Warning: Permanently added '10.128.0.200' (ED25519) to the list of known hosts.
2026/01/07 03:57:07 parsed 1 programs
syzkaller login: [   69.684554][ T5773] cgroup: Unknown subsys name 'net'
[   69.850932][ T5773] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.289652][ T5773] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.660156][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[   71.666914][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[   75.350848][ T5834] chnl_net:caif_netlink_parms(): no params data found
[   75.425653][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.433451][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.441247][ T5834] bridge_slave_0: entered allmulticast mode
[   75.448161][ T5834] bridge_slave_0: entered promiscuous mode
[   75.456804][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.463889][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.471171][ T5834] bridge_slave_1: entered allmulticast mode
[   75.479407][ T5834] bridge_slave_1: entered promiscuous mode
[   75.512553][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.523594][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.568133][ T5834] team0: Port device team_slave_0 added
[   75.576432][ T5834] team0: Port device team_slave_1 added
[   75.614344][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   75.621399][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.649299][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   75.661887][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   75.668906][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   75.694872][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   75.728748][ T5834] hsr_slave_0: entered promiscuous mode
[   75.735827][ T5834] hsr_slave_1: entered promiscuous mode
[   75.883121][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   75.894402][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   75.905570][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   75.914558][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   75.954352][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.961724][ T5834] bridge0: port 2(bridge_slave_1) entered forwarding state
[   75.969791][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.976929][ T5834] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.046763][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   76.074158][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.089932][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.108180][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   76.127938][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.135096][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   76.157813][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.164982][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state
[   76.331106][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   76.369862][ T5834] veth0_vlan: entered promiscuous mode
[   76.381930][ T5834] veth1_vlan: entered promiscuous mode
[   76.412428][ T5834] veth0_macvtap: entered promiscuous mode
[   76.422008][ T5834] veth1_macvtap: entered promiscuous mode
[   76.441199][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.455904][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.476733][ T5834] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.485910][ T5834] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.494594][ T5834] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.503382][ T5834] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.623951][ T5834] syz-executor (5834) used greatest stack depth: 20936 bytes left
[   76.733289][ T2909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.745261][ T2909] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.771424][ T3485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.790666][ T3485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.817468][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.326768][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.336655][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.347775][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.356473][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.364141][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.372176][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2026/01/07 03:57:17 executed programs: 0
[   77.906128][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.914723][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.922795][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.931248][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.940027][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.947397][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   78.083014][ T5883] chnl_net:caif_netlink_parms(): no params data found
[   78.138948][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.146290][ T5883] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.153460][ T5883] bridge_slave_0: entered allmulticast mode
[   78.161372][ T5883] bridge_slave_0: entered promiscuous mode
[   78.170426][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.178073][ T5883] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.185642][ T5883] bridge_slave_1: entered allmulticast mode
[   78.192395][ T5883] bridge_slave_1: entered promiscuous mode
[   78.219072][ T5883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.231827][ T5883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.262799][ T5883] team0: Port device team_slave_0 added
[   78.270953][ T5883] team0: Port device team_slave_1 added
[   78.293609][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.301240][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.328102][ T5883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.341050][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.348381][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.374746][ T5883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.420757][ T5883] hsr_slave_0: entered promiscuous mode
[   78.427243][ T5883] hsr_slave_1: entered promiscuous mode
[   78.433316][ T5883] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.442852][ T5883] Cannot create hsr debugfs directory
[   79.176881][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.976015][ T5084] Bluetooth: hci0: command tx timeout
[   81.464552][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.538054][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.900171][  T788] cfg80211: failed to load regulatory.db
[   82.054835][ T5084] Bluetooth: hci0: command tx timeout
[   82.433150][   T59] hsr_slave_0: left promiscuous mode
[   82.439394][   T59] hsr_slave_1: left promiscuous mode
[   82.445611][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.453034][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.461955][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.470105][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.478655][   T59] bridge_slave_1: left allmulticast mode
[   82.484318][   T59] bridge_slave_1: left promiscuous mode
[   82.490823][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.501933][   T59] bridge_slave_0: left allmulticast mode
[   82.508523][   T59] bridge_slave_0: left promiscuous mode
[   82.514214][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.533083][   T59] veth1_macvtap: left promiscuous mode
[   82.539216][   T59] veth0_macvtap: left promiscuous mode
[   82.544933][   T59] veth1_vlan: left promiscuous mode
[   82.550374][   T59] veth0_vlan: left promiscuous mode
[   82.900137][   T59] team0 (unregistering): Port device team_slave_1 removed
[   82.934192][   T59] team0 (unregistering): Port device team_slave_0 removed
[   82.963795][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.994681][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.291585][   T59] bond0 (unregistering): Released all slaves
[   83.386677][ T5883] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   83.396789][ T5883] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   83.406870][ T5883] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   83.416264][ T5883] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   83.509336][ T5883] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.546142][ T5883] 8021q: adding VLAN 0 to HW filter on device team0
[   83.560828][  T142] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.568006][  T142] bridge0: port 1(bridge_slave_0) entered forwarding state
[   83.588053][ T2909] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.595274][ T2909] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.767600][ T5883] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.854130][ T5883] veth0_vlan: entered promiscuous mode
[   83.869981][ T5883] veth1_vlan: entered promiscuous mode
[   83.917218][ T5883] veth0_macvtap: entered promiscuous mode
[   83.926729][ T5883] veth1_macvtap: entered promiscuous mode
[   83.944336][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.959209][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.970373][ T5883] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.979645][ T5883] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.989260][ T5883] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.998273][ T5883] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.056978][  T142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.065430][  T142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.090805][ T3485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.099134][ T3485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.134841][ T5084] Bluetooth: hci0: command tx timeout
[   84.986891][ T5933] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN
[   84.998621][ T5933] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
[   85.007030][ T5933] CPU: 0 PID: 5933 Comm: syz.0.17 Not tainted syzkaller #0
[   85.014211][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   85.024345][ T5933] RIP: 0010:rose_transmit_link+0x32/0x740
[   85.030090][ T5933] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 f5 49 89 fc 49 be 00 00 00 00 00 fc ff df e8 a9 60 25 f8 4c 8d 7d 36 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 65 05 00 00 41 0f b6 1f 31 ff 89 de e8
[   85.049688][ T5933] RSP: 0018:ffffc90003507910 EFLAGS: 00010207
[   85.055748][ T5933] RAX: 0000000000000006 RBX: 0000000000000000 RCX: ffff88802baeda00
[   85.063702][ T5933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807a437640
[   85.071656][ T5933] RBP: 0000000000000000 R08: ffff88802baeda00 R09: 0000000000000008
[   85.079606][ T5933] R10: 000000000000000f R11: 0000000000000000 R12: ffff88807a437640
[   85.087561][ T5933] R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000036
[   85.095525][ T5933] FS:  00007f4e1e4bb6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[   85.104461][ T5933] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.111044][ T5933] CR2: 00007f4e1e499f98 CR3: 00000000300ab000 CR4: 00000000003506f0
[   85.119010][ T5933] Call Trace:
[   85.122277][ T5933]  <TASK>
[   85.125210][ T5933]  ? skb_put+0x11b/0x210
[   85.129456][ T5933]  rose_write_internal+0x11d1/0x1ab0
[   85.134733][ T5933]  ? rose_validate_nr+0x120/0x120
[   85.139746][ T5933]  ? __timer_delete+0x6b/0x290
[   85.144501][ T5933]  ? skb_queue_purge_reason+0x6c/0x1c0
[   85.149951][ T5933]  rose_release+0x236/0x4e0
[   85.154451][ T5933]  sock_close+0xbd/0x230
[   85.158684][ T5933]  ? sock_mmap+0xa0/0xa0
[   85.162918][ T5933]  __fput+0x234/0x970
[   85.166900][ T5933]  task_work_run+0x1ce/0x250
[   85.171488][ T5933]  ? task_work_cancel+0x240/0x240
[   85.176504][ T5933]  get_signal+0x1235/0x1400
[   85.181001][ T5933]  ? kick_process+0xe4/0x150
[   85.185585][ T5933]  ? task_work_add+0x3a3/0x440
[   85.190338][ T5933]  ? __ia32_sys_pidfd_getfd+0x90/0x90
[   85.195702][ T5933]  ? wake_bit_function+0x200/0x200
[   85.200810][ T5933]  arch_do_signal_or_restart+0x9c/0x7b0
[   85.206437][ T5933]  ? fput+0x15b/0x1a0
[   85.210413][ T5933]  ? get_sigframe_size+0x20/0x20
[   85.215343][ T5933]  ? __sys_connect+0x240/0x420
[   85.220111][ T5933]  ? exit_to_user_mode_loop+0x3b/0x110
[   85.225564][ T5933]  exit_to_user_mode_loop+0x70/0x110
[   85.230843][ T5933]  exit_to_user_mode_prepare+0xf6/0x180
[   85.236381][ T5933]  syscall_exit_to_user_mode+0x1a/0x50
[   85.241831][ T5933]  do_syscall_64+0x61/0xb0
[   85.246236][ T5933]  ? clear_bhb_loop+0x40/0x90
[   85.250903][ T5933]  ? clear_bhb_loop+0x40/0x90
[   85.255569][ T5933]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   85.261451][ T5933] RIP: 0033:0x7f4e1d58f749
[   85.265871][ T5933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.285465][ T5933] RSP: 002b:00007f4e1e4bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[   85.293880][ T5933] RAX: 0000000000000000 RBX: 00007f4e1d7e5fa0 RCX: 00007f4e1d58f749
[   85.301841][ T5933] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000007
[   85.309800][ T5933] RBP: 00007f4e1d613f91 R08: 0000000000000000 R09: 0000000000000000
[   85.317759][ T5933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.325805][ T5933] R13: 00007f4e1d7e6038 R14: 00007f4e1d7e5fa0 R15: 00007ffd75317a38
[   85.333862][ T5933]  </TASK>
[   85.336878][ T5933] Modules linked in:
[   85.351224][ T5933] ---[ end trace 0000000000000000 ]---
[   85.357385][ T5933] RIP: 0010:rose_transmit_link+0x32/0x740
[   85.363535][ T5933] Code: 56 41 55 41 54 53 48 83 ec 18 48 89 f5 49 89 fc 49 be 00 00 00 00 00 fc ff df e8 a9 60 25 f8 4c 8d 7d 36 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 65 05 00 00 41 0f b6 1f 31 ff 89 de e8
[   85.383842][ T5933] RSP: 0018:ffffc90003507910 EFLAGS: 00010207
[   85.390231][ T5933] RAX: 0000000000000006 RBX: 0000000000000000 RCX: ffff88802baeda00
[   85.398417][ T5933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807a437640
[   85.406476][ T5933] RBP: 0000000000000000 R08: ffff88802baeda00 R09: 0000000000000008
[   85.414454][ T5933] R10: 000000000000000f R11: 0000000000000000 R12: ffff88807a437640
[   85.422549][ T5933] R13: dffffc0000000000 R14: dffffc0000000000 R15: 0000000000000036
[   85.430593][ T5933] FS:  00007f4e1e4bb6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[   85.439610][ T5933] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.446305][ T5933] CR2: 000000c00257f3f0 CR3: 00000000300ab000 CR4: 00000000003506e0
[   85.454283][ T5933] Kernel panic - not syncing: Fatal exception
[   85.460710][ T5933] Kernel Offset: disabled
[   85.465048][ T5933] Rebooting in 86400 seconds..