Warning: Permanently added '10.128.1.159' (ED25519) to the list of known hosts. syzkaller login: [ 86.795638][ T43] cfg80211: failed to load regulatory.db 2026/01/13 00:01:22 parsed 1 programs [ 90.175720][ T5807] cgroup: Unknown subsys name 'net' [ 90.397384][ T5807] cgroup: Unknown subsys name 'cpuset' [ 90.442267][ T5807] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.329127][ T5807] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.047663][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 96.435946][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.438368][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.438615][ T5826] bridge_slave_0: entered allmulticast mode [ 96.440336][ T5826] bridge_slave_0: entered promiscuous mode [ 96.447665][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.448270][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.448426][ T5826] bridge_slave_1: entered allmulticast mode [ 96.450965][ T5826] bridge_slave_1: entered promiscuous mode [ 96.616671][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.619418][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.765847][ T5826] team0: Port device team_slave_0 added [ 96.768207][ T5826] team0: Port device team_slave_1 added [ 96.884172][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.884186][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.884200][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.887055][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.887072][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 96.887095][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.339474][ T5826] hsr_slave_0: entered promiscuous mode [ 97.340460][ T5826] hsr_slave_1: entered promiscuous mode [ 97.716988][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.740250][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.776493][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.815218][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.955507][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.970738][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.005325][ T1328] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.005442][ T1328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.033023][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.033194][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.253763][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.300749][ T5826] veth0_vlan: entered promiscuous mode [ 98.310444][ T5826] veth1_vlan: entered promiscuous mode [ 98.359644][ T5826] veth0_macvtap: entered promiscuous mode [ 98.369554][ T5826] veth1_macvtap: entered promiscuous mode [ 98.391285][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.413967][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.430451][ T3518] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.446676][ T3518] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.448662][ T3518] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.448709][ T3518] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.166780][ T4538] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.413907][ T4538] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.633983][ T4538] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.680610][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.680644][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.739504][ T3518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.739526][ T3518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.626467][ T4538] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.720871][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.724474][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.728821][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.731049][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.734217][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.837622][ T4538] bridge_slave_1: left allmulticast mode [ 101.837735][ T4538] bridge_slave_1: left promiscuous mode [ 101.839058][ T4538] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.963151][ T4538] bridge_slave_0: left allmulticast mode [ 101.963172][ T4538] bridge_slave_0: left promiscuous mode [ 101.963330][ T4538] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.762682][ T4538] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.822819][ T4538] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.833716][ T5121] Bluetooth: hci0: command tx timeout [ 103.864077][ T4538] bond0 (unregistering): Released all slaves [ 104.124451][ T4538] hsr_slave_0: left promiscuous mode [ 104.171889][ T4538] hsr_slave_1: left promiscuous mode [ 104.173101][ T4538] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.173187][ T4538] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.213689][ T4538] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.213720][ T4538] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 104.325692][ T4538] veth1_macvtap: left promiscuous mode [ 104.325968][ T4538] veth0_macvtap: left promiscuous mode [ 104.326292][ T4538] veth1_vlan: left promiscuous mode [ 104.327381][ T4538] veth0_vlan: left promiscuous mode [ 106.405025][ T4538] team0 (unregistering): Port device team_slave_1 removed [ 106.602311][ T4538] team0 (unregistering): Port device team_slave_0 removed 2026/01/13 00:01:47 executed programs: 0 [ 112.662568][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.668540][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.671537][ T61] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.680146][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.706936][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 113.246176][ T5981] chnl_net:caif_netlink_parms(): no params data found [ 113.563483][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.563620][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.563740][ T5981] bridge_slave_0: entered allmulticast mode [ 113.565364][ T5981] bridge_slave_0: entered promiscuous mode [ 113.567669][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.567790][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.567894][ T5981] bridge_slave_1: entered allmulticast mode [ 113.569422][ T5981] bridge_slave_1: entered promiscuous mode [ 113.845209][ T5981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.884275][ T5981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.079096][ T5981] team0: Port device team_slave_0 added [ 114.083608][ T5981] team0: Port device team_slave_1 added [ 114.254616][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.254634][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 114.254661][ T5981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.257153][ T5981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.257167][ T5981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 114.257194][ T5981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.452264][ T5981] hsr_slave_0: entered promiscuous mode [ 114.453068][ T5981] hsr_slave_1: entered promiscuous mode [ 114.791887][ T5121] Bluetooth: hci0: command tx timeout [ 116.169269][ T5981] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 116.209714][ T5981] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 116.248312][ T5981] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 116.286031][ T5981] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 116.460328][ T5981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.490467][ T5981] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.509206][ T1515] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.509954][ T1515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.534995][ T4538] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.544601][ T4538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.874909][ T5121] Bluetooth: hci0: command tx timeout [ 116.940059][ T5981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.034345][ T5981] veth0_vlan: entered promiscuous mode [ 117.049747][ T5981] veth1_vlan: entered promiscuous mode [ 117.107739][ T5981] veth0_macvtap: entered promiscuous mode [ 117.123816][ T5981] veth1_macvtap: entered promiscuous mode [ 117.154708][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.173566][ T5981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.199232][ T1328] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.207489][ T1328] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.212961][ T1328] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.213007][ T1328] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.454774][ T3575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.454797][ T3575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.544765][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.544789][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/01/13 00:01:52 executed programs: 2 [ 117.724044][ T6069] loop0: detected capacity change from 0 to 1024 [ 117.727593][ T6069] ======================================================= [ 117.727593][ T6069] WARNING: The mand mount option has been deprecated and [ 117.727593][ T6069] and is ignored by this kernel. Remove the mand [ 117.727593][ T6069] option from the mount to silence this warning. [ 117.727593][ T6069] ======================================================= [ 117.787001][ T6069] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.800778][ T6069] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4215: comm syz.0.17: Allocating blocks 385-513 which overlap fs metadata [ 117.816476][ T37] audit: type=1800 audit(1768262512.835:2): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.17" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 117.823041][ T37] audit: type=1800 audit(1768262512.835:3): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.17" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 117.931241][ T6069] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4215: comm syz.0.17: Allocating blocks 1-17 which overlap fs metadata [ 117.956074][ T6069] ------------[ cut here ]------------ [ 117.956088][ T6069] kernel BUG at fs/ext4/mballoc.c:4787! [ 117.956112][ T6069] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 117.956134][ T6069] CPU: 1 UID: 0 PID: 6069 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 117.956156][ T6069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 117.956167][ T6069] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 117.956198][ T6069] Code: e8 74 7e ad ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 00 45 4b ff 90 0f 0b e8 f8 44 4b ff 90 0f 0b e8 f0 44 4b ff 90 <0f> 0b e8 e8 44 4b ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 117.956213][ T6069] RSP: 0018:ffffc90004e4f3c8 EFLAGS: 00010293 [ 117.956232][ T6069] RAX: ffffffff827467d0 RBX: 00000000ffffffff RCX: ffff888026db1e40 [ 117.956246][ T6069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.956257][ T6069] RBP: 1ffff1100604d6ef R08: 0000000000000000 R09: 0000000000000000 [ 117.956269][ T6069] R10: dffffc0000000000 R11: ffffed10081f9618 R12: 0000000000000004 [ 117.956282][ T6069] R13: 0000000000000002 R14: 1ffff110081f961a R15: ffff888040fcb0d0 [ 117.956296][ T6069] FS: 000055558c741500(0000) GS:ffff888126dee000(0000) knlGS:0000000000000000 [ 117.956311][ T6069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.956324][ T6069] CR2: 00005586505f2950 CR3: 0000000043998000 CR4: 00000000003526f0 [ 117.956343][ T6069] Call Trace: [ 117.956350][ T6069] [ 117.956363][ T6069] ext4_mb_use_preallocated+0x669/0x1410 [ 117.956390][ T6069] ext4_mb_new_blocks+0x5a1/0x46b0 [ 117.956414][ T6069] ? __pfx_ext4_es_cache_extent+0x10/0x10 [ 117.956435][ T6069] ? __kmalloc_noprof+0x25f/0x7e0 [ 117.956463][ T6069] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 117.956483][ T6069] ? ext4_ext_check_overlap+0x32e/0x580 [ 117.956509][ T6069] ? ext4_ext_find_goal+0xf0/0x1e0 [ 117.956534][ T6069] ext4_ext_map_blocks+0x1877/0x69c0 [ 117.956566][ T6069] ? __lock_acquire+0x6b6/0x2cf0 [ 117.956593][ T6069] ? do_raw_spin_lock+0x121/0x290 [ 117.956614][ T6069] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 117.956641][ T6069] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 117.956661][ T6069] ? lockdep_hardirqs_on+0x7b/0x110 [ 117.956685][ T6069] ext4_map_blocks+0x82c/0x16f0 [ 117.956710][ T6069] ? __pfx_ext4_map_blocks+0x10/0x10 [ 117.956729][ T6069] ? ext4_journal_check_start+0x1c/0x2b0 [ 117.956754][ T6069] ? __ext4_journal_start_sb+0x25a/0x580 [ 117.956780][ T6069] ext4_alloc_file_blocks+0x425/0xdd0 [ 117.956818][ T6069] ? __pfx_ext4_alloc_file_blocks+0x10/0x10 [ 117.956859][ T6069] ? __pfx_ext4_wait_dax_page+0x10/0x10 [ 117.956884][ T6069] ext4_zero_range+0x38d/0xb90 [ 117.956914][ T6069] ext4_fallocate+0x340/0x3d0 [ 117.956942][ T6069] vfs_fallocate+0x672/0x7f0 [ 117.956971][ T6069] ? __pfx_vfs_fallocate+0x10/0x10 [ 117.957002][ T6069] __x64_sys_fallocate+0xc0/0x110 [ 117.957031][ T6069] do_syscall_64+0xec/0xf80 [ 117.957050][ T6069] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.957068][ T6069] ? trace_irq_disable+0x37/0x100 [ 117.957089][ T6069] ? clear_bhb_loop+0x60/0xb0 [ 117.957110][ T6069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.957129][ T6069] RIP: 0033:0x7f1f34f2f749 [ 117.957146][ T6069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.957161][ T6069] RSP: 002b:00007ffef4af0c08 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 117.957182][ T6069] RAX: ffffffffffffffda RBX: 00007f1f35185fa0 RCX: 00007f1f34f2f749 [ 117.957196][ T6069] RDX: 0000000000000fff RSI: 0000000000000011 RDI: 0000000000000004 [ 117.957208][ T6069] RBP: 00007f1f34fb3f91 R08: 0000000000000000 R09: 0000000000000000 [ 117.957220][ T6069] R10: 0000000008800000 R11: 0000000000000246 R12: 0000000000000000 [ 117.957232][ T6069] R13: 00007f1f35185fa0 R14: 00007f1f35185fa0 R15: 0000000000000004 [ 117.957252][ T6069] [ 117.957259][ T6069] Modules linked in: [ 117.957273][ T6069] ---[ end trace 0000000000000000 ]--- [ 117.957283][ T6069] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 117.957308][ T6069] Code: e8 74 7e ad ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 00 45 4b ff 90 0f 0b e8 f8 44 4b ff 90 0f 0b e8 f0 44 4b ff 90 <0f> 0b e8 e8 44 4b ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 117.957324][ T6069] RSP: 0018:ffffc90004e4f3c8 EFLAGS: 00010293 [ 117.957340][ T6069] RAX: ffffffff827467d0 RBX: 00000000ffffffff RCX: ffff888026db1e40 [ 117.957353][ T6069] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 117.957365][ T6069] RBP: 1ffff1100604d6ef R08: 0000000000000000 R09: 0000000000000000 [ 117.957377][ T6069] R10: dffffc0000000000 R11: ffffed10081f9618 R12: 0000000000000004 [ 117.957391][ T6069] R13: 0000000000000002 R14: 1ffff110081f961a R15: ffff888040fcb0d0 [ 117.957405][ T6069] FS: 000055558c741500(0000) GS:ffff888126dee000(0000) knlGS:0000000000000000 [ 117.957422][ T6069] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 117.957435][ T6069] CR2: 00005586505f2950 CR3: 0000000043998000 CR4: 00000000003526f0 [ 117.957456][ T6069] Kernel panic - not syncing: Fatal exception [ 117.957913][ T6069] Kernel Offset: disabled