Warning: Permanently added '10.128.0.231' (ED25519) to the list of known hosts.
2025/09/16 14:42:41 ignoring optional flag "type"="gce"
2025/09/16 14:42:41 parsed 1 programs
2025/09/16 14:42:44 executed programs: 0
[  111.123299][ T5970] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  111.205868][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  111.213085][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  111.218124][ T5155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  111.219475][ T5155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  111.220182][ T5155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  111.419766][ T6034] chnl_net:caif_netlink_parms(): no params data found
[  111.656711][ T6034] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.656899][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.657012][ T6034] bridge_slave_0: entered allmulticast mode
[  111.658547][ T6034] bridge_slave_0: entered promiscuous mode
[  111.661180][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.661277][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.661559][ T6034] bridge_slave_1: entered allmulticast mode
[  111.663010][ T6034] bridge_slave_1: entered promiscuous mode
[  111.829182][ T6034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.831972][ T6034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.967183][ T6034] team0: Port device team_slave_0 added
[  111.969437][ T6034] team0: Port device team_slave_1 added
[  112.117093][ T6034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.117109][ T6034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.117123][ T6034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.119750][ T6034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.119765][ T6034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.119785][ T6034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.351810][ T6034] hsr_slave_0: entered promiscuous mode
[  112.352592][ T6034] hsr_slave_1: entered promiscuous mode
[  113.274407][   T59] Bluetooth: hci0: command tx timeout
[  114.124152][ T6034] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  114.171390][ T6034] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  114.213772][ T6034] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  114.257919][ T6034] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  114.422378][ T6034] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.457041][ T6034] 8021q: adding VLAN 0 to HW filter on device team0
[  114.472984][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.473257][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.503480][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.503823][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.880265][ T6034] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.957935][ T6034] veth0_vlan: entered promiscuous mode
[  114.974974][ T6034] veth1_vlan: entered promiscuous mode
[  115.023562][ T6034] veth0_macvtap: entered promiscuous mode
[  115.039491][ T6034] veth1_macvtap: entered promiscuous mode
[  115.070271][ T6034] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.088313][ T6034] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.106366][   T43] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.106616][   T43] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.106667][   T43] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.106699][   T43] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.344757][   T59] Bluetooth: hci0: command tx timeout
[  115.416988][ T6118] loop0: detected capacity change from 0 to 2048
[  115.490694][ T6118] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  115.612348][ T6118] jffs2: notice: (6118) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[  115.692871][ T6122] ==================================================================
[  115.692890][ T6122] BUG: KASAN: slab-use-after-free in mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.692929][ T6122] Read of size 1 at addr ffff888039272128 by task jffs2_gcd_mtd0/6122
[  115.692943][ T6122] 
[  115.692975][ T6122] CPU: 0 UID: 0 PID: 6122 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  115.692993][ T6122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  115.693009][ T6122] Call Trace:
[  115.693015][ T6122]  <TASK>
[  115.693022][ T6122]  dump_stack_lvl+0x189/0x250
[  115.693046][ T6122]  ? __virt_addr_valid+0x1c8/0x5c0
[  115.693060][ T6122]  ? rcu_is_watching+0x15/0xb0
[  115.693083][ T6122]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.693102][ T6122]  ? rcu_is_watching+0x15/0xb0
[  115.693123][ T6122]  ? lock_release+0x4b/0x3e0
[  115.693143][ T6122]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  115.693165][ T6122]  ? __virt_addr_valid+0x1c8/0x5c0
[  115.693178][ T6122]  ? __virt_addr_valid+0x4a5/0x5c0
[  115.693193][ T6122]  print_report+0xca/0x240
[  115.693212][ T6122]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.693229][ T6122]  kasan_report+0x118/0x150
[  115.693251][ T6122]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.693272][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.693291][ T6122]  __kasan_check_byte+0x2a/0x40
[  115.693310][ T6122]  lock_acquire+0x8d/0x360
[  115.693329][ T6122]  ? do_raw_spin_lock+0x121/0x290
[  115.693347][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.693365][ T6122]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.693382][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.693399][ T6122]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  115.693421][ T6122]  jffs2_garbage_collect_pass+0xad/0x20e0
[  115.693441][ T6122]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  115.693466][ T6122]  ? rt_mutex_slowunlock+0x493/0x8a0
[  115.693485][ T6122]  ? reacquire_held_locks+0x127/0x1d0
[  115.693507][ T6122]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  115.693526][ T6122]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  115.693547][ T6122]  ? rt_spin_unlock+0x65/0x80
[  115.693567][ T6122]  ? sigprocmask+0x15d/0x1a0
[  115.693588][ T6122]  jffs2_garbage_collect_thread+0x618/0x6c0
[  115.693615][ T6122]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  115.693639][ T6122]  ? __kthread_parkme+0x7b/0x200
[  115.693659][ T6122]  ? __kthread_parkme+0x1a1/0x200
[  115.693682][ T6122]  kthread+0x70e/0x8a0
[  115.693704][ T6122]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  115.693725][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.693748][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.693770][ T6122]  ret_from_fork+0x439/0x7d0
[  115.693790][ T6122]  ? __pfx_ret_from_fork+0x10/0x10
[  115.693812][ T6122]  ? __switch_to_asm+0x39/0x70
[  115.693827][ T6122]  ? __switch_to_asm+0x33/0x70
[  115.693842][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.693863][ T6122]  ret_from_fork_asm+0x1a/0x30
[  115.693885][ T6122]  </TASK>
[  115.693892][ T6122] 
[  115.693896][ T6122] Allocated by task 6118:
[  115.693904][ T6122]  kasan_save_track+0x3e/0x80
[  115.693920][ T6122]  __kasan_kmalloc+0x93/0xb0
[  115.693936][ T6122]  __kmalloc_cache_noprof+0x1a8/0x320
[  115.693955][ T6122]  jffs2_init_fs_context+0x4f/0xc0
[  115.693980][ T6122]  alloc_fs_context+0x659/0x7e0
[  115.693999][ T6122]  do_new_mount+0x16f/0x9e0
[  115.694017][ T6122]  __se_sys_mount+0x317/0x410
[  115.694035][ T6122]  do_syscall_64+0xfa/0x3b0
[  115.694048][ T6122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.694063][ T6122] 
[  115.694067][ T6122] Freed by task 6034:
[  115.694075][ T6122]  kasan_save_track+0x3e/0x80
[  115.694091][ T6122]  kasan_save_free_info+0x46/0x50
[  115.694105][ T6122]  __kasan_slab_free+0x5b/0x80
[  115.694121][ T6122]  kfree+0x195/0x550
[  115.694137][ T6122]  deactivate_locked_super+0xbc/0x130
[  115.694152][ T6122]  cleanup_mnt+0x425/0x4c0
[  115.694166][ T6122]  task_work_run+0x1d4/0x260
[  115.694181][ T6122]  exit_to_user_mode_loop+0xec/0x110
[  115.694198][ T6122]  do_syscall_64+0x2bd/0x3b0
[  115.694209][ T6122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.694222][ T6122] 
[  115.694226][ T6122] The buggy address belongs to the object at ffff888039272000
[  115.694226][ T6122]  which belongs to the cache kmalloc-4k of size 4096
[  115.694238][ T6122] The buggy address is located 296 bytes inside of
[  115.694238][ T6122]  freed 4096-byte region [ffff888039272000, ffff888039273000)
[  115.694254][ T6122] 
[  115.694257][ T6122] The buggy address belongs to the physical page:
[  115.694274][ T6122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x39270
[  115.694290][ T6122] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  115.694303][ T6122] flags: 0x80000000000040(head|node=0|zone=1)
[  115.694319][ T6122] page_type: f5(slab)
[  115.694332][ T6122] raw: 0080000000000040 ffff888019842140 dead000000000100 dead000000000122
[  115.694344][ T6122] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  115.694358][ T6122] head: 0080000000000040 ffff888019842140 dead000000000100 dead000000000122
[  115.694369][ T6122] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  115.694381][ T6122] head: 0080000000000003 ffffea0000e49c01 00000000ffffffff 00000000ffffffff
[  115.694390][ T6122] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  115.694396][ T6122] page dumped because: kasan: bad access detected
[  115.694405][ T6122] page_owner tracks the page as allocated
[  115.694411][ T6122] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5214, tgid 5214 (udevd), ts 48226504622, free_ts 48191273356
[  115.694438][ T6122]  post_alloc_hook+0x240/0x2a0
[  115.694454][ T6122]  get_page_from_freelist+0x2119/0x21b0
[  115.694467][ T6122]  __alloc_frozen_pages_noprof+0x181/0x370
[  115.694480][ T6122]  alloc_pages_mpol+0xd1/0x380
[  115.694498][ T6122]  allocate_slab+0x8a/0x370
[  115.694511][ T6122]  ___slab_alloc+0x8d1/0xdc0
[  115.694523][ T6122]  __kmalloc_noprof+0x145/0x430
[  115.694539][ T6122]  tomoyo_realpath_from_path+0xe3/0x5d0
[  115.694563][ T6122]  tomoyo_check_open_permission+0x1c1/0x3b0
[  115.694579][ T6122]  security_file_open+0xb1/0x270
[  115.694596][ T6122]  do_dentry_open+0x378/0x1350
[  115.694608][ T6122]  vfs_open+0x3b/0x350
[  115.694620][ T6122]  path_openat+0x2ef1/0x3840
[  115.694632][ T6122]  do_filp_open+0x1fa/0x410
[  115.694643][ T6122]  do_sys_openat2+0x121/0x1c0
[  115.694656][ T6122]  __x64_sys_openat+0x138/0x170
[  115.694669][ T6122] page last free pid 5217 tgid 5217 stack trace:
[  115.694678][ T6122]  __free_frozen_pages+0xb59/0xce0
[  115.694697][ T6122]  __slab_free+0x2db/0x390
[  115.694710][ T6122]  qlist_free_all+0x97/0x140
[  115.694725][ T6122]  kasan_quarantine_reduce+0x148/0x160
[  115.694740][ T6122]  __kasan_slab_alloc+0x22/0x80
[  115.694755][ T6122]  kmem_cache_alloc_noprof+0x143/0x310
[  115.694771][ T6122]  getname_flags+0xb8/0x540
[  115.694789][ T6122]  __x64_sys_symlink+0x6a/0x90
[  115.694805][ T6122]  do_syscall_64+0xfa/0x3b0
[  115.694818][ T6122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.694832][ T6122] 
[  115.694836][ T6122] Memory state around the buggy address:
[  115.694845][ T6122]  ffff888039272000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.694856][ T6122]  ffff888039272080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.694866][ T6122] >ffff888039272100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.694874][ T6122]                                   ^
[  115.694883][ T6122]  ffff888039272180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.694893][ T6122]  ffff888039272200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  115.694901][ T6122] ==================================================================
[  115.909493][ T6122] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  115.909515][ T6122] CPU: 1 UID: 0 PID: 6122 Comm: jffs2_gcd_mtd0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  115.909537][ T6122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  115.909547][ T6122] Call Trace:
[  115.909555][ T6122]  <TASK>
[  115.909562][ T6122]  dump_stack_lvl+0x99/0x250
[  115.909588][ T6122]  ? __asan_memcpy+0x40/0x70
[  115.909606][ T6122]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.909627][ T6122]  ? __pfx__printk+0x10/0x10
[  115.909649][ T6122]  vpanic+0x281/0x750
[  115.909669][ T6122]  ? preempt_schedule+0xae/0xc0
[  115.909689][ T6122]  ? __pfx_vpanic+0x10/0x10
[  115.909725][ T6122]  ? preempt_schedule_common+0x83/0xd0
[  115.909745][ T6122]  ? preempt_schedule+0xae/0xc0
[  115.909763][ T6122]  ? __pfx_preempt_schedule+0x10/0x10
[  115.909783][ T6122]  panic+0xb9/0xc0
[  115.909802][ T6122]  ? __pfx_panic+0x10/0x10
[  115.909822][ T6122]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  115.909844][ T6122]  ? is_module_address+0x17/0xf0
[  115.909863][ T6122]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.909882][ T6122]  check_panic_on_warn+0x89/0xb0
[  115.909900][ T6122]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.909918][ T6122]  end_report+0x78/0x160
[  115.909938][ T6122]  kasan_report+0x129/0x150
[  115.909957][ T6122]  ? mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.909980][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.910000][ T6122]  __kasan_check_byte+0x2a/0x40
[  115.910019][ T6122]  lock_acquire+0x8d/0x360
[  115.910040][ T6122]  ? do_raw_spin_lock+0x121/0x290
[  115.910061][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.910080][ T6122]  mutex_lock_interruptible_nested+0x5a/0x1d0
[  115.910099][ T6122]  ? jffs2_garbage_collect_pass+0xad/0x20e0
[  115.910118][ T6122]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  115.910141][ T6122]  jffs2_garbage_collect_pass+0xad/0x20e0
[  115.910162][ T6122]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  115.910188][ T6122]  ? rt_mutex_slowunlock+0x493/0x8a0
[  115.910213][ T6122]  ? reacquire_held_locks+0x127/0x1d0
[  115.910235][ T6122]  ? __pfx_jffs2_garbage_collect_pass+0x10/0x10
[  115.910255][ T6122]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  115.910275][ T6122]  ? rt_spin_unlock+0x65/0x80
[  115.910296][ T6122]  ? sigprocmask+0x15d/0x1a0
[  115.910317][ T6122]  jffs2_garbage_collect_thread+0x618/0x6c0
[  115.910344][ T6122]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  115.910367][ T6122]  ? __kthread_parkme+0x7b/0x200
[  115.910388][ T6122]  ? __kthread_parkme+0x1a1/0x200
[  115.910410][ T6122]  kthread+0x70e/0x8a0
[  115.910432][ T6122]  ? __pfx_jffs2_garbage_collect_thread+0x10/0x10
[  115.910453][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.910476][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.910497][ T6122]  ret_from_fork+0x439/0x7d0
[  115.910518][ T6122]  ? __pfx_ret_from_fork+0x10/0x10
[  115.910539][ T6122]  ? __switch_to_asm+0x39/0x70
[  115.910555][ T6122]  ? __switch_to_asm+0x33/0x70
[  115.910569][ T6122]  ? __pfx_kthread+0x10/0x10
[  115.910591][ T6122]  ret_from_fork_asm+0x1a/0x30
[  115.910613][ T6122]  </TASK>
[  115.910979][ T6122] Kernel Offset: disabled