Warning: Permanently added '10.128.1.205' (ED25519) to the list of known hosts. 2026/01/07 17:07:58 parsed 1 programs syzkaller login: [ 87.682154][ T5772] cgroup: Unknown subsys name 'net' [ 87.822111][ T5772] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.604002][ T5772] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.321354][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.330235][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.343791][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.351947][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.360432][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 91.368030][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.135498][ T1189] cfg80211: failed to load regulatory.db [ 94.419990][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.439796][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.475381][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.489330][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.950586][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 95.038826][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.047009][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.054331][ T5855] bridge_slave_0: entered allmulticast mode [ 95.061494][ T5855] bridge_slave_0: entered promiscuous mode [ 95.083261][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.090421][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.098131][ T5855] bridge_slave_1: entered allmulticast mode [ 95.107200][ T5855] bridge_slave_1: entered promiscuous mode [ 95.151164][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.163431][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.207157][ T5855] team0: Port device team_slave_0 added [ 95.216781][ T5855] team0: Port device team_slave_1 added [ 95.251356][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.258562][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.285623][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.307795][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.315530][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.341705][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.405540][ T5855] hsr_slave_0: entered promiscuous mode [ 95.413031][ T5855] hsr_slave_1: entered promiscuous mode [ 95.597808][ T5855] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.615529][ T5855] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.626597][ T5855] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.638669][ T5855] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.765804][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.799493][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.816143][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.823545][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.840199][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.847418][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.067696][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.135275][ T5855] veth0_vlan: entered promiscuous mode [ 96.150505][ T5855] veth1_vlan: entered promiscuous mode [ 96.189803][ T5855] veth0_macvtap: entered promiscuous mode [ 96.200602][ T5855] veth1_macvtap: entered promiscuous mode [ 96.231363][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.250303][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.297177][ T5855] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.306302][ T5855] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.316043][ T5855] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.325327][ T5855] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.748566][ T1328] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/01/07 17:08:10 executed programs: 0 [ 96.936142][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.945248][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.956461][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.966567][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.974794][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 96.982246][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.165726][ T5880] chnl_net:caif_netlink_parms(): no params data found [ 97.246039][ T5880] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.253841][ T5880] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.261306][ T5880] bridge_slave_0: entered allmulticast mode [ 97.269366][ T5880] bridge_slave_0: entered promiscuous mode [ 97.278398][ T5880] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.285693][ T5880] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.293223][ T5880] bridge_slave_1: entered allmulticast mode [ 97.300722][ T5880] bridge_slave_1: entered promiscuous mode [ 97.341327][ T5880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.354911][ T5880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.396074][ T5880] team0: Port device team_slave_0 added [ 97.405635][ T5880] team0: Port device team_slave_1 added [ 97.445819][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.453272][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.481073][ T5880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.494679][ T5880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.501689][ T5880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.528013][ T5880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.578017][ T5880] hsr_slave_0: entered promiscuous mode [ 97.585692][ T5880] hsr_slave_1: entered promiscuous mode [ 97.592511][ T5880] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 97.601870][ T5880] Cannot create hsr debugfs directory [ 99.013545][ T5083] Bluetooth: hci0: command tx timeout [ 99.058261][ T1328] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.094547][ T5083] Bluetooth: hci0: command tx timeout [ 101.256630][ T1328] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.309266][ T1328] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.189935][ T5880] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.202133][ T5880] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.215877][ T5880] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.242754][ T1328] hsr_slave_0: left promiscuous mode [ 102.251448][ T1328] hsr_slave_1: left promiscuous mode [ 102.258046][ T1328] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.267894][ T1328] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.277757][ T1328] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.289053][ T1328] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.297492][ T1328] bridge_slave_1: left allmulticast mode [ 102.305779][ T1328] bridge_slave_1: left promiscuous mode [ 102.313234][ T1328] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.329684][ T1328] bridge_slave_0: left allmulticast mode [ 102.335567][ T1328] bridge_slave_0: left promiscuous mode [ 102.341380][ T1328] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.378873][ T1328] veth1_macvtap: left promiscuous mode [ 102.387306][ T1328] veth0_macvtap: left promiscuous mode [ 102.393942][ T1328] veth1_vlan: left promiscuous mode [ 102.399533][ T1328] veth0_vlan: left promiscuous mode [ 102.878699][ T1328] team0 (unregistering): Port device team_slave_1 removed [ 102.921166][ T1328] team0 (unregistering): Port device team_slave_0 removed [ 102.969359][ T1328] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.016336][ T1328] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.173291][ T5083] Bluetooth: hci0: command tx timeout [ 103.485716][ T1328] bond0 (unregistering): Released all slaves [ 103.575130][ T5880] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.667172][ T5880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.694084][ T5880] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.708266][ T1309] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.715588][ T1309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.730447][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.737647][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.990655][ T5880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.036848][ T5880] veth0_vlan: entered promiscuous mode [ 104.051667][ T5880] veth1_vlan: entered promiscuous mode [ 104.089842][ T5880] veth0_macvtap: entered promiscuous mode [ 104.103355][ T5880] veth1_macvtap: entered promiscuous mode [ 104.127174][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.147090][ T5880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.159107][ T5880] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.168513][ T5880] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.177715][ T5880] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.187756][ T5880] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.269198][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.277146][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.312446][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.320533][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.372291][ T5927] syz.0.17[5927]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 104.449692][ T5927] loop0: detected capacity change from 0 to 8192 [ 104.471450][ T5927] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.485731][ T5927] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 104.496000][ T5927] REISERFS (device loop0): using ordered data mode [ 104.502564][ T5927] reiserfs: using flush barriers [ 104.512123][ T5927] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.529399][ T5927] REISERFS (device loop0): checking transaction log (loop0) [ 104.643862][ T5927] REISERFS (device loop0): Using tea hash to sort names [ 104.654339][ T5927] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 104.674119][ T5927] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 104.735433][ T5880] REISERFS panic (device loop0): journal-2332 do_journal_end: Trying to log block 517, which is a log block [ 104.757773][ T5880] ------------[ cut here ]------------ [ 104.763881][ T5880] kernel BUG at fs/reiserfs/prints.c:390! [ 104.771397][ T5880] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 104.777561][ T5880] CPU: 0 PID: 5880 Comm: syz-executor Not tainted syzkaller #0 [ 104.785151][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 104.795260][ T5880] RIP: 0010:__reiserfs_panic+0x13e/0x140 [ 104.800966][ T5880] Code: c7 c1 00 85 bc 8a 48 0f 44 c8 4c 0f 44 f0 48 c7 c7 c0 85 bc 8a 4c 89 fe 4c 89 f2 49 89 d8 49 c7 c1 40 61 fc 96 e8 12 66 ff ff <0f> 0b 66 0f 1f 00 53 48 89 fb e8 63 cb 28 f7 48 c7 c7 40 8e bc 8a [ 104.820616][ T5880] RSP: 0018:ffffc90003307880 EFLAGS: 00010246 [ 104.826733][ T5880] RAX: 0000000000000069 RBX: ffffffff8c7adfc9 RCX: bf412c05dedd3a00 [ 104.834735][ T5880] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 104.842736][ T5880] RBP: ffffc90003307970 R08: ffffc90003307587 R09: 1ffff92000660eb0 [ 104.850728][ T5880] R10: dffffc0000000000 R11: fffff52000660eb1 R12: ffffffff8abcd200 [ 104.858732][ T5880] R13: ffffc900033078a0 R14: ffffffff8abcd1e0 R15: ffff88802df0c660 [ 104.866729][ T5880] FS: 0000555580adf500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 104.875684][ T5880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.882297][ T5880] CR2: 0000555580afa5c8 CR3: 00000000737f0000 CR4: 00000000003506f0 [ 104.890297][ T5880] Call Trace: [ 104.893601][ T5880] [ 104.896554][ T5880] ? reiserfs_info+0x160/0x160 [ 104.901359][ T5880] ? __getblk_gfp+0x54/0x660 [ 104.905978][ T5880] do_journal_end+0x3f66/0x4860 [ 104.910876][ T5880] ? journal_mark_dirty+0xe00/0xe00 [ 104.916106][ T5880] ? dqput+0x440/0x440 [ 104.920200][ T5880] ? journal_end_sync+0x113/0x1e0 [ 104.925263][ T5880] reiserfs_sync_fs+0xd0/0x150 [ 104.930055][ T5880] ? handle_attrs+0x200/0x200 [ 104.934762][ T5880] ? get_nr_dirty_inodes+0x1d4/0x220 [ 104.940073][ T5880] sync_filesystem+0xea/0x220 [ 104.944781][ T5880] generic_shutdown_super+0x6f/0x2b0 [ 104.950111][ T5880] kill_block_super+0x44/0x90 [ 104.954814][ T5880] deactivate_locked_super+0x97/0x100 [ 104.960219][ T5880] cleanup_mnt+0x429/0x4c0 [ 104.964662][ T5880] task_work_run+0x1ce/0x250 [ 104.969279][ T5880] ? task_work_cancel+0x240/0x240 [ 104.974330][ T5880] ? exit_to_user_mode_loop+0x3b/0x110 [ 104.979821][ T5880] exit_to_user_mode_loop+0xe6/0x110 [ 104.985143][ T5880] exit_to_user_mode_prepare+0xf6/0x180 [ 104.990711][ T5880] syscall_exit_to_user_mode+0x1a/0x50 [ 104.996198][ T5880] do_syscall_64+0x61/0xb0 [ 105.000643][ T5880] ? clear_bhb_loop+0x40/0x90 [ 105.005351][ T5880] ? clear_bhb_loop+0x40/0x90 [ 105.010062][ T5880] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 105.015991][ T5880] RIP: 0033:0x7fdd8cd90a77 [ 105.020438][ T5880] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 105.040076][ T5880] RSP: 002b:00007ffde2861df8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 105.048541][ T5880] RAX: 0000000000000000 RBX: 00007fdd8ce13d7d RCX: 00007fdd8cd90a77 [ 105.056580][ T5880] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffde2861eb0 [ 105.065128][ T5880] RBP: 00007ffde2861eb0 R08: 0000000000000000 R09: 0000000000000000 [ 105.073145][ T5880] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffde2862f40 [ 105.081151][ T5880] R13: 00007fdd8ce13d7d R14: 0000000000019784 R15: 00007ffde2862f80 [ 105.089165][ T5880] [ 105.092220][ T5880] Modules linked in: [ 105.118317][ T5880] ---[ end trace 0000000000000000 ]--- [ 105.127078][ T5880] RIP: 0010:__reiserfs_panic+0x13e/0x140 [ 105.136047][ T5880] Code: c7 c1 00 85 bc 8a 48 0f 44 c8 4c 0f 44 f0 48 c7 c7 c0 85 bc 8a 4c 89 fe 4c 89 f2 49 89 d8 49 c7 c1 40 61 fc 96 e8 12 66 ff ff <0f> 0b 66 0f 1f 00 53 48 89 fb e8 63 cb 28 f7 48 c7 c7 40 8e bc 8a [ 105.156847][ T5880] RSP: 0018:ffffc90003307880 EFLAGS: 00010246 [ 105.163396][ T5880] RAX: 0000000000000069 RBX: ffffffff8c7adfc9 RCX: bf412c05dedd3a00 [ 105.171859][ T5880] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 105.184069][ T5880] RBP: ffffc90003307970 R08: ffffc90003307587 R09: 1ffff92000660eb0 [ 105.192129][ T5880] R10: dffffc0000000000 R11: fffff52000660eb1 R12: ffffffff8abcd200 [ 105.200697][ T5880] R13: ffffc900033078a0 R14: ffffffff8abcd1e0 R15: ffff88802df0c660 [ 105.209783][ T5880] FS: 0000555580adf500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 105.219931][ T5880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.226754][ T5880] CR2: 0000555580afa5c8 CR3: 00000000737f0000 CR4: 00000000003506f0 [ 105.235673][ T5880] Kernel panic - not syncing: Fatal exception [ 105.242338][ T5880] Kernel Offset: disabled [ 105.246678][ T5880] Rebooting in 86400 seconds..