][ T6089]  cleanup_mnt+0x437/0x4d0
[  106.266526][ T6089]  task_work_run+0x1d9/0x270
[  106.266548][ T6089]  exit_to_user_mode_loop+0xed/0x480
[  106.266566][ T6089]  do_syscall_64+0x2b7/0xf80
[  106.266587][ T6089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.266604][ T6089] 
[  106.266608][ T6089] The buggy address belongs to the object at ffff888030e7a000
[  106.266608][ T6089]  which belongs to the cache kmalloc-4k of size 4096
[  106.266623][ T6089] The buggy address is located 296 bytes inside of
[  106.266623][ T6089]  freed 4096-byte region [ffff888030e7a000, ffff888030e7b000)
[  106.266641][ T6089] 
[  106.266646][ T6089] The buggy address belongs to the physical page:
[  106.266659][ T6089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30e78
[  106.266679][ T6089] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  106.266694][ T6089] flags: 0x80000000000040(head|node=0|zone=1)
[  106.266712][ T6089] page_type: f5(slab)
[  106.266729][ T6089] raw: 0080000000000040 ffff88813fe27140 ffffea0000f7a000 dead000000000002
[  106.266745][ T6089] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  106.266761][ T6089] head: 0080000000000040 ffff88813fe27140 ffffea0000f7a000 dead000000000002
[  106.266776][ T6089] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  106.266792][ T6089] head: 0080000000000003 ffffea0000c39e01 00000000ffffffff 00000000ffffffff
[  106.266808][ T6089] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  106.266817][ T6089] page dumped because: kasan: bad access detected
[  106.266829][ T6089] page_owner tracks the page as allocated
[  106.266836][ T6089] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5746, tgid 5746 (sshd), ts 67086581256, free_ts 67059943454
[  106.266867][ T6089]  post_alloc_hook+0x228/0x280
[  106.266895][ T6089]  get_page_from_freelist+0x28bb/0x2950
[  106.266911][ T6089]  __alloc_frozen_pages_noprof+0x18d/0x380
[  106.266927][ T6089]  alloc_pages_mpol+0xd1/0x380
[  106.266952][ T6089]  allocate_slab+0x86/0x3a0
[  106.266970][ T6089]  ___slab_alloc+0xaf8/0x13d0
[  106.266986][ T6089]  __slab_alloc+0xc5/0x1f0
[  106.267001][ T6089]  __kmalloc_noprof+0x15e/0x7c0
[  106.267024][ T6089]  tomoyo_realpath_from_path+0xe3/0x5d0
[  106.267040][ T6089]  tomoyo_path_number_perm+0x246/0x630
[  106.267062][ T6089]  tomoyo_path_mknod+0x14a/0x1a0
[  106.267079][ T6089]  security_path_mknod+0x176/0x370
[  106.267098][ T6089]  path_openat+0x1058/0x3e70
[  106.267118][ T6089]  do_filp_open+0x22d/0x490
[  106.267137][ T6089]  do_sys_openat2+0x12f/0x220
[  106.267152][ T6089]  __x64_sys_openat+0x138/0x170
[  106.267168][ T6089] page last free pid 5709 tgid 5709 stack trace:
[  106.267178][ T6089]  __free_frozen_pages+0xfd0/0x1160
[  106.267202][ T6089]  __folio_put+0x25d/0x310
[  106.267225][ T6089]  do_exit+0x1846/0x2320
[  106.267246][ T6089]  do_group_exit+0x21b/0x2d0
[  106.267268][ T6089]  __x64_sys_exit_group+0x3f/0x40
[  106.267290][ T6089]  __pfx_syscall_get_nr+0x0/0x10
[  106.267314][ T6089]  do_syscall_64+0xe2/0xf80
[  106.267335][ T6089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.267352][ T6089] 
[  106.267356][ T6089] Memory state around the buggy address:
[  106.267365][ T6089]  ffff888030e7a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.267377][ T6089]  ffff888030e7a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.267389][ T6089] >ffff888030e7a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.267398][ T6089]                                   ^
[  106.267408][ T6089]  ffff888030e7a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.267419][ T6089]  ffff888030e7a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  106.267428][ T6089] ==================================================================
[  106.267439][ T6089] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  106.267455][ T6089] CPU: 1 UID: 0 PID: 6089 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  106.267473][ T6089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  106.267483][ T6089] Call Trace:
[  106.267490][ T6089]  <TASK>
[  106.267497][ T6089]  vpanic+0x1e0/0x670
[  106.267522][ T6089]  panic+0xc5/0xd0
[  106.267545][ T6089]  ? __pfx_panic+0x10/0x10
[  106.267570][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267589][ T6089]  ? rcu_is_watching+0x15/0xb0
[  106.267615][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267634][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267649][ T6089]  check_panic_on_warn+0x89/0xb0
[  106.267669][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267684][ T6089]  end_report+0x6f/0x140
[  106.267706][ T6089]  kasan_report+0x128/0x150
[  106.267733][ T6089]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267756][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.267783][ T6089]  __kasan_check_byte+0x2a/0x40
[  106.267808][ T6089]  lock_acquire+0x84/0x330
[  106.267829][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.267858][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.267893][ T6089]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  106.267913][ T6089]  ? jffs2_garbage_collect_pass+0xb0/0x2150
[  106.267939][ T6089]  ? do_raw_spin_lock+0x12b/0x2f0
[  106.267968][ T6089]  jffs2_garbage_collect_pass+0xb0/0x2150
[  106.267998][ T6089]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  106.268022][ T6089]  ? lockdep_hardirqs_on+0x7a/0x110
[  106.268046][ T6089]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  106.268070][ T6089]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  106.268090][ T6089]  ? rt_spin_lock+0x1e0/0x400
[  106.268109][ T6089]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  106.268137][ T6089]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  106.268159][ T6089]  ? rt_spin_unlock+0x160/0x200
[  106.268180][ T6089]  ? sigprocmask+0x15c/0x1a0
[  106.268200][ T6089]  jffs2_garbage_collect_thread+0x67c/0x710
[  106.268235][ T6089]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  106.268265][ T6089]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  106.268291][ T6089]  ? __kthread_parkme+0x7a/0x1f0
[  106.268310][ T6089]  ? __kthread_parkme+0x19c/0x1f0
[  106.268332][ T6089]  kthread+0x726/0x8b0
[  106.268356][ T6089]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  106.268384][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.268405][ T6089]  ? rt_spin_unlock+0x14f/0x200
[  106.268426][ T6089]  ? rt_spin_unlock+0x160/0x200
[  106.268444][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.268466][ T6089]  ret_from_fork+0x51b/0xa40
[  106.268487][ T6089]  ? __pfx_ret_from_fork+0x10/0x10
[  106.268504][ T6089]  ? __switch_to+0xc82/0x1410
[  106.268532][ T6089]  ? __pfx_kthread+0x10/0x10
[  106.268555][ T6089]  ret_from_fork_asm+0x1a/0x30
[  106.268588][ T6089]  </TASK>
[  106.269051][ T6089] Kernel Offset: disabled