Warning: Permanently added '10.128.1.196' (ED25519) to the list of known hosts. 2026/04/05 10:21:49 parsed 1 programs syzkaller login: [ 79.178583][ T5770] cgroup: Unknown subsys name 'net' [ 79.279977][ T5770] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 80.975820][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.133168][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 84.212196][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.220009][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.228065][ T5805] bridge_slave_0: entered allmulticast mode [ 84.236761][ T5805] bridge_slave_0: entered promiscuous mode [ 84.253475][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.260797][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.268346][ T5805] bridge_slave_1: entered allmulticast mode [ 84.275244][ T5805] bridge_slave_1: entered promiscuous mode [ 84.302805][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.315125][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.348210][ T5805] team0: Port device team_slave_0 added [ 84.355931][ T5805] team0: Port device team_slave_1 added [ 84.396879][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.404119][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.430779][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.452859][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.459836][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.486194][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.533100][ T5805] hsr_slave_0: entered promiscuous mode [ 84.539714][ T5805] hsr_slave_1: entered promiscuous mode [ 84.709231][ T5805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.723626][ T5805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.738658][ T5805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.748940][ T5805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.778780][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.786146][ T5805] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.794275][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.801538][ T5805] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.887055][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.905961][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.915363][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.935239][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.951309][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.958661][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.972555][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.979932][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.189274][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.234788][ T5805] veth0_vlan: entered promiscuous mode [ 85.249471][ T5805] veth1_vlan: entered promiscuous mode [ 85.284975][ T5805] veth0_macvtap: entered promiscuous mode [ 85.297705][ T5805] veth1_macvtap: entered promiscuous mode [ 85.315584][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.331337][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.344923][ T5805] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.354899][ T5805] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.363994][ T5805] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.372865][ T5805] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.591853][ T745] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.165145][ T23] cfg80211: failed to load regulatory.db [ 87.247413][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.256199][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.266544][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.275694][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.284222][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.294640][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.790591][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.801423][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.828472][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.836404][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/04/05 10:22:00 executed programs: 0 [ 88.280431][ T5081] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.289166][ T5081] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.297433][ T5081] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.305382][ T5081] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.313982][ T5081] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.321248][ T5081] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.351042][ T745] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 88.481387][ T5877] chnl_net:caif_netlink_parms(): no params data found [ 88.540378][ T5877] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.547696][ T5877] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.555197][ T5877] bridge_slave_0: entered allmulticast mode [ 88.561982][ T5877] bridge_slave_0: entered promiscuous mode [ 88.570854][ T5877] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.578123][ T5877] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.585623][ T5877] bridge_slave_1: entered allmulticast mode [ 88.592985][ T5877] bridge_slave_1: entered promiscuous mode [ 88.619495][ T5877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.630993][ T5877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.658554][ T5877] team0: Port device team_slave_0 added [ 88.666277][ T5877] team0: Port device team_slave_1 added [ 88.690654][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.698016][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.724729][ T5877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.741026][ T5877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.748800][ T5877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.775903][ T5877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.814736][ T5877] hsr_slave_0: entered promiscuous mode [ 88.821044][ T5877] hsr_slave_1: entered promiscuous mode [ 88.827562][ T5877] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.835848][ T5877] Cannot create hsr debugfs directory [ 90.363688][ T5081] Bluetooth: hci0: command tx timeout [ 90.602632][ T745] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 90.667523][ T745] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.548656][ T5877] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.576998][ T745] hsr_slave_0: left promiscuous mode [ 91.586198][ T745] hsr_slave_1: left promiscuous mode [ 91.592706][ T745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 91.600275][ T745] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 91.611830][ T745] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 91.619397][ T745] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.631078][ T745] bridge_slave_1: left allmulticast mode [ 91.637135][ T745] bridge_slave_1: left promiscuous mode [ 91.646378][ T745] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.659993][ T745] bridge_slave_0: left allmulticast mode [ 91.670452][ T745] bridge_slave_0: left promiscuous mode [ 91.676666][ T745] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.697084][ T745] veth1_macvtap: left promiscuous mode [ 91.703760][ T745] veth0_macvtap: left promiscuous mode [ 91.709766][ T745] veth1_vlan: left promiscuous mode [ 91.715299][ T745] veth0_vlan: left promiscuous mode [ 92.156972][ T745] team0 (unregistering): Port device team_slave_1 removed [ 92.192852][ T745] team0 (unregistering): Port device team_slave_0 removed [ 92.227769][ T745] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 92.266826][ T745] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 92.442236][ T5081] Bluetooth: hci0: command tx timeout [ 92.516087][ T745] bond0 (unregistering): Released all slaves [ 92.593045][ T5877] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.604471][ T5877] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.615602][ T5877] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.706851][ T5877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.728224][ T5877] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.756547][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.763824][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.776486][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.783767][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.017217][ T5877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.124461][ T5877] veth0_vlan: entered promiscuous mode [ 93.150650][ T5877] veth1_vlan: entered promiscuous mode [ 93.219793][ T5877] veth0_macvtap: entered promiscuous mode [ 93.241186][ T5877] veth1_macvtap: entered promiscuous mode [ 93.276804][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.291199][ T5877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.305552][ T5877] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.314836][ T5877] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.324824][ T5877] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.334979][ T5877] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.394072][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.408491][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.434010][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2026/04/05 10:22:05 executed programs: 2 [ 93.441890][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.494478][ T5918] syz.0.17[5918]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 93.514202][ T5918] loop0: detected capacity change from 0 to 512 [ 93.591067][ T5918] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.613094][ T5918] ext4 filesystem being mounted at /0/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 93.639729][ T5918] EXT4-fs error (device loop0): ext4_do_update_inode:5248: inode #2: comm syz.0.17: corrupted inode contents [ 93.659220][ T5918] EXT4-fs error (device loop0): ext4_dirty_inode:6124: inode #2: comm syz.0.17: mark_inode_dirty error [ 93.692814][ T5918] EXT4-fs error (device loop0): ext4_do_update_inode:5248: inode #2: comm syz.0.17: corrupted inode contents [ 93.711331][ T5918] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.17: mark_inode_dirty error [ 93.725742][ T5918] BUG: unable to handle page fault for address: ffffffffffffff93 [ 93.733510][ T5918] #PF: supervisor read access in kernel mode [ 93.739530][ T5918] #PF: error_code(0x0000) - not-present page [ 93.745549][ T5918] PGD cf35067 P4D cf35067 PUD cf37067 PMD 0 [ 93.751580][ T5918] Oops: 0000 [#1] PREEMPT SMP KASAN [ 93.756780][ T5918] CPU: 0 PID: 5918 Comm: syz.0.17 Not tainted syzkaller #0 [ 93.764229][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 93.775180][ T5918] RIP: 0010:ext4_ext_map_blocks+0x2d00/0x6800 [ 93.781270][ T5918] Code: 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 78 dc 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 4d 89 fc 49 8d [ 93.801232][ T5918] RSP: 0018:ffffc900032e70a0 EFLAGS: 00010246 [ 93.807388][ T5918] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802c268000 [ 93.815373][ T5918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff93 [ 93.823357][ T5918] RBP: ffffc900032e7350 R08: ffff8880782bed13 R09: 1ffff1100f057da2 [ 93.831418][ T5918] R10: dffffc0000000000 R11: ffffed100f057da3 R12: 0000000000000000 [ 93.839473][ T5918] R13: 1ffff9200065ce40 R14: dffffc0000000000 R15: ffffffffffffff8b [ 93.847977][ T5918] FS: 0000555576a93500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 93.857100][ T5918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.863963][ T5918] CR2: ffffffffffffff93 CR3: 000000002d986000 CR4: 00000000003506f0 [ 93.872060][ T5918] Call Trace: [ 93.875359][ T5918] [ 93.878387][ T5918] ? __might_sleep+0xe0/0xe0 [ 93.883085][ T5918] ? ext4_ext_release+0x10/0x10 [ 93.887942][ T5918] ? __lock_acquire+0x7d40/0x7d40 [ 93.892984][ T5918] ? ext4_es_lookup_extent+0x60e/0xa00 [ 93.898529][ T5918] ext4_map_blocks+0x9e2/0x1b80 [ 93.903475][ T5918] ? ext4_issue_zeroout+0x250/0x250 [ 93.908717][ T5918] ext4_getblk+0x1d0/0x6f0 [ 93.913136][ T5918] ? ext4_get_block_unwritten+0x100/0x100 [ 93.918852][ T5918] ? ext4_mark_iloc_dirty+0x1a65/0x1ca0 [ 93.924399][ T5918] ? __asan_memset+0x22/0x40 [ 93.928992][ T5918] ext4_bread+0x2a/0x170 [ 93.933248][ T5918] ext4_append+0x2c2/0x560 [ 93.937679][ T5918] ? ext4_init_new_dir+0x570/0x570 [ 93.942805][ T5918] ext4_add_entry+0x9eb/0xd90 [ 93.947583][ T5918] ? ext4_inc_count+0x1b0/0x1b0 [ 93.952444][ T5918] ? dquot_initialize+0x20/0x20 [ 93.957466][ T5918] ext4_add_nondir+0x93/0x270 [ 93.962188][ T5918] ext4_create+0x2ea/0x470 [ 93.966621][ T5918] ? ext4_lookup+0x710/0x710 [ 93.971216][ T5918] ? inode_permission+0xf3/0x480 [ 93.976246][ T5918] ? bpf_lsm_inode_create+0x9/0x10 [ 93.981388][ T5918] ? security_inode_create+0xb7/0x100 [ 93.986868][ T5918] ? ext4_lookup+0x710/0x710 [ 93.991638][ T5918] path_openat+0x12a0/0x3230 [ 93.996233][ T5918] ? do_filp_open+0x430/0x430 [ 94.001079][ T5918] ? __virt_addr_valid+0x18c/0x540 [ 94.006552][ T5918] do_filp_open+0x1f5/0x430 [ 94.011061][ T5918] ? vfs_tmpfile+0x490/0x490 [ 94.015657][ T5918] ? _raw_spin_unlock+0x28/0x40 [ 94.020554][ T5918] ? alloc_fd+0x58f/0x630 [ 94.025252][ T5918] do_sys_openat2+0x134/0x1d0 [ 94.030029][ T5918] ? do_sys_open+0xe0/0xe0 [ 94.034538][ T5918] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 94.040528][ T5918] ? lock_chain_count+0x20/0x20 [ 94.045481][ T5918] __x64_sys_creat+0x90/0xb0 [ 94.050071][ T5918] do_syscall_64+0x55/0xa0 [ 94.054686][ T5918] ? clear_bhb_loop+0x40/0x90 [ 94.059367][ T5918] ? clear_bhb_loop+0x40/0x90 [ 94.064045][ T5918] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 94.069935][ T5918] RIP: 0033:0x7fe4d2b9c819 [ 94.074348][ T5918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 94.094137][ T5918] RSP: 002b:00007ffd80732eb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 94.102723][ T5918] RAX: ffffffffffffffda RBX: 00007fe4d2e15fa0 RCX: 00007fe4d2b9c819 [ 94.110953][ T5918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000e00 [ 94.118944][ T5918] RBP: 00007fe4d2c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 94.126931][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 94.134900][ T5918] R13: 00007fe4d2e15fac R14: 00007fe4d2e15fa0 R15: 00007fe4d2e15fa0 [ 94.142888][ T5918] [ 94.145991][ T5918] Modules linked in: [ 94.149890][ T5918] CR2: ffffffffffffff93 [ 94.154033][ T5918] ---[ end trace 0000000000000000 ]--- [ 94.159481][ T5918] RIP: 0010:ext4_ext_map_blocks+0x2d00/0x6800 [ 94.165550][ T5918] Code: 8b 7c 24 10 4d 85 ff 0f 84 bd 00 00 00 e8 78 dc 58 ff 49 8d 7f 08 48 89 f8 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 3d 1e 00 00 <41> 0f b7 47 08 c1 e0 04 48 8d 04 40 48 89 44 24 10 4d 89 fc 49 8d [ 94.185334][ T5918] RSP: 0018:ffffc900032e70a0 EFLAGS: 00010246 [ 94.191486][ T5918] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88802c268000 [ 94.199544][ T5918] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffff93 [ 94.207511][ T5918] RBP: ffffc900032e7350 R08: ffff8880782bed13 R09: 1ffff1100f057da2 [ 94.215826][ T5918] R10: dffffc0000000000 R11: ffffed100f057da3 R12: 0000000000000000 [ 94.224022][ T5918] R13: 1ffff9200065ce40 R14: dffffc0000000000 R15: ffffffffffffff8b [ 94.232007][ T5918] FS: 0000555576a93500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 94.240974][ T5918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.247586][ T5918] CR2: ffffffffffffff93 CR3: 000000002d986000 CR4: 00000000003506f0 [ 94.255568][ T5918] Kernel panic - not syncing: Fatal exception [ 94.262198][ T5918] Kernel Offset: disabled [ 94.266533][ T5918] Rebooting in 86400 seconds..