syzkaller login: qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0x3c8000)
[   93.866773][ T1011] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1
[   93.870002][ T1011] ata1: failed to read log page 10h (errno=-5)
[   93.873320][ T1011] ata1.00: exception Emask 0x1 SAct 0x380 SErr 0x0 action 0x0
[   93.886419][ T1011] ata1.00: irq_stat 0x41000000
[   93.889100][ T1011] ata1.00: failed command: WRITE FPDMA QUEUED
[   93.892364][ T1011] ata1.00: cmd 61/00:38:36:41:05/20:00:00:00:00/40 tag 7 ncq dma 4194304 ou
[   93.892364][ T1011]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   93.915609][ T1011] ata1.00: status: { DRDY }
[   93.917628][ T1011] ata1.00: failed command: WRITE FPDMA QUEUED
[   93.920357][ T1011] ata1.00: cmd 61/40:40:36:61:05/1e:00:00:00:00/40 tag 8 ncq dma 3964928 ou
[   93.920357][ T1011]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   93.945815][ T1011] ata1.00: status: { DRDY }
[   93.948013][ T1011] ata1.00: failed command: WRITE FPDMA QUEUED
[   93.951064][ T1011] ata1.00: cmd 61/c0:48:76:7f:05/01:00:00:00:00/40 tag 9 ncq dma 229376 out
[   93.951064][ T1011]          res 50/00:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error)
[   93.975679][ T1011] ata1.00: status: { DRDY }
[   93.979101][ T1011] ata1.00: configured for UDMA/100
[   93.981919][ T1011] ata1: EH complete
Warning: Permanently added '[localhost]:42881' (ED25519) to the list of known hosts.
[   97.303538][   T10] cfg80211: failed to load regulatory.db
2026/03/13 02:58:51 parsed 1 programs
[  100.174195][ T5307] cgroup: Unknown subsys name 'net'
[  100.219905][ T5307] cgroup: Unknown subsys name 'cpuset'
[  100.226762][ T5307] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  102.240606][ T5307] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.873639][ T5326] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  110.823590][   T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.838817][   T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.867602][  T158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  110.872109][  T158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.811117][ T5362] chnl_net:caif_netlink_parms(): no params data found
[  111.978299][ T5362] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.986198][ T5362] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.989444][ T5362] bridge_slave_0: entered allmulticast mode
[  112.005802][ T5362] bridge_slave_0: entered promiscuous mode
[  112.012463][ T5362] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.026417][ T5362] bridge0: port 2(bridge_slave_1) entered disabled state
[  112.029818][ T5362] bridge_slave_1: entered allmulticast mode
[  112.046662][ T5362] bridge_slave_1: entered promiscuous mode
[  112.100865][ T5362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  112.117905][ T5362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.167542][ T5362] team0: Port device team_slave_0 added
[  112.180672][ T5362] team0: Port device team_slave_1 added
[  112.226051][ T5362] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.229338][ T5362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  112.256410][ T5362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.274874][ T5362] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.285898][ T5362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  112.315638][ T5362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.387373][ T5362] hsr_slave_0: entered promiscuous mode
[  112.396418][ T5362] hsr_slave_1: entered promiscuous mode
[  112.708786][ T5362] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.733351][ T5362] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.749919][ T5362] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.767981][ T5362] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.946608][ T5362] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.984386][ T5362] 8021q: adding VLAN 0 to HW filter on device team0
[  113.019987][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.023329][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.038288][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.041994][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.469450][ T5362] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.520237][ T5362] veth0_vlan: entered promiscuous mode
[  113.534118][ T5362] veth1_vlan: entered promiscuous mode
[  113.561842][ T5362] veth0_macvtap: entered promiscuous mode
[  113.571494][ T5362] veth1_macvtap: entered promiscuous mode
[  113.590416][ T5362] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.602960][ T5362] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.612751][   T71] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.638079][   T71] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.647060][   T71] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.652360][   T71] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.820494][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  113.825091][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  113.831041][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  113.838111][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  113.841833][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.868060][   T71] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.912116][   T71] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  113.953196][   T71] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  114.000805][   T71] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  115.818045][   T71] bridge_slave_1: left allmulticast mode
[  115.821110][   T71] bridge_slave_1: left promiscuous mode
[  115.824630][   T71] bridge0: port 2(bridge_slave_1) entered disabled state
[  115.939511][   T71] bridge_slave_0: left allmulticast mode
[  115.941931][   T71] bridge_slave_0: left promiscuous mode
[  115.945288][   T71] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.446587][   T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.468607][   T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.474215][   T71] bond0 (unregistering): Released all slaves
[  116.615407][   T71] hsr_slave_0: left promiscuous mode
[  116.631599][   T71] hsr_slave_1: left promiscuous mode
[  116.635452][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.639179][   T71] batman_adv: batadv0: Removing interface: batadv_slave_0
[  116.643435][   T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.666001][   T71] batman_adv: batadv0: Removing interface: batadv_slave_1
[  116.686742][   T71] veth1_macvtap: left promiscuous mode
[  116.689579][   T71] veth0_macvtap: left promiscuous mode
[  116.692952][   T71] veth1_vlan: left promiscuous mode
[  116.703223][   T71] veth0_vlan: left promiscuous mode
[  117.122920][   T71] team0 (unregistering): Port device team_slave_1 removed
[  117.143241][   T71] team0 (unregistering): Port device team_slave_0 removed
2026/03/13 02:59:14 executed programs: 0
[  119.992379][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.999592][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.006906][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.010752][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.014326][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.232846][ T5452] chnl_net:caif_netlink_parms(): no params data found
[  120.306327][ T5452] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.309630][ T5452] bridge0: port 1(bridge_slave_0) entered disabled state
[  120.312902][ T5452] bridge_slave_0: entered allmulticast mode
[  120.318744][ T5452] bridge_slave_0: entered promiscuous mode
[  120.323470][ T5452] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.326984][ T5452] bridge0: port 2(bridge_slave_1) entered disabled state
[  120.330321][ T5452] bridge_slave_1: entered allmulticast mode
[  120.334398][ T5452] bridge_slave_1: entered promiscuous mode
[  120.363146][ T5452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.373041][ T5452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.400461][ T5452] team0: Port device team_slave_0 added
[  120.406712][ T5452] team0: Port device team_slave_1 added
[  120.431339][ T5452] batman_adv: batadv0: Adding interface: batadv_slave_0
[  120.435832][ T5452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.447771][ T5452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  120.455195][ T5452] batman_adv: batadv0: Adding interface: batadv_slave_1
[  120.459438][ T5452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.472424][ T5452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  120.513971][ T5452] hsr_slave_0: entered promiscuous mode
[  120.517290][ T5452] hsr_slave_1: entered promiscuous mode
[  120.983143][ T5452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  121.006881][ T5452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  121.013646][ T5452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  121.028822][ T5452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  121.089399][ T5452] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.093083][ T5452] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.097507][ T5452] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.100860][ T5452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.219190][ T5452] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.232425][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.247054][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.260702][ T5452] 8021q: adding VLAN 0 to HW filter on device team0
[  121.290971][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.295241][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.315409][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.318824][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.697458][ T5452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.775179][ T5452] veth0_vlan: entered promiscuous mode
[  121.803485][ T5452] veth1_vlan: entered promiscuous mode
[  121.867267][ T5452] veth0_macvtap: entered promiscuous mode
[  121.875345][ T5452] veth1_macvtap: entered promiscuous mode
[  121.905435][ T5452] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.923278][ T5452] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.949091][  T158] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.979819][  T158] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.994462][  T158] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  122.011050][  T158] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.098778][   T45] Bluetooth: hci0: command tx timeout
[  122.107318][  T158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.113439][  T158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.248860][   T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.252828][   T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.466314][ T5495] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  122.508872][ T5495] warning: `syz.0.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  122.541417][ T5495] bridge_slave_0: left allmulticast mode
[  122.544025][ T5495] bridge_slave_0: left promiscuous mode
[  122.580977][ T5495] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.604825][ T5495] bridge_slave_1: left allmulticast mode
[  122.616779][ T5495] bridge_slave_1: left promiscuous mode
[  122.619733][ T5495] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.633721][ T5498] netlink: 'syz.0.17': attribute type 10 has an invalid length.
[  122.659738][ T5495] bond0: (slave bond_slave_0): Releasing backup interface
[  122.668983][ T5495] bond0: (slave bond_slave_1): Releasing backup interface
[  122.684804][ T5501] netlink: 'syz.0.17': attribute type 10 has an invalid length.
[  122.703940][ T5495] team0: Port device team_slave_0 removed
[  122.729078][ T5495] team0: Port device team_slave_1 removed
[  122.732572][ T5495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.748293][ T5495] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.760173][ T5495] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.764952][ T5495] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.780926][ T5495] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  122.807807][ T5498] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  122.825039][ T5498] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.841163][ T5498] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  122.864705][ T5501] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.880533][ T5501] team0: Port device bond0 added
[  122.916002][   T54] Oops: general protection fault, probably for non-canonical address 0xe000080fee63d21a: 0000 [#1] SMP KASAN NOPTI
[  122.922050][   T54] KASAN: probably user-memory-access in range [0x0000607f731e90d0-0x0000607f731e90d7]
[  122.926261][   T54] CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full) 
[  122.930164][   T54] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  122.935887][   T54] Workqueue: mld mld_ifc_work
[  122.938569][   T54] RIP: 0010:bond_header_create+0x150/0x300
[  122.941363][   T54] Code: e8 25 bd 59 fb 45 85 f6 0f 84 a5 00 00 00 e8 d7 b8 59 fb eb 05 e8 d0 b8 59 fb 48 85 ed 0f 84 89 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 71 81 c5 fb 48 8b 6d 00 4c 8d 75
[  122.950498][   T54] RSP: 0018:ffffc90000b0f600 EFLAGS: 00010202
[  122.953355][   T54] RAX: 00000c0fee63d21a RBX: ffffffff866bf37b RCX: ffff888000c524c0
[  122.957026][   T54] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  122.961360][   T54] RBP: 0000607f731e90d0 R08: ffffffff866bf37b R09: ffffffff8e75e420
[  122.965691][   T54] R10: dffffc0000000000 R11: ffffffff866bf340 R12: 00000000000086dd
[  122.969689][   T54] R13: ffff8880127763c0 R14: 0000000000000001 R15: dffffc0000000000
[  122.973014][   T54] FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  122.976306][   T54] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  122.978751][   T54] CR2: 00007f2fbfe3ff8c CR3: 0000000012645000 CR4: 0000000000352ef0
[  122.982300][   T54] Call Trace:
[  122.983699][   T54]  <TASK>
[  122.984859][   T54]  ? __pfx_bond_header_create+0x10/0x10
[  122.987970][   T54]  neigh_connected_output+0x286/0x460
[  122.991056][   T54]  ip6_finish_output+0x2e5/0x740
[  122.993767][   T54]  ? ip6_output+0x126/0x550
[  122.995822][   T54]  ip6_output+0x340/0x550
[  122.997776][   T54]  ? __pfx_ip6_output+0x10/0x10
[  122.999964][   T54]  NF_HOOK+0x177/0x4f0
[  123.001786][   T54]  ? __pfx_NF_HOOK+0x10/0x10
[  123.004132][   T54]  ? __pfx_dst_output+0x10/0x10
[  123.006310][   T54]  ? lockdep_hardirqs_on+0x7a/0x110
[  123.008783][   T54]  ? __local_bh_enable_ip+0xd0/0x130
[  123.011547][   T54]  ? icmp6_dst_alloc+0x3a6/0x440
[  123.014608][   T54]  mld_sendpack+0x8b4/0xe40
[  123.017282][   T54]  ? look_up_lock_class+0x57/0x110
[  123.020029][   T54]  ? mld_sendpack+0x213/0xe40
[  123.022252][   T54]  ? __pfx_mld_sendpack+0x10/0x10
[  123.024567][   T54]  mld_ifc_work+0x835/0xe70
[  123.026681][   T54]  ? process_scheduled_works+0xa25/0x1830
[  123.029211][   T54]  process_scheduled_works+0xb02/0x1830
[  123.031863][   T54]  ? __pfx_process_scheduled_works+0x10/0x10
[  123.035349][   T54]  ? assign_work+0x3d5/0x5e0
[  123.038526][   T54]  worker_thread+0xa50/0xfc0
[  123.041316][   T54]  kthread+0x388/0x470
[  123.043439][   T54]  ? __pfx_worker_thread+0x10/0x10
[  123.045826][   T54]  ? __pfx_kthread+0x10/0x10
[  123.047921][   T54]  ret_from_fork+0x51e/0xb90
[  123.050172][   T54]  ? __pfx_ret_from_fork+0x10/0x10
[  123.052469][   T54]  ? __switch_to+0xc7d/0x1450
[  123.054670][   T54]  ? __pfx_kthread+0x10/0x10
[  123.056896][   T54]  ret_from_fork_asm+0x1a/0x30
[  123.058948][   T54]  </TASK>
[  123.060334][   T54] Modules linked in:
[  123.062587][   T54] ---[ end trace 0000000000000000 ]---
[  123.288170][   T54] RIP: 0010:bond_header_create+0x150/0x300
[  123.291455][   T54] Code: e8 25 bd 59 fb 45 85 f6 0f 84 a5 00 00 00 e8 d7 b8 59 fb eb 05 e8 d0 b8 59 fb 48 85 ed 0f 84 89 00 00 00 48 89 e8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 ef e8 71 81 c5 fb 48 8b 6d 00 4c 8d 75
[  123.325828][   T54] RSP: 0018:ffffc90000b0f600 EFLAGS: 00010202
[  123.329044][   T54] RAX: 00000c0fee63d21a RBX: ffffffff866bf37b RCX: ffff888000c524c0
[  123.332609][   T54] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  123.367671][   T54] RBP: 0000607f731e90d0 R08: ffffffff866bf37b R09: ffffffff8e75e420
[  123.371389][   T54] R10: dffffc0000000000 R11: ffffffff866bf340 R12: 00000000000086dd
[  123.375022][   T54] R13: ffff8880127763c0 R14: 0000000000000001 R15: dffffc0000000000
[  123.406702][   T54] FS:  0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  123.411021][   T54] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  123.414922][   T54] CR2: 000055e232d92000 CR3: 000000000e54c000 CR4: 0000000000352ef0
[  123.438997][   T54] Kernel panic - not syncing: Fatal exception
[  123.442598][   T54] Kernel Offset: disabled
[  123.444761][   T54] Rebooting in 86400 seconds..