Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts. 2025/07/29 17:11:12 ignoring optional flag "sandboxArg"="0" 2025/07/29 17:11:13 parsed 1 programs [ 65.011768][ T5787] cgroup: Unknown subsys name 'net' [ 65.139585][ T5787] cgroup: Unknown subsys name 'rlimit' [ 66.477380][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.278162][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.289325][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.297462][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.305888][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.313624][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.320996][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.661869][ T2942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.670026][ T2942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.694891][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.702739][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.020895][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 71.092354][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.100779][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.108567][ T5860] bridge_slave_0: entered allmulticast mode [ 71.116294][ T5860] bridge_slave_0: entered promiscuous mode [ 71.125270][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.132378][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.140248][ T5860] bridge_slave_1: entered allmulticast mode [ 71.147089][ T5860] bridge_slave_1: entered promiscuous mode [ 71.178419][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.192088][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.222844][ T5860] team0: Port device team_slave_0 added [ 71.232595][ T5860] team0: Port device team_slave_1 added [ 71.266444][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.273500][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.300860][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.314781][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.321764][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.347721][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.396575][ T5860] hsr_slave_0: entered promiscuous mode [ 71.403306][ T5860] hsr_slave_1: entered promiscuous mode [ 71.528637][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.539842][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.551308][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.572800][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.589533][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.599004][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.624652][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.632020][ T5860] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.640031][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.647234][ T5860] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.690495][ T2972] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.702047][ T2972] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.721977][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.747773][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.770271][ T2972] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.777450][ T2972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.791137][ T2942] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.798292][ T2942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.979591][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.024560][ T5860] veth0_vlan: entered promiscuous mode [ 72.036102][ T5860] veth1_vlan: entered promiscuous mode [ 72.070717][ T5860] veth0_macvtap: entered promiscuous mode [ 72.081091][ T5860] veth1_macvtap: entered promiscuous mode [ 72.102302][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.124233][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.137337][ T5860] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.148167][ T5860] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.159792][ T5860] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.168853][ T5860] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.288529][ T5860] syz-executor (5860) used greatest stack depth: 19976 bytes left [ 72.635428][ T42] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/07/29 17:11:22 executed programs: 0 [ 72.756651][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.764675][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.772111][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.781354][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.790600][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.798017][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.920251][ T5891] chnl_net:caif_netlink_parms(): no params data found [ 72.974092][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.981757][ T5891] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.989103][ T5891] bridge_slave_0: entered allmulticast mode [ 72.995895][ T5891] bridge_slave_0: entered promiscuous mode [ 73.003899][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.011094][ T5891] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.018545][ T5891] bridge_slave_1: entered allmulticast mode [ 73.025552][ T5891] bridge_slave_1: entered promiscuous mode [ 73.053753][ T5891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.066645][ T5891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.100912][ T5891] team0: Port device team_slave_0 added [ 73.109408][ T5891] team0: Port device team_slave_1 added [ 73.137878][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.145175][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.171526][ T5891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.184868][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.191815][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.218006][ T5891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.263293][ T5891] hsr_slave_0: entered promiscuous mode [ 73.269566][ T5891] hsr_slave_1: entered promiscuous mode [ 73.276331][ T5891] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.285042][ T5891] Cannot create hsr debugfs directory [ 74.864288][ T42] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.883546][ T5104] Bluetooth: hci0: command tx timeout [ 76.963499][ T5104] Bluetooth: hci0: command tx timeout [ 77.375219][ T42] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.426452][ T42] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.311301][ T42] hsr_slave_0: left promiscuous mode [ 78.320003][ T42] hsr_slave_1: left promiscuous mode [ 78.329816][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.337910][ T42] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.346186][ T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.354915][ T42] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.362558][ T42] bridge_slave_1: left allmulticast mode [ 78.368388][ T42] bridge_slave_1: left promiscuous mode [ 78.375608][ T42] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.386339][ T42] bridge_slave_0: left allmulticast mode [ 78.391999][ T42] bridge_slave_0: left promiscuous mode [ 78.399172][ T42] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.418590][ T42] veth1_macvtap: left promiscuous mode [ 78.425333][ T42] veth0_macvtap: left promiscuous mode [ 78.430952][ T42] veth1_vlan: left promiscuous mode [ 78.437535][ T42] veth0_vlan: left promiscuous mode [ 78.759605][ T42] team0 (unregistering): Port device team_slave_1 removed [ 78.789170][ T42] team0 (unregistering): Port device team_slave_0 removed [ 78.820317][ T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.849515][ T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 79.053937][ T5104] Bluetooth: hci0: command tx timeout [ 79.115668][ T42] bond0 (unregistering): Released all slaves [ 79.214236][ T5891] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.223464][ T5891] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.232887][ T5891] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.242479][ T5891] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.345793][ T5891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.361887][ T5891] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.380885][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.388062][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.412109][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.419653][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.466000][ T5891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.625125][ T5891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.668319][ T5891] veth0_vlan: entered promiscuous mode [ 79.678298][ T5891] veth1_vlan: entered promiscuous mode [ 79.708282][ T5891] veth0_macvtap: entered promiscuous mode [ 79.717028][ T5891] veth1_macvtap: entered promiscuous mode [ 79.736370][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.752369][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.764494][ T5891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.775983][ T5891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.785517][ T5891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.794310][ T5891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.848944][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.861179][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.888812][ T2942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 2025/07/29 17:11:30 executed programs: 2 [ 79.896817][ T2942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.934093][ T5940] syz.0.16[5940]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 79.948290][ T5940] loop0: detected capacity change from 0 to 16 [ 79.963794][ T5940] erofs: (device loop0): mounted with root inode @ nid 36. [ 79.975176][ T5940] syz.0.16: attempt to access beyond end of device [ 79.975176][ T5940] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 79.989929][ T5940] syz.0.16: attempt to access beyond end of device [ 79.989929][ T5940] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 80.005733][ T5940] syz.0.16: attempt to access beyond end of device [ 80.005733][ T5940] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 80.027584][ T5891] BUG: Bad page state in process syz-executor pfn:2cab6 [ 80.034917][ T5891] page:ffffea0000b2ad80 refcount:0 mapcount:0 mapping:ffff88805e5287c8 index:0x2 pfn:0x2cab6 [ 80.045153][ T5891] aops:z_erofs_cache_aops ino:0 [ 80.050034][ T5891] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 80.057892][ T5891] page_type: 0xffffffff() [ 80.062214][ T5891] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e5287c8 [ 80.070978][ T5891] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 80.079639][ T5891] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 80.087343][ T5891] page_owner tracks the page as allocated [ 80.093399][ T5891] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5940, tgid 5940 (syz.0.16), ts 79974988843, free_ts 79527133842 [ 80.115204][ T5891] post_alloc_hook+0x1cd/0x210 [ 80.119994][ T5891] get_page_from_freelist+0x195c/0x19f0 [ 80.125625][ T5891] __alloc_pages+0x1e3/0x460 [ 80.130232][ T5891] z_erofs_do_read_page+0x20c0/0x3680 [ 80.135635][ T5891] z_erofs_pcluster_readmore+0x2cf/0x450 [ 80.141278][ T5891] z_erofs_read_folio+0x208/0x540 [ 80.146385][ T5891] filemap_read_folio+0x167/0x760 [ 80.151419][ T5891] do_read_cache_folio+0x470/0x7e0 [ 80.156594][ T5891] erofs_bread+0x16f/0x630 [ 80.161107][ T5891] erofs_namei+0x28c/0xf00 [ 80.165804][ T5891] erofs_lookup+0x135/0x310 [ 80.170322][ T5891] __lookup_slow+0x281/0x3b0 [ 80.174953][ T5891] lookup_slow+0x53/0x70 [ 80.179201][ T5891] link_path_walk+0x970/0xe00 [ 80.184220][ T5891] __filename_parentat+0x205/0x610 [ 80.189438][ T5891] filename_create+0xd0/0x460 [ 80.194280][ T5891] page last free stack trace: [ 80.198955][ T5891] free_unref_page_prepare+0x7ce/0x8e0 [ 80.204545][ T5891] free_unref_page+0x32/0x2e0 [ 80.209245][ T5891] __unfreeze_partials+0x1cf/0x210 [ 80.214668][ T5891] put_cpu_partial+0x17c/0x250 [ 80.219445][ T5891] __slab_free+0x31d/0x410 [ 80.223911][ T5891] qlist_free_all+0x75/0xe0 [ 80.228423][ T5891] kasan_quarantine_reduce+0x143/0x160 [ 80.233985][ T5891] __kasan_slab_alloc+0x22/0x80 [ 80.238845][ T5891] slab_post_alloc_hook+0x6e/0x4d0 [ 80.244200][ T5891] __kmem_cache_alloc_node+0x13e/0x260 [ 80.249692][ T5891] kmalloc_trace+0x2a/0xe0 [ 80.254156][ T5891] ref_tracker_alloc+0x134/0x460 [ 80.259100][ T5891] netlink_release+0x16b4/0x1ad0 [ 80.264176][ T5891] sock_release+0x7f/0x140 [ 80.268630][ T5891] diag_net_exit+0x40/0x60 [ 80.273088][ T5891] cleanup_net+0x6f4/0xb90 [ 80.277535][ T5891] Modules linked in: [ 80.281432][ T5891] CPU: 0 PID: 5891 Comm: syz-executor Not tainted 6.6.100-syzkaller #0 [ 80.289658][ T5891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 80.299720][ T5891] Call Trace: [ 80.303002][ T5891] [ 80.305936][ T5891] dump_stack_lvl+0x16c/0x230 [ 80.310629][ T5891] ? show_regs_print_info+0x20/0x20 [ 80.315816][ T5891] ? swiotlb_print_info+0x70/0x70 [ 80.320848][ T5891] bad_page+0x14b/0x170 [ 80.325003][ T5891] free_unref_page_prepare+0x887/0x8e0 [ 80.330487][ T5891] free_unref_page+0x32/0x2e0 [ 80.335154][ T5891] ? __folio_put+0xef/0x210 [ 80.339642][ T5891] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 80.346061][ T5891] erofs_shrink_workstation+0x118/0x290 [ 80.351610][ T5891] ? erofs_shrinker_unregister+0x170/0x170 [ 80.357414][ T5891] ? io_schedule+0xd0/0xd0 [ 80.361831][ T5891] ? kobject_put+0x43c/0x470 [ 80.366419][ T5891] erofs_shrinker_unregister+0x5d/0x170 [ 80.371966][ T5891] erofs_put_super+0x4e/0x150 [ 80.376635][ T5891] ? erofs_free_inode+0xb0/0xb0 [ 80.381478][ T5891] generic_shutdown_super+0x134/0x2b0 [ 80.386848][ T5891] kill_block_super+0x44/0x90 [ 80.391513][ T5891] erofs_kill_sb+0x4c/0x140 [ 80.396028][ T5891] deactivate_locked_super+0x97/0x100 [ 80.401407][ T5891] cleanup_mnt+0x429/0x4c0 [ 80.405824][ T5891] task_work_run+0x1ce/0x250 [ 80.410414][ T5891] ? task_work_cancel+0x240/0x240 [ 80.415436][ T5891] ? exit_to_user_mode_loop+0x3b/0x110 [ 80.420893][ T5891] exit_to_user_mode_loop+0xe6/0x110 [ 80.426173][ T5891] exit_to_user_mode_prepare+0xb1/0x140 [ 80.431733][ T5891] syscall_exit_to_user_mode+0x1a/0x50 [ 80.437204][ T5891] do_syscall_64+0x61/0xb0 [ 80.441633][ T5891] ? clear_bhb_loop+0x40/0x90 [ 80.446325][ T5891] ? clear_bhb_loop+0x40/0x90 [ 80.450998][ T5891] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.456895][ T5891] RIP: 0033:0x7f3b8878fcd7 [ 80.461317][ T5891] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 80.481007][ T5891] RSP: 002b:00007fff514e8b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 80.489427][ T5891] RAX: 0000000000000000 RBX: 00007f3b88810b55 RCX: 00007f3b8878fcd7 [ 80.497400][ T5891] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff514e8bf0 [ 80.505374][ T5891] RBP: 00007fff514e8bf0 R08: 0000000000000000 R09: 0000000000000000 [ 80.513335][ T5891] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff514e9c80 [ 80.521304][ T5891] R13: 00007f3b88810b55 R14: 0000000000013862 R15: 00007fff514e9cc0 [ 80.529278][ T5891] [ 80.533256][ T5891] Disabling lock debugging due to kernel taint [ 81.133025][ T5104] Bluetooth: hci0: command tx timeout [ 81.763512][ T786] cfg80211: failed to load regulatory.db