Warning: Permanently added '[localhost]:9149' (ED25519) to the list of known hosts. 2026/02/09 04:00:52 parsed 1 programs syzkaller login: [ 63.589061][ T5840] cgroup: Unknown subsys name 'net' [ 63.731911][ T5840] cgroup: Unknown subsys name 'cpuset' [ 63.736590][ T5840] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.538194][ T5840] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.062528][ T5848] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.472666][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.476949][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.481536][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.485725][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.490186][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 69.823044][ T3786] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.825408][ T3786] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.867115][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.870041][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.491958][ T5916] chnl_net:caif_netlink_parms(): no params data found [ 70.556947][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.561926][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.564095][ T5916] bridge_slave_0: entered allmulticast mode [ 70.566671][ T5916] bridge_slave_0: entered promiscuous mode [ 70.572611][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.574782][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.576930][ T5916] bridge_slave_1: entered allmulticast mode [ 70.582560][ T5916] bridge_slave_1: entered promiscuous mode [ 70.618729][ T5916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.623213][ T5916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.640021][ T5916] team0: Port device team_slave_0 added [ 70.643270][ T5916] team0: Port device team_slave_1 added [ 70.677801][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.679907][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.688565][ T5916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.697112][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.699732][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.707519][ T5916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.733404][ T5916] hsr_slave_0: entered promiscuous mode [ 70.735763][ T5916] hsr_slave_1: entered promiscuous mode [ 70.843654][ T5916] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.850741][ T5916] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.855261][ T5916] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.861105][ T5916] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.882154][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.884349][ T5916] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.886998][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.889162][ T5916] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.929609][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.939525][ T32] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.942490][ T32] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.950519][ T5916] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.956777][ T32] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.959240][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.968713][ T32] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.970871][ T32] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.078917][ T5916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.111390][ T5916] veth0_vlan: entered promiscuous mode [ 71.117069][ T5916] veth1_vlan: entered promiscuous mode [ 71.134987][ T5916] veth0_macvtap: entered promiscuous mode [ 71.140632][ T5916] veth1_macvtap: entered promiscuous mode [ 71.152362][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.160930][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.168750][ T5668] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.172384][ T5668] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.179342][ T5668] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.182817][ T5668] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.278630][ T5668] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.333223][ T5668] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.405946][ T5668] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 71.482253][ T5668] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2026/02/09 04:01:02 executed programs: 0 [ 71.736628][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.739609][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.742218][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.745121][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.749224][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.866049][ T5949] chnl_net:caif_netlink_parms(): no params data found [ 71.959801][ T5949] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.962061][ T5949] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.964435][ T5949] bridge_slave_0: entered allmulticast mode [ 71.967880][ T5949] bridge_slave_0: entered promiscuous mode [ 71.971342][ T5949] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.973620][ T5949] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.975847][ T5949] bridge_slave_1: entered allmulticast mode [ 71.979015][ T5949] bridge_slave_1: entered promiscuous mode [ 72.001778][ T5949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.006806][ T5949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.027435][ T5949] team0: Port device team_slave_0 added [ 72.031035][ T5949] team0: Port device team_slave_1 added [ 72.048645][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.051089][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.059351][ T5949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.063884][ T5949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.066008][ T5949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.075450][ T5949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.104851][ T5949] hsr_slave_0: entered promiscuous mode [ 72.107608][ T5949] hsr_slave_1: entered promiscuous mode [ 72.109999][ T5949] debugfs: 'hsr0' already exists in 'hsr' [ 72.111759][ T5949] Cannot create hsr debugfs directory [ 73.828097][ T55] Bluetooth: hci0: command tx timeout [ 74.498613][ T5668] bridge_slave_1: left allmulticast mode [ 74.500946][ T5668] bridge_slave_1: left promiscuous mode [ 74.503841][ T5668] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.514115][ T5668] bridge_slave_0: left allmulticast mode [ 74.515795][ T5668] bridge_slave_0: left promiscuous mode [ 74.518430][ T5668] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.696874][ T5668] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.701979][ T5668] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.705311][ T5668] bond0 (unregistering): Released all slaves [ 74.819738][ T5668] hsr_slave_0: left promiscuous mode [ 74.822654][ T5668] hsr_slave_1: left promiscuous mode [ 74.825349][ T5668] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.829363][ T5668] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.833925][ T5668] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 74.836804][ T5668] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.857765][ T5668] veth1_macvtap: left promiscuous mode [ 74.860155][ T5668] veth0_macvtap: left promiscuous mode [ 74.862460][ T5668] veth1_vlan: left promiscuous mode [ 74.865219][ T5668] veth0_vlan: left promiscuous mode [ 75.154485][ T5668] team0 (unregistering): Port device team_slave_1 removed [ 75.174369][ T5668] team0 (unregistering): Port device team_slave_0 removed [ 75.657676][ T5949] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.663139][ T5949] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.668109][ T5949] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.673475][ T5949] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.819823][ T5949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.837425][ T5949] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.843927][ T3786] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.846716][ T3786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.857888][ T3786] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.860583][ T3786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.907903][ T55] Bluetooth: hci0: command tx timeout [ 76.005890][ T5949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.043060][ T5949] veth0_vlan: entered promiscuous mode [ 76.051380][ T5949] veth1_vlan: entered promiscuous mode [ 76.069250][ T5949] veth0_macvtap: entered promiscuous mode [ 76.073641][ T5949] veth1_macvtap: entered promiscuous mode [ 76.084118][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.090987][ T5949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.099222][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.103565][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.108250][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.113098][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.155102][ T4512] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.159202][ T4512] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.174841][ T4512] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.179063][ T4512] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.226908][ T5980] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] SMP KASAN PTI [ 76.230576][ T5980] KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057] [ 76.233715][ T5980] CPU: 0 UID: 0 PID: 5980 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) [ 76.237100][ T5980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 76.240842][ T5980] RIP: 0010:tnl_update_pmtu+0x52b/0x1190 [ 76.242950][ T5980] Code: c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 ad 38 2a f8 4c 8b 3b 49 83 c7 50 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 87 38 2a f8 4d 8b 3f 4d 85 ff 8b 5c [ 76.250034][ T5980] RSP: 0018:ffffc90003d56e28 EFLAGS: 00010206 [ 76.252301][ T5980] RAX: 000000000000000a RBX: ffffc90003d57ba8 RCX: dffffc0000000000 [ 76.255178][ T5980] RDX: 0000000000000000 RSI: ffffc90003d57ba0 RDI: 0000000000000000 [ 76.258058][ T5980] RBP: ffffc90003d57ba0 R08: ffffffff89db4393 R09: ffffffff8e35a3a0 [ 76.260949][ T5980] R10: ffffc90003d56de0 R11: fffff520007aadbe R12: ffff88816a305380 [ 76.263902][ T5980] R13: ffff88816a3053d8 R14: 1ffff1102d460a7b R15: 0000000000000050 [ 76.266847][ T5980] FS: 000055559418b500(0000) GS:ffff88818e327000(0000) knlGS:0000000000000000 [ 76.270054][ T5980] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.272444][ T5980] CR2: 0000001b30863fff CR3: 00000001bea06000 CR4: 00000000000006f0 [ 76.275300][ T5980] Call Trace: [ 76.276498][ T5980] [ 76.277369][ T5980] ip_tunnel_xmit+0xd36/0x2430 [ 76.278971][ T5980] ? unwind_next_frame+0xa5/0x23c0 [ 76.280811][ T5980] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 76.282711][ T5980] ? gre_build_header+0x31f/0xa40 [ 76.284557][ T5980] ? __pfx_gre_build_header+0x10/0x10 [ 76.286533][ T5980] ? iptunnel_handle_offloads+0x2fd/0x630 [ 76.288628][ T5980] ipgre_xmit+0x8e6/0xc60 [ 76.290241][ T5980] ? __pfx_ipgre_xmit+0x10/0x10 [ 76.292051][ T5980] dev_hard_start_xmit+0x2cd/0x7f0 [ 76.293922][ T5980] __dev_queue_xmit+0x14dd/0x32a0 [ 76.295780][ T5980] ? __dev_queue_xmit+0x2a7/0x32a0 [ 76.297482][ T5980] ? __pfx___dev_queue_xmit+0x10/0x10 [ 76.299305][ T5980] ? rcu_is_watching+0x15/0xb0 [ 76.301039][ T5980] ? trace_kmalloc+0x1f/0xb0 [ 76.302728][ T5980] ? __kmalloc_node_track_caller_noprof+0x577/0x7f0 [ 76.305115][ T5980] ? skb_release_data+0x2b6/0x7c0 [ 76.306944][ T5980] ? pskb_expand_head+0xb44/0x1160 [ 76.308800][ T5980] __bpf_tx_skb+0x18e/0x260 [ 76.310473][ T5980] bpf_clone_redirect+0x313/0x4b0 [ 76.312364][ T5980] ? bpf_test_run+0x1d1/0x830 [ 76.314080][ T5980] bpf_prog_7c64685fc60f7d44+0x5f/0x68 [ 76.316054][ T5980] ? do_raw_spin_lock+0x12b/0x2f0 [ 76.317901][ T5980] ? lock_acquire+0x106/0x330 [ 76.319629][ T5980] ? ktime_get+0x45/0x200 [ 76.321224][ T5980] ? seqcount_lockdep_reader_access+0xa9/0x100 [ 76.323504][ T5980] ? kvm_clock_get_cycles+0x47/0x60 [ 76.325402][ T5980] ? ktime_get+0x1d2/0x200 [ 76.327054][ T5980] bpf_test_run+0x354/0x830 [ 76.328727][ T5980] ? __pfx_bpf_test_run+0x10/0x10 [ 76.330557][ T5980] ? bpf_prog_test_run_skb+0x12cf/0x1e00 [ 76.332597][ T5980] bpf_prog_test_run_skb+0x13b4/0x1e00 [ 76.334553][ T5980] ? __lock_acquire+0x6b5/0x2cf0 [ 76.336390][ T5980] ? futex_hash+0x40/0x2d0 [ 76.337978][ T5980] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 76.340117][ T5980] ? __pfx_dst_discard+0x10/0x10 [ 76.341952][ T5980] ? __pfx_dst_discard_out+0x10/0x10 [ 76.343857][ T5980] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 76.345973][ T5980] bpf_prog_test_run+0x2c7/0x340 [ 76.347782][ T5980] __sys_bpf+0x643/0x950 [ 76.349341][ T5980] ? __pfx___sys_bpf+0x10/0x10 [ 76.351096][ T5980] ? __pfx___se_sys_futex+0x10/0x10 [ 76.353008][ T5980] __x64_sys_bpf+0x7c/0x90 [ 76.354617][ T5980] do_syscall_64+0xe2/0xf80 [ 76.355917][ T5980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.357641][ T5980] ? trace_irq_disable+0x37/0x100 [ 76.359233][ T5980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.361199][ T5980] RIP: 0033:0x7f6668d9acb9 [ 76.362747][ T5980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 76.369234][ T5980] RSP: 002b:00007ffcdef544a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 76.371668][ T5980] RAX: ffffffffffffffda RBX: 00007f6669015fa0 RCX: 00007f6668d9acb9 [ 76.373911][ T5980] RDX: 000000000000002c RSI: 0000200000000080 RDI: 000000000000000a [ 76.376193][ T5980] RBP: 00007f6668e08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 76.378468][ T5980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.380732][ T5980] R13: 00007f6669015fac R14: 00007f6669015fa0 R15: 00007f6669015fa0 [ 76.383166][ T5980] [ 76.384108][ T5980] Modules linked in: [ 76.385399][ T5980] ---[ end trace 0000000000000000 ]--- [ 76.387005][ T5980] RIP: 0010:tnl_update_pmtu+0x52b/0x1190 [ 76.388739][ T5980] Code: c1 e8 03 42 80 3c 38 00 74 08 48 89 df e8 ad 38 2a f8 4c 8b 3b 49 83 c7 50 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 87 38 2a f8 4d 8b 3f 4d 85 ff 8b 5c [ 76.394275][ T5980] RSP: 0018:ffffc90003d56e28 EFLAGS: 00010206 [ 76.396029][ T5980] RAX: 000000000000000a RBX: ffffc90003d57ba8 RCX: dffffc0000000000 [ 76.398378][ T5980] RDX: 0000000000000000 RSI: ffffc90003d57ba0 RDI: 0000000000000000 [ 76.400711][ T5980] RBP: ffffc90003d57ba0 R08: ffffffff89db4393 R09: ffffffff8e35a3a0 [ 76.403022][ T5980] R10: ffffc90003d56de0 R11: fffff520007aadbe R12: ffff88816a305380 [ 76.405329][ T5980] R13: ffff88816a3053d8 R14: 1ffff1102d460a7b R15: 0000000000000050 [ 76.407684][ T5980] FS: 000055559418b500(0000) GS:ffff88818e327000(0000) knlGS:0000000000000000 [ 76.410250][ T5980] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.412181][ T5980] CR2: 0000001b30863fff CR3: 00000001bea06000 CR4: 00000000000006f0 [ 76.414602][ T5980] Kernel panic - not syncing: Fatal exception in interrupt [ 76.417377][ T5980] Kernel Offset: disabled [ 76.418648][ T5980] Rebooting in 86400 seconds..