Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts.
2025/10/11 00:48:08 ignoring optional flag "type"="gce"
2025/10/11 00:48:08 parsed 1 programs
2025/10/11 00:48:11 executed programs: 0
[  102.767379][ T5932] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  102.884774][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  102.887408][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  102.888255][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  102.889527][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  102.890227][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.242765][ T5989] chnl_net:caif_netlink_parms(): no params data found
[  103.544683][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.544807][ T5989] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.544905][ T5989] bridge_slave_0: entered allmulticast mode
[  103.546369][ T5989] bridge_slave_0: entered promiscuous mode
[  103.550563][ T5989] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.550661][ T5989] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.550757][ T5989] bridge_slave_1: entered allmulticast mode
[  103.552182][ T5989] bridge_slave_1: entered promiscuous mode
[  103.707808][ T5989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.710319][ T5989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.895902][ T5989] team0: Port device team_slave_0 added
[  103.897957][ T5989] team0: Port device team_slave_1 added
[  104.025039][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.025054][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.025076][ T5989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.026417][ T5989] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.026429][ T5989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  104.026444][ T5989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.199146][ T5989] hsr_slave_0: entered promiscuous mode
[  104.199928][ T5989] hsr_slave_1: entered promiscuous mode
[  104.943808][   T61] Bluetooth: hci0: command tx timeout
[  106.061016][ T5989] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  106.100927][ T5989] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  106.140354][ T5989] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  106.177817][ T5989] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  106.340508][ T5989] 8021q: adding VLAN 0 to HW filter on device bond0
[  106.373016][ T5989] 8021q: adding VLAN 0 to HW filter on device team0
[  106.390727][ T1310] bridge0: port 1(bridge_slave_0) entered blocking state
[  106.390925][ T1310] bridge0: port 1(bridge_slave_0) entered forwarding state
[  106.415994][ T1310] bridge0: port 2(bridge_slave_1) entered blocking state
[  106.419786][ T1310] bridge0: port 2(bridge_slave_1) entered forwarding state
[  106.738619][ T5989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.808480][ T5989] veth0_vlan: entered promiscuous mode
[  106.819238][ T5989] veth1_vlan: entered promiscuous mode
[  106.861896][ T5989] veth0_macvtap: entered promiscuous mode
[  106.869551][ T5989] veth1_macvtap: entered promiscuous mode
[  106.891621][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.910377][ T5989] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.930990][   T68] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.942158][   T68] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.942373][   T68] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.963396][   T68] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.023486][   T61] Bluetooth: hci0: command tx timeout
[  107.198062][ T6086] jffs2: notice: (6086) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  107.276874][ T6092] jffs2: notice: (6092) jffs2_build_xattr_s[  107.276874][ T6092] jffs2: notice: (6092) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  107.285317][ T6088] ==================================================================
[  107.285330][ T6088] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.285369][ T6088] Read of size 1 at addr ffff8880329f8128 by task jffs2_gcd_mtd0/6088
[  107.285383][ T6088] 
[  107.285403][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  107.285423][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.285440][ T6088] Call Trace:
[  107.285450][ T6088]  <TASK>
[  107.285457][ T6088]  dump_stack_lvl+0x189/0x250
[  107.285478][ T6088]  ? __virt_addr_valid+0x1c8/0x5c0
[  107.285500][ T6088]  ? rcu_is_watching+0x15/0xb0
[  107.285531][ T6088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.285549][ T6088]  ? rcu_is_watching+0x15/0xb0
[  107.285579][ T6088]  ? lock_release+0x4b/0x3e0
[  107.285599][ T6088]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  107.285619][ T6088]  ? __virt_addr_valid+0x1c8/0x5c0
[  107.285641][ T6088]  ? __virt_addr_valid+0x4a5/0x5c0
[  107.285664][ T6088]  print_report+0xca/0x240
[  107.285685][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.285708][ T6088]  kasan_report+0x118/0x150
[  107.285731][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.285758][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.285775][ T6088]  __kasan_check_byte+0x2a/0x40
[  107.285796][ T6088]  lock_acquire+0x8d/0x360
[  107.285816][ T6088]  ? do_raw_spin_lock+0x121/0x290
[  107.285837][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.285853][ T6088]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.285877][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.285894][ T6088]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  107.285914][ T6088]  jffs2_garbage_collect_pass+0xad/0x20e0
[  107.285932][ T6088]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  107.285956][ T6088]  ? rt_mutex_slowunlock+0x493/0x8a0
[  107.285973][ T6088]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  107.285991][ T6088]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  107.286008][ T6088]  ? rt_spin_unlock+0x161/0x200
[  107.286024][ T6088]  ? sigprocmask+0x15d/0x1a0
[  107.286045][ T6088]  jffs2_garbage_collect_thread+0x613/0x6b0
[  107.286070][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  107.286092][ T6088]  ? __kthread_parkme+0x7b/0x200
[  107.286112][ T6088]  ? __kthread_parkme+0x1a1/0x200
[  107.286135][ T6088]  kthread+0x711/0x8a0
[  107.286158][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  107.286176][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.286196][ T6088]  ? rt_spin_unlock+0x150/0x200
[  107.286212][ T6088]  ? rt_spin_unlock+0x161/0x200
[  107.286226][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.286248][ T6088]  ret_from_fork+0x4b9/0x870
[  107.286268][ T6088]  ? __pfx_ret_from_fork+0x10/0x10
[  107.286290][ T6088]  ? __switch_to_asm+0x39/0x70
[  107.286309][ T6088]  ? __switch_to_asm+0x33/0x70
[  107.286328][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.286349][ T6088]  ret_from_fork_asm+0x1a/0x30
[  107.286377][ T6088]  </TASK>
[  107.286383][ T6088] 
[  107.286390][ T6088] Allocated by task 6086:
[  107.286399][ T6088]  kasan_save_track+0x3e/0x80
[  107.286416][ T6088]  __kasan_kmalloc+0x93/0xb0
[  107.286434][ T6088]  __kmalloc_cache_noprof+0x1ef/0x6c0
[  107.286452][ T6088]  jffs2_init_fs_context+0x4f/0xc0
[  107.286468][ T6088]  alloc_fs_context+0x65c/0x7e0
[  107.286488][ T6088]  do_new_mount+0x172/0xa10
[  107.286505][ T6088]  __se_sys_mount+0x313/0x410
[  107.286523][ T6088]  do_syscall_64+0xfa/0xfa0
[  107.286540][ T6088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.286555][ T6088] 
[  107.286564][ T6088] Freed by task 5989:
[  107.286571][ T6088]  kasan_save_track+0x3e/0x80
[  107.286587][ T6088]  __kasan_save_free_info+0x46/0x50
[  107.286601][ T6088]  __kasan_slab_free+0x5c/0x80
[  107.286618][ T6088]  kfree+0x197/0x950
[  107.286633][ T6088]  deactivate_locked_super+0xbc/0x130
[  107.286648][ T6088]  cleanup_mnt+0x425/0x4c0
[  107.286660][ T6088]  task_work_run+0x1d4/0x260
[  107.286673][ T6088]  exit_to_user_mode_loop+0xe9/0x130
[  107.286691][ T6088]  do_syscall_64+0x2bd/0xfa0
[  107.286707][ T6088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.286722][ T6088] 
[  107.286726][ T6088] The buggy address belongs to the object at ffff8880329f8000
[  107.286726][ T6088]  which belongs to the cache kmalloc-4k of size 4096
[  107.286740][ T6088] The buggy address is located 296 bytes inside of
[  107.286740][ T6088]  freed 4096-byte region [ffff8880329f8000, ffff8880329f9000)
[  107.286757][ T6088] 
[  107.286762][ T6088] The buggy address belongs to the physical page:
[  107.286777][ T6088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x329f8
[  107.286793][ T6088] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  107.286807][ T6088] flags: 0x80000000000040(head|node=0|zone=1)
[  107.286829][ T6088] page_type: f5(slab)
[  107.286844][ T6088] raw: 0080000000000040 ffff88813ff27140 dead000000000100 dead000000000122
[  107.286858][ T6088] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  107.286873][ T6088] head: 0080000000000040 ffff88813ff27140 dead000000000100 dead000000000122
[  107.286887][ T6088] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  107.286901][ T6088] head: 0080000000000003 ffffea0000ca7e01 00000000ffffffff 00000000ffffffff
[  107.286914][ T6088] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  107.286923][ T6088] page dumped because: kasan: bad access detected
[  107.286934][ T6088] page_owner tracks the page as allocated
[  107.286941][ T6088] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 19225081154, free_ts 0
[  107.286970][ T6088]  post_alloc_hook+0x240/0x2a0
[  107.286988][ T6088]  get_page_from_freelist+0x28c0/0x2960
[  107.287010][ T6088]  __alloc_frozen_pages_noprof+0x181/0x370
[  107.287031][ T6088]  alloc_pages_mpol+0xd1/0x380
[  107.287054][ T6088]  allocate_slab+0x96/0x3a0
[  107.287068][ T6088]  ___slab_alloc+0xb12/0x13f0
[  107.287081][ T6088]  __slab_alloc+0xc6/0x1f0
[  107.287093][ T6088]  __kmalloc_cache_noprof+0xec/0x6c0
[  107.287118][ T6088]  kobject_uevent_env+0x27f/0x8c0
[  107.287138][ T6088]  kernel_add_sysfs_param+0xb1/0xe0
[  107.287159][ T6088]  param_sysfs_builtin+0x18a/0x230
[  107.287178][ T6088]  param_sysfs_builtin_init+0x23/0x30
[  107.287197][ T6088]  do_one_initcall+0x233/0x820
[  107.287214][ T6088]  do_initcall_level+0x104/0x190
[  107.287229][ T6088]  do_initcalls+0x59/0xa0
[  107.287241][ T6088]  kernel_init_freeable+0x334/0x4b0
[  107.287255][ T6088] page_owner free stack trace missing
[  107.287260][ T6088] 
[  107.287264][ T6088] Memory state around the buggy address:
[  107.287273][ T6088]  ffff8880329f8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.287283][ T6088]  ffff8880329f8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.287294][ T6088] >ffff8880329f8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.287302][ T6088]                                   ^
[  107.287311][ T6088]  ffff8880329f8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.287321][ T6088]  ffff8880329f8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  107.287330][ T6088] ==================================================================
[  107.287344][ T6088] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  107.287357][ T6088] CPU: 1 UID: 0 PID: 6088 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  107.287376][ T6088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  107.287385][ T6088] Call Trace:
[  107.287391][ T6088]  <TASK>
[  107.287398][ T6088]  dump_stack_lvl+0x99/0x250
[  107.287417][ T6088]  ? __asan_memcpy+0x40/0x70
[  107.287434][ T6088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.287453][ T6088]  ? __pfx__printk+0x10/0x10
[  107.287476][ T6088]  vpanic+0x237/0x6d0
[  107.287492][ T6088]  ? __pfx_vpanic+0x10/0x10
[  107.287511][ T6088]  panic+0xb9/0xc0
[  107.287526][ T6088]  ? __pfx_panic+0x10/0x10
[  107.287540][ T6088]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  107.287567][ T6088]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  107.287587][ T6088]  ? is_module_address+0x17/0xf0
[  107.287606][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.287629][ T6088]  check_panic_on_warn+0x89/0xb0
[  107.287653][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.287677][ T6088]  end_report+0x78/0x160
[  107.287697][ T6088]  kasan_report+0x129/0x150
[  107.287719][ T6088]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.287745][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.287762][ T6088]  __kasan_check_byte+0x2a/0x40
[  107.287782][ T6088]  lock_acquire+0x8d/0x360
[  107.287804][ T6088]  ? do_raw_spin_lock+0x121/0x290
[  107.287825][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.287841][ T6088]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  107.287864][ T6088]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  107.287881][ T6088]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  107.287902][ T6088]  jffs2_garbage_collect_pass+0xad/0x20e0
[  107.287919][ T6088]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  107.287943][ T6088]  ? rt_mutex_slowunlock+0x493/0x8a0
[  107.287960][ T6088]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  107.287977][ T6088]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  107.287996][ T6088]  ? rt_spin_unlock+0x161/0x200
[  107.288012][ T6088]  ? sigprocmask+0x15d/0x1a0
[  107.288032][ T6088]  jffs2_garbage_collect_thread+0x613/0x6b0
[  107.288057][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  107.288078][ T6088]  ? __kthread_parkme+0x7b/0x200
[  107.288098][ T6088]  ? __kthread_parkme+0x1a1/0x200
[  107.288121][ T6088]  kthread+0x711/0x8a0
[  107.288144][ T6088]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  107.288162][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.288182][ T6088]  ? rt_spin_unlock+0x150/0x200
[  107.288199][ T6088]  ? rt_spin_unlock+0x161/0x200
[  107.288213][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.288235][ T6088]  ret_from_fork+0x4b9/0x870
[  107.288254][ T6088]  ? __pfx_ret_from_fork+0x10/0x10
[  107.288275][ T6088]  ? __switch_to_asm+0x39/0x70
[  107.288295][ T6088]  ? __switch_to_asm+0x33/0x70
[  107.288315][ T6088]  ? __pfx_kthread+0x10/0x10
[  107.288337][ T6088]  ret_from_fork_asm+0x1a/0x30
[  107.288364][ T6088]  </TASK>
[  107.288673][ T6088] Kernel Offset: disabled