[   40.103385][ T5456] 8021q: adding VLAN 0 to HW filter on device bond0
[   40.122503][ T5456] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting crond: OK
Starting sshd: [   40.774758][ T5540] sshd (5540) used greatest stack depth: 20784 bytes left
OK

syzkaller
Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts.
2025/12/04 17:33:21 parsed 1 programs
syzkaller login: [   70.309617][ T5790] cgroup: Unknown subsys name 'net'
[   70.412613][ T5790] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   71.692309][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[   71.698905][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[   71.792442][ T5790] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   73.549535][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   73.560088][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   73.570091][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   73.579715][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   73.587523][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   73.595296][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.035234][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   74.112637][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.124543][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.132909][ T5829] bridge_slave_0: entered allmulticast mode
[   74.143147][ T5829] bridge_slave_0: entered promiscuous mode
[   74.162804][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.174262][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.182735][ T5829] bridge_slave_1: entered allmulticast mode
[   74.189762][ T5829] bridge_slave_1: entered promiscuous mode
[   74.214131][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   74.225081][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   74.250912][ T5829] team0: Port device team_slave_0 added
[   74.258798][ T5829] team0: Port device team_slave_1 added
[   74.281178][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   74.288191][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.314924][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   74.343597][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   74.350623][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   74.376696][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   74.412112][ T5829] hsr_slave_0: entered promiscuous mode
[   74.418778][ T5829] hsr_slave_1: entered promiscuous mode
[   74.554047][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   74.578191][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   74.587584][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   74.597227][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.623727][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.630974][ T5829] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.639190][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.646340][ T5829] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.710772][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.737782][ T3466] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.746524][ T3466] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.776853][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   74.796519][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.803609][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.816201][ T3499] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.823325][ T3499] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.871184][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   75.031369][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.083041][ T5829] veth0_vlan: entered promiscuous mode
[   75.093497][ T5829] veth1_vlan: entered promiscuous mode
[   75.123088][ T5829] veth0_macvtap: entered promiscuous mode
[   75.137439][ T5829] veth1_macvtap: entered promiscuous mode
[   75.153389][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.167397][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.179491][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.188384][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.198046][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.206995][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.325799][ T3466] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   76.467754][   T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.481294][   T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.511260][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.519703][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/04 17:33:30 executed programs: 0
[   77.743720][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.751789][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.760151][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.770033][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.779011][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.786418][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.896778][ T3466] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   77.933691][ T5897] chnl_net:caif_netlink_parms(): no params data found
[   77.986669][ T5897] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.993811][ T5897] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.001924][ T5897] bridge_slave_0: entered allmulticast mode
[   78.008974][ T5897] bridge_slave_0: entered promiscuous mode
[   78.017564][ T5897] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.024663][ T5897] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.032263][ T5897] bridge_slave_1: entered allmulticast mode
[   78.039770][ T5897] bridge_slave_1: entered promiscuous mode
[   78.065291][ T5897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.077171][ T5897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.104593][ T5897] team0: Port device team_slave_0 added
[   78.113224][ T5897] team0: Port device team_slave_1 added
[   78.135212][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.142233][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.168641][ T5897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.181437][ T5897] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.188482][ T5897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.214408][ T5897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.250495][ T5897] hsr_slave_0: entered promiscuous mode
[   78.257915][ T5897] hsr_slave_1: entered promiscuous mode
[   78.264237][ T5897] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.272329][ T5897] Cannot create hsr debugfs directory
[   79.846037][   T51] Bluetooth: hci0: command tx timeout
[   80.115640][ T3466] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.189162][ T3466] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.049660][ T5897] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.061837][ T5897] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.076312][ T3466] hsr_slave_0: left promiscuous mode
[   81.082257][ T3466] hsr_slave_1: left promiscuous mode
[   81.088932][ T3466] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   81.096554][ T3466] batman_adv: batadv0: Removing interface: batadv_slave_0
[   81.104567][ T3466] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   81.112218][ T3466] batman_adv: batadv0: Removing interface: batadv_slave_1
[   81.120083][ T3466] bridge_slave_1: left allmulticast mode
[   81.125964][ T3466] bridge_slave_1: left promiscuous mode
[   81.132322][ T3466] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.143189][ T3466] bridge_slave_0: left allmulticast mode
[   81.149928][ T3466] bridge_slave_0: left promiscuous mode
[   81.155841][ T3466] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.173484][ T3466] veth1_macvtap: left promiscuous mode
[   81.179520][ T3466] veth0_macvtap: left promiscuous mode
[   81.186545][ T3466] veth1_vlan: left promiscuous mode
[   81.192217][ T3466] veth0_vlan: left promiscuous mode
[   81.549182][ T3466] team0 (unregistering): Port device team_slave_1 removed
[   81.578860][ T3466] team0 (unregistering): Port device team_slave_0 removed
[   81.608983][ T3466] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.640513][ T3466] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.924094][ T3466] bond0 (unregistering): Released all slaves
[   81.940264][   T51] Bluetooth: hci0: command tx timeout
[   81.950657][    T8] cfg80211: failed to load regulatory.db
[   82.016439][ T5897] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.025816][ T5897] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.095195][ T5897] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.120107][ T5897] 8021q: adding VLAN 0 to HW filter on device team0
[   82.135540][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.142683][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.160374][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.167542][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.220034][ T5897] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   82.387313][ T5897] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.428297][ T5897] veth0_vlan: entered promiscuous mode
[   82.443479][ T5897] veth1_vlan: entered promiscuous mode
[   82.493882][ T5897] veth0_macvtap: entered promiscuous mode
[   82.523226][ T5897] veth1_macvtap: entered promiscuous mode
[   82.560405][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.594103][ T5897] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.605699][ T5897] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.614443][ T5897] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.624275][ T5897] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.634129][ T5897] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.728679][ T3499] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.737024][ T3499] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.761514][ T3499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.769399][ T3499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.927940][    C1] ------------[ cut here ]------------
[   82.933719][    C1] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xfff with flags 0x40
[   82.944652][    C1] WARNING: CPU: 1 PID: 22 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880
[   82.954573][    C1] Modules linked in:
[   82.958568][    C1] CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0
[   82.965898][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   82.976016][    C1] RIP: 0010:__rate_control_send_low+0x635/0x880
[   82.982284][    C1] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 80 ae be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 ab 02 69 f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff
[   83.001995][    C1] RSP: 0018:ffffc900001c73c0 EFLAGS: 00010246
[   83.008118][    C1] RAX: cf3afcf8ddf62600 RBX: 000000000000000c RCX: ffff88801ba6bc00
[   83.016159][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[   83.024146][    C1] RBP: 0000000000000084 R08: ffffc900001c6fc7 R09: 1ffff92000038df8
[   83.032205][    C1] R10: dffffc0000000000 R11: fffff52000038df9 R12: 0000000000000040
[   83.040257][    C1] R13: dffffc0000000000 R14: ffff88802837b358 R15: ffff8880192f0668
[   83.048320][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[   83.057344][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.063949][    C1] CR2: 00007f85f53e6088 CR3: 000000002e11e000 CR4: 00000000003506e0
[   83.072029][    C1] Call Trace:
[   83.075327][    C1]  <TASK>
[   83.078354][    C1]  rate_control_send_low+0x194/0x790
[   83.083676][    C1]  rate_control_get_rate+0x20b/0x5c0
[   83.089052][    C1]  ieee80211_beacon_get_finish+0x38d/0x6b0
[   83.094896][    C1]  ? ieee80211_set_beacon_cntdwn+0x660/0x660
[   83.100966][    C1]  ? __local_bh_enable_ip+0x12e/0x1c0
[   83.106401][    C1]  ? _local_bh_enable+0xa0/0xa0
[   83.111278][    C1]  ieee80211_beacon_get_ap+0x1429/0x1970
[   83.117021][    C1]  ? ieee80211_tx_8023+0x3c0/0x3c0
[   83.122169][    C1]  ? read_lock_is_recursive+0x20/0x20
[   83.127641][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[   83.133222][    C1]  __ieee80211_beacon_get+0x10eb/0x1600
[   83.138892][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[   83.144470][    C1]  ieee80211_beacon_get_tim+0xb8/0x560
[   83.150019][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[   83.156845][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[   83.162424][    C1]  __iterate_interfaces+0x243/0x500
[   83.167710][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[   83.173972][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[   83.181262][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0
[   83.187557][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[   83.194612][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[   83.199903][    C1]  __hrtimer_run_queues+0x51e/0xc40
[   83.205127][    C1]  ? hw_scan_work+0xf40/0xf40
[   83.209889][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[   83.215019][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[   83.221202][    C1]  hrtimer_run_softirq+0x187/0x2b0
[   83.226382][    C1]  handle_softirqs+0x280/0x820
[   83.231169][    C1]  ? run_ksoftirqd+0x9c/0xf0
[   83.235848][    C1]  ? do_softirq+0x180/0x180
[   83.240378][    C1]  run_ksoftirqd+0x9c/0xf0
[   83.244816][    C1]  ? ksoftirqd_should_run+0x20/0x20
[   83.250095][    C1]  ? takeover_tasklets+0x810/0x810
[   83.255236][    C1]  ? takeover_tasklets+0x810/0x810
[   83.260444][    C1]  ? ksoftirqd_should_run+0x20/0x20
[   83.265703][    C1]  smpboot_thread_fn+0x635/0xa00
[   83.270673][    C1]  ? smpboot_thread_fn+0x50/0xa00
[   83.275785][    C1]  kthread+0x2fa/0x390
[   83.279878][    C1]  ? smpboot_unregister_percpu_thread+0x2a0/0x2a0
[   83.286382][    C1]  ? kthread_blkcg+0xd0/0xd0
[   83.291003][    C1]  ret_from_fork+0x48/0x80
[   83.295499][    C1]  ? kthread_blkcg+0xd0/0xd0
[   83.300104][    C1]  ret_from_fork_asm+0x11/0x20
[   83.304905][    C1]  </TASK>
[   83.308005][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   83.315293][    C1] CPU: 1 PID: 22 Comm: ksoftirqd/1 Not tainted syzkaller #0
[   83.322591][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   83.332668][    C1] Call Trace:
[   83.335950][    C1]  <TASK>
[   83.338891][    C1]  dump_stack_lvl+0x16c/0x230
[   83.343591][    C1]  ? show_regs_print_info+0x20/0x20
[   83.348811][    C1]  ? load_image+0x3b0/0x3b0
[   83.353341][    C1]  panic+0x2c0/0x710
[   83.357253][    C1]  ? bpf_jit_dump+0xd0/0xd0
[   83.361775][    C1]  ? ret_from_fork_asm+0x11/0x20
[   83.366737][    C1]  __warn+0x2e0/0x470
[   83.370727][    C1]  ? __rate_control_send_low+0x635/0x880
[   83.376372][    C1]  ? __rate_control_send_low+0x635/0x880
[   83.382012][    C1]  report_bug+0x2be/0x4f0
[   83.386376][    C1]  ? __rate_control_send_low+0x635/0x880
[   83.392022][    C1]  ? __rate_control_send_low+0x635/0x880
[   83.397665][    C1]  ? __rate_control_send_low+0x637/0x880
[   83.403314][    C1]  handle_bug+0xcf/0x120
[   83.407576][    C1]  exc_invalid_op+0x1a/0x50
[   83.412102][    C1]  asm_exc_invalid_op+0x1a/0x20
[   83.416978][    C1] RIP: 0010:__rate_control_send_low+0x635/0x880
[   83.423237][    C1] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7