Warning: Permanently added '[localhost]:40130' (ED25519) to the list of known hosts. 2026/01/22 03:53:30 parsed 1 programs syzkaller login: [ 88.369571][ T5322] cgroup: Unknown subsys name 'net' [ 88.433463][ T5322] cgroup: Unknown subsys name 'cpuset' [ 88.439183][ T5322] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.255281][ T5322] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.627242][ T5339] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.005049][ T789] cfg80211: failed to load regulatory.db [ 97.742489][ T4681] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.746937][ T4681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.751058][ T4681] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.754726][ T4681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.758332][ T4681] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.721140][ T5401] chnl_net:caif_netlink_parms(): no params data found [ 99.785855][ T5401] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.789776][ T5401] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.793146][ T5401] bridge_slave_0: entered allmulticast mode [ 99.797630][ T5401] bridge_slave_0: entered promiscuous mode [ 99.803476][ T5401] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.806740][ T5401] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.810383][ T5401] bridge_slave_1: entered allmulticast mode [ 99.814073][ T5401] bridge_slave_1: entered promiscuous mode [ 99.839482][ T5401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.846230][ T5401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.869195][ T5401] team0: Port device team_slave_0 added [ 99.874144][ T5401] team0: Port device team_slave_1 added [ 99.896475][ T5401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.899466][ T5401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.911252][ T5401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.918348][ T5401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.922081][ T5401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 99.933611][ T5401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.968867][ T5401] hsr_slave_0: entered promiscuous mode [ 99.972593][ T5401] hsr_slave_1: entered promiscuous mode [ 100.122986][ T5401] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.133852][ T5401] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.141113][ T5401] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.147572][ T5401] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.176281][ T5401] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.179610][ T5401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.183362][ T5401] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.186458][ T5401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.251588][ T5401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.264646][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.268778][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.282689][ T5401] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.290968][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.294161][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.307891][ T170] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.311285][ T170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.480983][ T5401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.515330][ T5401] veth0_vlan: entered promiscuous mode [ 100.524227][ T5401] veth1_vlan: entered promiscuous mode [ 100.551142][ T5401] veth0_macvtap: entered promiscuous mode [ 100.556958][ T5401] veth1_macvtap: entered promiscuous mode [ 100.573743][ T5401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.585036][ T5401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.595811][ T31] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.606312][ T31] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.623158][ T31] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.641360][ T31] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.802897][ T170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.931297][ T170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.013436][ T170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.093543][ T170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.565744][ T1041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.569304][ T1041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.614769][ T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.618233][ T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2026/01/22 03:53:47 executed programs: 0 [ 102.466185][ T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.478188][ T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.482624][ T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.486431][ T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.490632][ T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.723978][ T5436] chnl_net:caif_netlink_parms(): no params data found [ 102.837426][ T5436] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.843930][ T5436] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.847192][ T5436] bridge_slave_0: entered allmulticast mode [ 102.851281][ T5436] bridge_slave_0: entered promiscuous mode [ 102.856906][ T5436] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.860785][ T5436] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.864056][ T5436] bridge_slave_1: entered allmulticast mode [ 102.867953][ T5436] bridge_slave_1: entered promiscuous mode [ 102.892884][ T5436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.899759][ T5436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.948706][ T5436] team0: Port device team_slave_0 added [ 102.964859][ T5436] team0: Port device team_slave_1 added [ 102.995433][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.998570][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.013594][ T5436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.019417][ T5436] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.023566][ T5436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 103.035594][ T5436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.071393][ T5436] hsr_slave_0: entered promiscuous mode [ 103.074650][ T5436] hsr_slave_1: entered promiscuous mode [ 103.077863][ T5436] debugfs: 'hsr0' already exists in 'hsr' [ 103.081731][ T5436] Cannot create hsr debugfs directory [ 103.316548][ T170] bridge_slave_1: left allmulticast mode [ 103.319134][ T170] bridge_slave_1: left promiscuous mode [ 103.324557][ T170] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.345188][ T170] bridge_slave_0: left allmulticast mode [ 103.347825][ T170] bridge_slave_0: left promiscuous mode [ 103.354067][ T170] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.733812][ T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.740478][ T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.745689][ T170] bond0 (unregistering): Released all slaves [ 103.819117][ T170] hsr_slave_0: left promiscuous mode [ 103.825966][ T170] hsr_slave_1: left promiscuous mode [ 103.830221][ T170] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 103.833331][ T170] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 103.837698][ T170] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 103.843391][ T170] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.855679][ T170] veth1_macvtap: left promiscuous mode [ 103.858775][ T170] veth0_macvtap: left promiscuous mode [ 103.861869][ T170] veth1_vlan: left promiscuous mode [ 103.864612][ T170] veth0_vlan: left promiscuous mode [ 104.192668][ T170] team0 (unregistering): Port device team_slave_1 removed [ 104.220967][ T170] team0 (unregistering): Port device team_slave_0 removed [ 104.523065][ T46] Bluetooth: hci0: command tx timeout [ 104.760959][ T5436] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.767717][ T5436] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.787983][ T5436] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.972005][ T5436] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.168676][ T5436] 8021q: adding VLAN 0 to HW filter on device bond0 [ 105.208639][ T5436] 8021q: adding VLAN 0 to HW filter on device team0 [ 105.227375][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.230555][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.248213][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.251271][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.442554][ T5436] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.477993][ T5436] veth0_vlan: entered promiscuous mode [ 105.489564][ T5436] veth1_vlan: entered promiscuous mode [ 105.515233][ T5436] veth0_macvtap: entered promiscuous mode [ 105.523025][ T5436] veth1_macvtap: entered promiscuous mode [ 105.536849][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.552249][ T5436] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.562094][ T170] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.565958][ T170] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.582732][ T170] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.586394][ T170] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.637556][ T170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.651673][ T170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.675509][ T170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.678506][ T170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.749463][ T5470] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI [ 105.754504][ T5470] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 105.757900][ T5470] CPU: 0 UID: 0 PID: 5470 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 105.761390][ T5470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 105.764961][ T5470] RIP: 0010:ife_tlv_meta_encode+0x46/0xb0 [ 105.767204][ T5470] Code: 70 87 71 f6 45 8d 77 07 4d 8d 65 04 c1 e5 10 44 89 fb 83 c3 04 09 eb 0f cb 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 43 41 89 5d 00 41 81 e6 fc ff 00 00 41 8d 46 [ 105.775260][ T5470] RSP: 0018:ffffc90003a1ef60 EFLAGS: 00010246 [ 105.777900][ T5470] RAX: 0000000000000000 RBX: 0000000008000300 RCX: dffffc0000000000 [ 105.781218][ T5470] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000 [ 105.784734][ T5470] RBP: 0000000000030000 R08: 0000000000000003 R09: 0000000000000004 [ 105.788223][ T5470] R10: dffffc0000000000 R11: ffffffff897bb640 R12: 0000000000000004 [ 105.791442][ T5470] R13: 0000000000000000 R14: 000000000000000b R15: 0000000000000004 [ 105.794802][ T5470] FS: 000055555b1ae500(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 105.798416][ T5470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.800982][ T5470] CR2: 00007fcb54861de0 CR3: 00000000343e7000 CR4: 0000000000352ef0 [ 105.804168][ T5470] Call Trace: [ 105.805534][ T5470] [ 105.806712][ T5470] ife_encode_meta_u32+0x126/0x1c0 [ 105.808727][ T5470] ? tcf_ife_act+0x1067/0x1d80 [ 105.810956][ T5470] ? __pfx_ife_encode_meta_u32+0x10/0x10 [ 105.813537][ T5470] ? ife_encode+0x3cf/0x4e0 [ 105.815424][ T5470] tcf_ife_act+0x10fd/0x1d80 [ 105.817416][ T5470] ? __pfx_tcf_ife_act+0x10/0x10 [ 105.819437][ T5470] ? save_trace+0x2c4/0x390 [ 105.821280][ T5470] ? lockdep_unlock+0x5d/0xd0 [ 105.823145][ T5470] ? mark_lock+0x180/0x190 [ 105.824974][ T5470] tcf_action_exec+0x185/0x8e0 [ 105.827028][ T5470] tcf_classify+0x4cf/0x1130 [ 105.828971][ T5470] multiq_enqueue+0x102/0x4d0 [ 105.830743][ T5470] ? __pfx_multiq_enqueue+0x10/0x10 [ 105.832745][ T5470] ? do_raw_spin_lock+0x12b/0x2f0 [ 105.834842][ T5470] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 105.837091][ T5470] dev_qdisc_enqueue+0x4e/0x240 [ 105.839359][ T5470] ? __dev_queue_xmit+0x1916/0x32b0 [ 105.841790][ T5470] __dev_queue_xmit+0x1933/0x32b0 [ 105.844138][ T5470] ? __dev_queue_xmit+0x2a7/0x32b0 [ 105.846406][ T5470] ? _copy_from_iter+0x21b/0x1670 [ 105.848517][ T5470] ? __pfx___dev_queue_xmit+0x10/0x10 [ 105.850833][ T5470] ? sock_alloc_send_pskb+0x896/0x990 [ 105.853194][ T5470] ? packet_parse_headers+0x808/0xb50 [ 105.855528][ T5470] ? packet_parse_headers+0x8b5/0xb50 [ 105.857684][ T5470] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 105.860090][ T5470] ? __pfx_packet_parse_headers+0x10/0x10 [ 105.862418][ T5470] ? skb_copy_datagram_from_iter+0x60c/0x710 [ 105.864869][ T5470] ? packet_xmit+0x68/0x320 [ 105.866755][ T5470] packet_sendmsg+0x3eb6/0x50f0 [ 105.868857][ T5470] ? aa_sk_perm+0x15a/0x960 [ 105.870860][ T5470] ? aa_sk_perm+0x82d/0x960 [ 105.872725][ T5470] ? __pfx_packet_sendmsg+0x10/0x10 [ 105.874781][ T5470] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 105.877367][ T5470] ? aa_file_perm+0x12d/0x1630 [ 105.879416][ T5470] ? aa_sock_msg_perm+0xf1/0x1b0 [ 105.881528][ T5470] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 105.883657][ T5470] ? __pfx_packet_sendmsg+0x10/0x10 [ 105.886002][ T5470] __sock_sendmsg+0x21c/0x270 [ 105.888066][ T5470] ____sys_sendmsg+0x4d7/0x810 [ 105.890122][ T5470] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.892422][ T5470] ? import_iovec+0x73/0xa0 [ 105.894452][ T5470] ___sys_sendmsg+0x2a5/0x360 [ 105.896378][ T5470] ? get_pid_task+0x20/0x1f0 [ 105.898328][ T5470] ? __pfx____sys_sendmsg+0x10/0x10 [ 105.900478][ T5470] ? sb_end_write+0xe9/0x1c0 [ 105.902593][ T5470] ? __pfx_vfs_write+0x10/0x10 [ 105.904735][ T5470] __x64_sys_sendmsg+0x1bd/0x2a0 [ 105.906932][ T5470] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 105.909829][ T5470] ? __pfx_ksys_write+0x10/0x10 [ 105.912617][ T5470] do_syscall_64+0xe2/0xf80 [ 105.914877][ T5470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.917671][ T5470] ? trace_irq_disable+0x37/0x100 [ 105.919950][ T5470] ? clear_bhb_loop+0x60/0xb0 [ 105.922113][ T5470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.924649][ T5470] RIP: 0033:0x7f54ee59acb9 [ 105.926615][ T5470] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 105.934397][ T5470] RSP: 002b:00007ffc012e66e8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.938333][ T5470] RAX: ffffffffffffffda RBX: 00007f54ee815fa0 RCX: 00007f54ee59acb9 [ 105.941981][ T5470] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000008 [ 105.945576][ T5470] RBP: 00007ffc012e6750 R08: 0000000000000000 R09: 0000000000000000 [ 105.949327][ T5470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.952884][ T5470] R13: 00007f54ee815fac R14: 00007f54ee815fa0 R15: 00007f54ee815fa0 [ 105.956543][ T5470] [ 105.957993][ T5470] Modules linked in: [ 105.959889][ T5470] ---[ end trace 0000000000000000 ]--- [ 105.962342][ T5470] RIP: 0010:ife_tlv_meta_encode+0x46/0xb0 [ 105.964877][ T5470] Code: 70 87 71 f6 45 8d 77 07 4d 8d 65 04 c1 e5 10 44 89 fb 83 c3 04 09 eb 0f cb 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 43 41 89 5d 00 41 81 e6 fc ff 00 00 41 8d 46 [ 105.972549][ T5470] RSP: 0018:ffffc90003a1ef60 EFLAGS: 00010246 [ 105.975352][ T5470] RAX: 0000000000000000 RBX: 0000000008000300 RCX: dffffc0000000000 [ 105.979151][ T5470] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000 [ 105.982869][ T5470] RBP: 0000000000030000 R08: 0000000000000003 R09: 0000000000000004 [ 105.986221][ T5470] R10: dffffc0000000000 R11: ffffffff897bb640 R12: 0000000000000004 [ 105.988918][ T5470] R13: 0000000000000000 R14: 000000000000000b R15: 0000000000000004 [ 105.991965][ T5470] FS: 000055555b1ae500(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 105.995124][ T5470] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 105.997544][ T5470] CR2: 00007fcb54861de0 CR3: 00000000343e7000 CR4: 0000000000352ef0 [ 106.000783][ T5470] Kernel panic - not syncing: Fatal exception in interrupt [ 106.004244][ T5470] Kernel Offset: disabled [ 106.006173][ T5470] Rebooting in 86400 seconds..