Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts. 2025/10/11 10:35:19 parsed 1 programs [ 91.320628][ T5793] cgroup: Unknown subsys name 'net' [ 91.457825][ T5793] cgroup: Unknown subsys name 'rlimit' [ 92.480052][ T23] cfg80211: failed to load regulatory.db [ 93.275190][ T5793] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 95.980620][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 96.113003][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.125270][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.133927][ T5828] bridge_slave_0: entered allmulticast mode [ 96.143593][ T5828] bridge_slave_0: entered promiscuous mode [ 96.154087][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.161852][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.169505][ T5828] bridge_slave_1: entered allmulticast mode [ 96.176781][ T5828] bridge_slave_1: entered promiscuous mode [ 96.210775][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.223008][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.258165][ T5828] team0: Port device team_slave_0 added [ 96.266756][ T5828] team0: Port device team_slave_1 added [ 96.317305][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.324950][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.351825][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.365515][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.372591][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.398998][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.464349][ T5828] hsr_slave_0: entered promiscuous mode [ 96.473307][ T5828] hsr_slave_1: entered promiscuous mode [ 96.689914][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.717588][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.729070][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.740160][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.859593][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.905168][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.920745][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.928357][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.952720][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.960764][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.214666][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.263316][ T5828] veth0_vlan: entered promiscuous mode [ 97.279162][ T5828] veth1_vlan: entered promiscuous mode [ 97.312814][ T5828] veth0_macvtap: entered promiscuous mode [ 97.323798][ T5828] veth1_macvtap: entered promiscuous mode [ 97.344205][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.361657][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.374677][ T5828] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.385741][ T5828] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.394949][ T5828] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.404125][ T5828] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.581972][ T77] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.687352][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.717404][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.755761][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.764992][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.903492][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.913045][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.923026][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.931957][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.941220][ T5856] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 97.949549][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.400514][ T77] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/10/11 10:35:31 executed programs: 0 [ 100.775618][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.784648][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.793950][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.805550][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.815256][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 100.822912][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.996465][ T5897] chnl_net:caif_netlink_parms(): no params data found [ 101.077163][ T5897] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.085135][ T5897] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.093600][ T5897] bridge_slave_0: entered allmulticast mode [ 101.101446][ T5897] bridge_slave_0: entered promiscuous mode [ 101.110843][ T5897] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.118365][ T5897] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.125972][ T5897] bridge_slave_1: entered allmulticast mode [ 101.134128][ T5897] bridge_slave_1: entered promiscuous mode [ 101.170680][ T5897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.183856][ T5897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.226314][ T5897] team0: Port device team_slave_0 added [ 101.236165][ T5897] team0: Port device team_slave_1 added [ 101.267695][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.275007][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.302502][ T5897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.315786][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.323894][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.351772][ T5897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.396257][ T5897] hsr_slave_0: entered promiscuous mode [ 101.403557][ T5897] hsr_slave_1: entered promiscuous mode [ 101.410506][ T5897] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 101.419009][ T5897] Cannot create hsr debugfs directory [ 102.663574][ T77] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.756809][ T77] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.869710][ T5103] Bluetooth: hci0: command tx timeout [ 103.676578][ T5897] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.687670][ T5897] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.714118][ T5897] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.725819][ T5897] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.768332][ T77] hsr_slave_0: left promiscuous mode [ 103.775279][ T77] hsr_slave_1: left promiscuous mode [ 103.783494][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.792731][ T77] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.805600][ T77] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.813628][ T77] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.823778][ T77] bridge_slave_1: left allmulticast mode [ 103.829802][ T77] bridge_slave_1: left promiscuous mode [ 103.836587][ T77] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.854807][ T77] bridge_slave_0: left allmulticast mode [ 103.861064][ T77] bridge_slave_0: left promiscuous mode [ 103.867489][ T77] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.907758][ T77] veth1_macvtap: left promiscuous mode [ 103.917488][ T77] veth0_macvtap: left promiscuous mode [ 103.926942][ T77] veth1_vlan: left promiscuous mode [ 103.936130][ T77] veth0_vlan: left promiscuous mode [ 104.542065][ T77] team0 (unregistering): Port device team_slave_1 removed [ 104.580841][ T77] team0 (unregistering): Port device team_slave_0 removed [ 104.618987][ T77] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.660364][ T77] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.958237][ T5103] Bluetooth: hci0: command tx timeout [ 105.058133][ T77] bond0 (unregistering): Released all slaves [ 105.201204][ T5897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.233572][ T5897] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.256670][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.264118][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.282043][ T3446] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.289485][ T3446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.353403][ T5897] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 105.551809][ T5897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.600635][ T5897] veth0_vlan: entered promiscuous mode [ 105.614842][ T5897] veth1_vlan: entered promiscuous mode [ 105.647112][ T5897] veth0_macvtap: entered promiscuous mode [ 105.662400][ T5897] veth1_macvtap: entered promiscuous mode [ 105.693650][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.712357][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.735881][ T5897] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.747296][ T5897] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.756474][ T5897] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.765633][ T5897] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.964611][ T3446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.981209][ T3446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.019903][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.027885][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.094903][ T5945] syz.0.17[5945]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 106.108832][ T5945] loop0: detected capacity change from 0 to 16 [ 106.125857][ T5945] erofs: (device loop0): mounted with root inode @ nid 36. [ 106.141808][ T5945] syz.0.17: attempt to access beyond end of device [ 106.141808][ T5945] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 106.160884][ T5945] syz.0.17: attempt to access beyond end of device [ 106.160884][ T5945] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 106.180969][ T5945] syz.0.17: attempt to access beyond end of device [ 106.180969][ T5945] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 106.209575][ T5897] BUG: Bad page state in process syz-executor pfn:246d2 [ 106.217292][ T5897] page:ffffea000091b480 refcount:0 mapcount:0 mapping:ffff88805e8907c8 index:0x2 pfn:0x246d2 [ 106.228807][ T5897] aops:z_erofs_cache_aops ino:0 [ 106.233999][ T5897] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 106.242486][ T5897] page_type: 0xffffffff() [ 106.247413][ T5897] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e8907c8 [ 106.257346][ T5897] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 106.266374][ T5897] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 106.273962][ T5897] page_owner tracks the page as allocated [ 106.280177][ T5897] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5945, tgid 5945 (syz.0.17), ts 106141580875, free_ts 106041236825 [ 106.303041][ T5897] post_alloc_hook+0x1cd/0x210 [ 106.307960][ T5897] get_page_from_freelist+0x195c/0x19f0 [ 106.314166][ T5897] __alloc_pages+0x1e3/0x460 [ 106.319212][ T5897] z_erofs_do_read_page+0x20c0/0x3680 [ 106.324739][ T5897] z_erofs_pcluster_readmore+0x2cf/0x450 [ 106.330858][ T5897] z_erofs_read_folio+0x208/0x540 [ 106.336116][ T5897] filemap_read_folio+0x167/0x760 [ 106.342142][ T5897] do_read_cache_folio+0x470/0x7e0 [ 106.347310][ T5897] erofs_bread+0x16f/0x630 [ 106.352085][ T5897] erofs_namei+0x28c/0xf00 [ 106.357106][ T5897] erofs_lookup+0x135/0x310 [ 106.362173][ T5897] lookup_one_qstr_excl+0x112/0x250 [ 106.368303][ T5897] filename_create+0x222/0x460 [ 106.373849][ T5897] do_symlinkat+0xbd/0x3f0 [ 106.378524][ T5897] __x64_sys_symlinkat+0x99/0xb0 [ 106.384123][ T5897] do_syscall_64+0x55/0xb0 [ 106.389129][ T5897] page last free stack trace: [ 106.393953][ T5897] free_unref_page_prepare+0x7ce/0x8e0 [ 106.399750][ T5897] free_unref_page+0x32/0x2e0 [ 106.404578][ T5897] __unfreeze_partials+0x1cf/0x210 [ 106.410017][ T5897] put_cpu_partial+0x17c/0x250 [ 106.415041][ T5897] __slab_free+0x31d/0x410 [ 106.419650][ T5897] qlist_free_all+0x75/0xe0 [ 106.424517][ T5897] kasan_quarantine_reduce+0x143/0x160 [ 106.430531][ T5897] __kasan_slab_alloc+0x22/0x80 [ 106.435539][ T5897] slab_post_alloc_hook+0x6e/0x4d0 [ 106.440879][ T5897] kmem_cache_alloc_lru+0x115/0x2e0 [ 106.446133][ T5897] new_inode_pseudo+0x82/0x1d0 [ 106.451203][ T5897] new_inode+0x22/0x1b0 [ 106.455796][ T5897] __debugfs_create_file+0x148/0x500 [ 106.461663][ T5897] ieee80211_sta_debugfs_add+0x21a/0x730 [ 106.467349][ T5897] sta_info_insert_rcu+0xe8e/0x1770 [ 106.473101][ T5897] ieee80211_ibss_finish_sta+0x290/0x360 [ 106.479166][ T5897] Modules linked in: [ 106.483403][ T5897] CPU: 0 PID: 5897 Comm: syz-executor Not tainted syzkaller #0 [ 106.491117][ T5897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 106.501345][ T5897] Call Trace: [ 106.504683][ T5897] [ 106.507689][ T5897] dump_stack_lvl+0x16c/0x230 [ 106.512614][ T5897] ? show_regs_print_info+0x20/0x20 [ 106.518306][ T5897] ? swiotlb_print_info+0x70/0x70 [ 106.523421][ T5897] bad_page+0x14b/0x170 [ 106.527974][ T5897] free_unref_page_prepare+0x887/0x8e0 [ 106.533599][ T5897] free_unref_page+0x32/0x2e0 [ 106.538698][ T5897] ? __folio_put+0xef/0x210 [ 106.544043][ T5897] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 106.550727][ T5897] erofs_shrink_workstation+0x118/0x290 [ 106.556520][ T5897] ? erofs_shrinker_unregister+0x170/0x170 [ 106.562815][ T5897] ? io_schedule+0xd0/0xd0 [ 106.567374][ T5897] ? kobject_put+0x43c/0x470 [ 106.572207][ T5897] erofs_shrinker_unregister+0x5d/0x170 [ 106.578031][ T5897] erofs_put_super+0x4e/0x150 [ 106.582851][ T5897] ? erofs_free_inode+0xb0/0xb0 [ 106.587978][ T5897] generic_shutdown_super+0x134/0x2b0 [ 106.593504][ T5897] kill_block_super+0x44/0x90 [ 106.598388][ T5897] erofs_kill_sb+0x4c/0x140 [ 106.603208][ T5897] deactivate_locked_super+0x97/0x100 [ 106.608870][ T5897] cleanup_mnt+0x429/0x4c0 [ 106.613924][ T5897] task_work_run+0x1ce/0x250 [ 106.618832][ T5897] ? task_work_cancel+0x240/0x240 [ 106.624259][ T5897] ? exit_to_user_mode_loop+0x3b/0x110 [ 106.630856][ T5897] exit_to_user_mode_loop+0xe6/0x110 [ 106.636822][ T5897] exit_to_user_mode_prepare+0xf6/0x180 [ 106.642919][ T5897] syscall_exit_to_user_mode+0x1a/0x50 [ 106.649167][ T5897] do_syscall_64+0x61/0xb0 [ 106.654449][ T5897] ? clear_bhb_loop+0x40/0x90 [ 106.659691][ T5897] ? clear_bhb_loop+0x40/0x90 [ 106.664490][ T5897] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 106.670500][ T5897] RIP: 0033:0x7f3d4b7901f7 [ 106.675209][ T5897] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 106.695545][ T5897] RSP: 002b:00007ffe6535f418 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 106.704333][ T5897] RAX: 0000000000000000 RBX: 00007f3d4b811d7d RCX: 00007f3d4b7901f7 [ 106.712408][ T5897] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe6535f4d0 [ 106.720540][ T5897] RBP: 00007ffe6535f4d0 R08: 0000000000000000 R09: 0000000000000000 [ 106.728635][ T5897] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe65360560 [ 106.736715][ T5897] R13: 00007f3d4b811d7d R14: 0000000000019e9e R15: 00007ffe653605a0 [ 106.745163][ T5897] [ 106.749112][ T5897] Disabling lock debugging due to kernel taint [ 107.028176][ T5103] Bluetooth: hci0: command tx timeout