Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts.
2025/01/21 00:25:44 ignoring optional flag "sandboxArg"="0"
2025/01/21 00:25:44 ignoring optional flag "type"="gce"
2025/01/21 00:25:44 parsed 1 programs
[   82.068294][  T974] cfg80211: failed to load regulatory.db
2025/01/21 00:25:46 executed programs: 0
[   82.395067][ T6113] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   82.446498][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.456069][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.464034][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.473180][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.482066][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   82.490296][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.582340][ T6122] chnl_net:caif_netlink_parms(): no params data found
[   82.630266][ T6122] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.637531][ T6122] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.644673][ T6122] bridge_slave_0: entered allmulticast mode
[   82.651822][ T6122] bridge_slave_0: entered promiscuous mode
[   82.659488][ T6122] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.666901][ T6122] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.674103][ T6122] bridge_slave_1: entered allmulticast mode
[   82.681278][ T6122] bridge_slave_1: entered promiscuous mode
[   82.702107][ T6122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.713226][ T6122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.737029][ T6122] team0: Port device team_slave_0 added
[   82.744137][ T6122] team0: Port device team_slave_1 added
[   82.762544][ T6122] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.769797][ T6122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.795942][ T6122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.808265][ T6122] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.815374][ T6122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.841375][ T6122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.870512][ T6122] hsr_slave_0: entered promiscuous mode
[   82.877923][ T6122] hsr_slave_1: entered promiscuous mode
[   83.373255][ T6122] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.392273][ T6122] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.403125][ T6122] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.414441][ T6122] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.442714][ T6122] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.449926][ T6122] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.457387][ T6122] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.464537][ T6122] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.528636][ T6122] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.550633][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.559127][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.582897][ T6122] 8021q: adding VLAN 0 to HW filter on device team0
[   83.596439][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.604185][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.623124][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.630337][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.818335][ T6122] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.865054][ T6122] veth0_vlan: entered promiscuous mode
[   83.880722][ T6122] veth1_vlan: entered promiscuous mode
[   83.916882][ T6122] veth0_macvtap: entered promiscuous mode
[   83.927620][ T6122] veth1_macvtap: entered promiscuous mode
[   83.946801][ T6122] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.962731][ T6122] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.979512][ T6122] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.989723][ T6122] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.998540][ T6122] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.007515][ T6122] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.084345][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.104860][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.132871][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.141955][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.236786][ T6188] loop0: detected capacity change from 0 to 2048
[   84.261331][ T6188] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   84.313507][ T6188] jffs2: notice: (6188) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[   84.396401][ T6193] ==================================================================
[   84.404526][ T6193] BUG: KASAN: slab-use-after-free in __mutex_lock+0x173/0xee0
[   84.412092][ T6193] Read of size 8 at addr ffff88806a02c130 by task jffs2_gcd_mtd0/6193
[   84.420273][ T6193] 
[   84.422758][ T6193] CPU: 0 UID: 0 PID: 6193 Comm: jffs2_gcd_mtd0 Not tainted 6.13.0-syzkaller-g3d3a9c8b89d4 #0
[   84.432928][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   84.443007][ T6193] Call Trace:
[   84.446283][ T6193]  <TASK>
[   84.449204][ T6193]  dump_stack_lvl+0x241/0x360
[   84.453977][ T6193]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.459171][ T6193]  ? __pfx__printk+0x10/0x10
[   84.463769][ T6193]  ? _printk+0xd5/0x120
[   84.467925][ T6193]  ? __virt_addr_valid+0x183/0x530
[   84.473027][ T6193]  ? __virt_addr_valid+0x183/0x530
[   84.478271][ T6193]  print_report+0x169/0x550
[   84.482842][ T6193]  ? __virt_addr_valid+0x183/0x530
[   84.487951][ T6193]  ? __virt_addr_valid+0x183/0x530
[   84.493061][ T6193]  ? __virt_addr_valid+0x45f/0x530
[   84.498165][ T6193]  ? __phys_addr+0xba/0x170
[   84.502743][ T6193]  ? __mutex_lock+0x173/0xee0
[   84.507420][ T6193]  kasan_report+0x143/0x180
[   84.512014][ T6193]  ? __mutex_lock+0x173/0xee0
[   84.516690][ T6193]  __mutex_lock+0x173/0xee0
[   84.521196][ T6193]  ? jffs2_garbage_collect_pass+0xae/0x2120
[   84.527189][ T6193]  ? __pfx___mutex_lock+0x10/0x10
[   84.532314][ T6193]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   84.538641][ T6193]  ? _raw_spin_lock_irq+0xdf/0x120
[   84.543754][ T6193]  jffs2_garbage_collect_pass+0xae/0x2120
[   84.549468][ T6193]  ? lockdep_hardirqs_on+0x99/0x150
[   84.554668][ T6193]  ? _raw_spin_unlock_irq+0x2e/0x50
[   84.559859][ T6193]  ? __set_current_blocked+0x310/0x380
[   84.565439][ T6193]  ? __pfx___set_current_blocked+0x10/0x10
[   84.571241][ T6193]  ? schedule+0x90/0x320
[   84.575488][ T6193]  ? schedule+0x155/0x320
[   84.579808][ T6193]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[   84.586128][ T6193]  ? schedule_timeout+0x1ad/0x290
[   84.591149][ T6193]  ? sigprocmask+0x228/0x280
[   84.595845][ T6193]  ? __pfx_sigprocmask+0x10/0x10
[   84.600866][ T6193]  ? do_raw_spin_unlock+0x13c/0x8b0
[   84.606063][ T6193]  jffs2_garbage_collect_thread+0x64b/0x6e0
[   84.611966][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   84.618386][ T6193]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   84.624282][ T6193]  ? __kthread_parkme+0x169/0x1d0
[   84.629297][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   84.635711][ T6193]  kthread+0x2f0/0x390
[   84.639777][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   84.646270][ T6193]  ? __pfx_kthread+0x10/0x10
[   84.650853][ T6193]  ret_from_fork+0x4b/0x80
[   84.655261][ T6193]  ? __pfx_kthread+0x10/0x10
[   84.659853][ T6193]  ret_from_fork_asm+0x1a/0x30
[   84.664614][ T6193]  </TASK>
[   84.667620][ T6193] 
[   84.669928][ T6193] Allocated by task 6188:
[   84.674239][ T6193]  kasan_save_track+0x3f/0x80
[   84.679007][ T6193]  __kasan_kmalloc+0x98/0xb0
[   84.683589][ T6193]  __kmalloc_cache_noprof+0x243/0x390
[   84.688950][ T6193]  jffs2_init_fs_context+0x4f/0xc0
[   84.694057][ T6193]  alloc_fs_context+0x68a/0x800
[   84.698895][ T6193]  do_new_mount+0x160/0xb40
[   84.703386][ T6193]  __se_sys_mount+0x2d6/0x3c0
[   84.708065][ T6193]  do_syscall_64+0xf3/0x230
[   84.712588][ T6193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.718477][ T6193] 
[   84.720787][ T6193] Freed by task 6122:
[   84.724756][ T6193]  kasan_save_track+0x3f/0x80
[   84.729522][ T6193]  kasan_save_free_info+0x40/0x50
[   84.734539][ T6193]  __kasan_slab_free+0x59/0x70
[   84.739297][ T6193]  kfree+0x196/0x430
[   84.743181][ T6193]  deactivate_locked_super+0xc4/0x130
[   84.748564][ T6193]  cleanup_mnt+0x41f/0x4b0
[   84.752976][ T6193]  task_work_run+0x24f/0x310
[   84.757576][ T6193]  syscall_exit_to_user_mode+0x13f/0x340
[   84.763211][ T6193]  do_syscall_64+0x100/0x230
[   84.767812][ T6193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.773702][ T6193] 
[   84.776027][ T6193] The buggy address belongs to the object at ffff88806a02c000
[   84.776027][ T6193]  which belongs to the cache kmalloc-4k of size 4096
[   84.790422][ T6193] The buggy address is located 304 bytes inside of
[   84.790422][ T6193]  freed 4096-byte region [ffff88806a02c000, ffff88806a02d000)
[   84.804475][ T6193] 
[   84.806790][ T6193] The buggy address belongs to the physical page:
[   84.813234][ T6193] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a028
[   84.822084][ T6193] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   84.830566][ T6193] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   84.838293][ T6193] page_type: f5(slab)
[   84.842262][ T6193] raw: 00fff00000000040 ffff88801ac42140 dead000000000122 0000000000000000
[   84.850850][ T6193] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[   84.859427][ T6193] head: 00fff00000000040 ffff88801ac42140 dead000000000122 0000000000000000
[   84.868084][ T6193] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[   84.876761][ T6193] head: 00fff00000000003 ffffea0001a80a01 ffffffffffffffff 0000000000000000
[   84.885507][ T6193] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   84.894159][ T6193] page dumped because: kasan: bad access detected
[   84.900573][ T6193] page_owner tracks the page as allocated
[   84.906367][ T6193] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6188, tgid 6187 (syz-executor.0), ts 84309834889, free_ts 18085947765
[   84.927305][ T6193]  post_alloc_hook+0x1f3/0x230
[   84.932095][ T6193]  get_page_from_freelist+0x3651/0x37a0
[   84.937654][ T6193]  __alloc_pages_noprof+0x292/0x710
[   84.942866][ T6193]  alloc_pages_mpol_noprof+0x3e1/0x780
[   84.948314][ T6193]  alloc_slab_page+0x6a/0x110
[   84.952985][ T6193]  allocate_slab+0x5a/0x2b0
[   84.957480][ T6193]  ___slab_alloc+0xc27/0x14a0
[   84.962147][ T6193]  __slab_alloc+0x58/0xa0
[   84.966467][ T6193]  __kmalloc_noprof+0x2e6/0x4c0
[   84.971331][ T6193]  tomoyo_realpath_from_path+0xcf/0x5e0
[   84.976875][ T6193]  tomoyo_check_open_permission+0x258/0x4f0
[   84.982789][ T6193]  security_file_open+0xac/0x250
[   84.987716][ T6193]  do_dentry_open+0x328/0x1b70
[   84.992468][ T6193]  vfs_open+0x3e/0x330
[   84.996544][ T6193]  path_openat+0x2c84/0x3590
[   85.001134][ T6193]  do_filp_open+0x27f/0x4e0
[   85.005632][ T6193] page last free pid 1 tgid 1 stack trace:
[   85.011429][ T6193]  free_unref_page+0xd2c/0x1000
[   85.016280][ T6193]  free_contig_range+0x14c/0x430
[   85.021215][ T6193]  destroy_args+0x92/0x910
[   85.025647][ T6193]  debug_vm_pgtable+0x4be/0x550
[   85.030524][ T6193]  do_one_initcall+0x248/0x870
[   85.035282][ T6193]  do_initcall_level+0x157/0x210
[   85.040214][ T6193]  do_initcalls+0x3f/0x80
[   85.044539][ T6193]  kernel_init_freeable+0x435/0x5d0
[   85.049735][ T6193]  kernel_init+0x1d/0x2b0
[   85.054143][ T6193]  ret_from_fork+0x4b/0x80
[   85.058551][ T6193]  ret_from_fork_asm+0x1a/0x30
[   85.063327][ T6193] 
[   85.065724][ T6193] Memory state around the buggy address:
[   85.071343][ T6193]  ffff88806a02c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.079485][ T6193]  ffff88806a02c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.087557][ T6193] >ffff88806a02c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.095611][ T6193]                                      ^
[   85.101230][ T6193]  ffff88806a02c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.109305][ T6193]  ffff88806a02c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   85.117376][ T6193] ==================================================================
[   85.135285][ T6193] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   85.142542][ T6193] CPU: 1 UID: 0 PID: 6193 Comm: jffs2_gcd_mtd0 Not tainted 6.13.0-syzkaller-g3d3a9c8b89d4 #0
[   85.152748][ T6193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   85.162829][ T6193] Call Trace:
[   85.166108][ T6193]  <TASK>
[   85.169035][ T6193]  dump_stack_lvl+0x241/0x360
[   85.173791][ T6193]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.179090][ T6193]  ? __pfx__printk+0x10/0x10
[   85.183700][ T6193]  ? preempt_schedule+0xe1/0xf0
[   85.188572][ T6193]  ? vscnprintf+0x5d/0x90
[   85.192901][ T6193]  panic+0x349/0x880
[   85.196910][ T6193]  ? check_panic_on_warn+0x21/0xb0
[   85.202101][ T6193]  ? __pfx_panic+0x10/0x10
[   85.206611][ T6193]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   85.212586][ T6193]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   85.218916][ T6193]  ? print_report+0x502/0x550
[   85.223591][ T6193]  check_panic_on_warn+0x86/0xb0
[   85.228520][ T6193]  ? __mutex_lock+0x173/0xee0
[   85.233201][ T6193]  end_report+0x77/0x160
[   85.237525][ T6193]  kasan_report+0x154/0x180
[   85.242024][ T6193]  ? __mutex_lock+0x173/0xee0
[   85.246713][ T6193]  __mutex_lock+0x173/0xee0
[   85.251214][ T6193]  ? jffs2_garbage_collect_pass+0xae/0x2120
[   85.257111][ T6193]  ? __pfx___mutex_lock+0x10/0x10
[   85.262136][ T6193]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   85.268487][ T6193]  ? _raw_spin_lock_irq+0xdf/0x120
[   85.273618][ T6193]  jffs2_garbage_collect_pass+0xae/0x2120
[   85.279335][ T6193]  ? lockdep_hardirqs_on+0x99/0x150
[   85.284528][ T6193]  ? _raw_spin_unlock_irq+0x2e/0x50
[   85.289992][ T6193]  ? __set_current_blocked+0x310/0x380
[   85.295579][ T6193]  ? __pfx___set_current_blocked+0x10/0x10
[   85.301410][ T6193]  ? schedule+0x90/0x320
[   85.305702][ T6193]  ? schedule+0x155/0x320
[   85.310053][ T6193]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[   85.316328][ T6193]  ? schedule_timeout+0x1ad/0x290
[   85.321494][ T6193]  ? sigprocmask+0x228/0x280
[   85.326183][ T6193]  ? __pfx_sigprocmask+0x10/0x10
[   85.331117][ T6193]  ? do_raw_spin_unlock+0x13c/0x8b0
[   85.336340][ T6193]  jffs2_garbage_collect_thread+0x64b/0x6e0
[   85.342249][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   85.348682][ T6193]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[   85.354587][ T6193]  ? __kthread_parkme+0x169/0x1d0
[   85.359607][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   85.366025][ T6193]  kthread+0x2f0/0x390
[   85.370201][ T6193]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[   85.376612][ T6193]  ? __pfx_kthread+0x10/0x10
[   85.381283][ T6193]  ret_from_fork+0x4b/0x80
[   85.385689][ T6193]  ? __pfx_kthread+0x10/0x10
[   85.390292][ T6193]  ret_from_fork_asm+0x1a/0x30
[   85.395104][ T6193]  </TASK>
[   85.398740][ T6193] Kernel Offset: disabled
[   85.403082][ T6193] Rebooting in 86400 seconds..