last executing test programs: 668.545605ms ago: executing program 0 (id=1): syz_usb_connect$printer(0x3, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x1, [{0xb1, &(0x7f00000001c0)=ANY=[@ANYBLOB="b10396a81af97584d89f1e91d23d4e54996599431b1bee933037c4df4532ce4ef295fa4241cd85e614b04ed5dc8e2e8ba8edce398a10b11590e66313274056d7d1d6e945283dde83c483dc38d3172ceb80"]}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB], 0x7) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@x86={0x5e, 0x9, 0x4, 0x0, 0x1, 0xc, 0x3, 0x8, 0x2, 0x77, 0x9, 0x1, 0x0, 0xb, 0x100b, 0xf5, 0x1, 0x2, 0x0, '\x00', 0x80, 0x2b7}) 407.648994ms ago: executing program 1 (id=2): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7105090a010402030d65023adb7f7dbe7febb8dc"], 0x14) 394.360147ms ago: executing program 2 (id=3): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000340)={@void, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @val={@void, {0x8100, 0x2, 0x0, 0x2}}, {@ipv6={0x86dd, @udp={0xd, 0x6, '\x00', 0x8, 0x11, 0x0, @empty, @mcast2, {[], {0x4f1c, 0x1b59, 0x3f}}}}}}}, 0x42) 0s ago: executing program 3 (id=4): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.103' (ED25519) to the list of known hosts. [ 173.172088][ T5779] cgroup: Unknown subsys name 'net' [ 173.321695][ T5779] cgroup: Unknown subsys name 'cpuset' [ 173.338207][ T5779] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 219.621456][ T5779] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 223.521739][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 223.533208][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 223.542731][ T5809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 223.551154][ T5809] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 223.583774][ T5807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 223.596907][ T5807] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 223.605214][ T5807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 223.614519][ T5807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 223.615213][ T5806] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 223.627578][ T5807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 223.632651][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 223.640566][ T5807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 223.643885][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 223.687502][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 223.695677][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 223.706451][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 223.706486][ T5807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 223.723981][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 223.725840][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 223.737715][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 223.763287][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 223.765434][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 223.833469][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 223.837825][ T5803] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 223.901418][ T5803] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 224.363778][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.370475][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 225.173811][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 225.205509][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 225.574657][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 225.703140][ T5803] Bluetooth: hci0: command tx timeout [ 225.704893][ T5809] Bluetooth: hci2: command tx timeout [ 225.782992][ T5809] Bluetooth: hci1: command tx timeout [ 225.947415][ T5809] Bluetooth: hci4: command tx timeout [ 225.947456][ T5803] Bluetooth: hci3: command tx timeout [ 226.014684][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 226.071059][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 226.316708][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.324541][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.332295][ T5815] bridge_slave_0: entered allmulticast mode [ 226.341625][ T5815] bridge_slave_0: entered promiscuous mode [ 226.396633][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.404388][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.412021][ T5815] bridge_slave_1: entered allmulticast mode [ 226.421294][ T5815] bridge_slave_1: entered promiscuous mode [ 226.676809][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.684740][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.692587][ T5801] bridge_slave_0: entered allmulticast mode [ 226.701872][ T5801] bridge_slave_0: entered promiscuous mode [ 226.767300][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.777820][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.785615][ T5805] bridge_slave_0: entered allmulticast mode [ 226.795299][ T5805] bridge_slave_0: entered promiscuous mode [ 226.808854][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.818326][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.826022][ T5801] bridge_slave_1: entered allmulticast mode [ 226.835490][ T5801] bridge_slave_1: entered promiscuous mode [ 226.859305][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.882585][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.926272][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.933871][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.941452][ T5805] bridge_slave_1: entered allmulticast mode [ 226.950752][ T5805] bridge_slave_1: entered promiscuous mode [ 227.180172][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.198546][ T5815] team0: Port device team_slave_0 added [ 227.213927][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.263576][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.271046][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.278848][ T5810] bridge_slave_0: entered allmulticast mode [ 227.287140][ T5810] bridge_slave_0: entered promiscuous mode [ 227.338732][ T5815] team0: Port device team_slave_1 added [ 227.355457][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.599954][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.607720][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.617564][ T5810] bridge_slave_1: entered allmulticast mode [ 227.630379][ T5810] bridge_slave_1: entered promiscuous mode [ 227.650724][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.733597][ T5801] team0: Port device team_slave_0 added [ 227.741396][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.749182][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.758344][ T5804] bridge_slave_0: entered allmulticast mode [ 227.766723][ T5804] bridge_slave_0: entered promiscuous mode [ 227.782752][ T5809] Bluetooth: hci0: command tx timeout [ 227.788361][ T5809] Bluetooth: hci2: command tx timeout [ 227.876930][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 227.879012][ T5803] Bluetooth: hci1: command tx timeout [ 227.885396][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.916493][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 227.936636][ T5801] team0: Port device team_slave_1 added [ 227.944815][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.953051][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.960592][ T5804] bridge_slave_1: entered allmulticast mode [ 227.969426][ T5804] bridge_slave_1: entered promiscuous mode [ 227.986461][ T5805] team0: Port device team_slave_0 added [ 228.022720][ T5803] Bluetooth: hci4: command tx timeout [ 228.028353][ T5809] Bluetooth: hci3: command tx timeout [ 228.061411][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.075945][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.083669][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.109936][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.156022][ T5805] team0: Port device team_slave_1 added [ 228.203619][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.334493][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.381968][ T5810] team0: Port device team_slave_0 added [ 228.391596][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.400032][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.427531][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.478524][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.531200][ T5810] team0: Port device team_slave_1 added [ 228.540524][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.547870][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.575439][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.589442][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.596782][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.623242][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.773436][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.780593][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.807738][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 228.854248][ T5804] team0: Port device team_slave_0 added [ 228.874153][ T5815] hsr_slave_0: entered promiscuous mode [ 228.883847][ T5815] hsr_slave_1: entered promiscuous mode [ 228.904011][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.911156][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.937684][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.008509][ T5804] team0: Port device team_slave_1 added [ 229.054723][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.061815][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.088241][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.260394][ T5801] hsr_slave_0: entered promiscuous mode [ 229.270020][ T5801] hsr_slave_1: entered promiscuous mode [ 229.278773][ T5801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.286590][ T5801] Cannot create hsr debugfs directory [ 229.325927][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.333199][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.359603][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.376781][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.385231][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.412663][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.471589][ T5805] hsr_slave_0: entered promiscuous mode [ 229.481406][ T5805] hsr_slave_1: entered promiscuous mode [ 229.490083][ T5805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.497920][ T5805] Cannot create hsr debugfs directory [ 229.640447][ T5810] hsr_slave_0: entered promiscuous mode [ 229.649857][ T5810] hsr_slave_1: entered promiscuous mode [ 229.658235][ T5810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.666091][ T5810] Cannot create hsr debugfs directory [ 229.863188][ T5809] Bluetooth: hci2: command tx timeout [ 229.868830][ T5809] Bluetooth: hci0: command tx timeout [ 229.921424][ T5804] hsr_slave_0: entered promiscuous mode [ 229.930514][ T5804] hsr_slave_1: entered promiscuous mode [ 229.938184][ T5804] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.946125][ T5804] Cannot create hsr debugfs directory [ 229.949160][ T5809] Bluetooth: hci1: command tx timeout [ 230.103977][ T5809] Bluetooth: hci4: command tx timeout [ 230.109648][ T5803] Bluetooth: hci3: command tx timeout [ 231.055119][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 231.079483][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 231.098981][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 231.121422][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 231.290181][ T5801] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 231.318703][ T5801] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 231.337672][ T5801] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 231.359529][ T5801] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 231.473846][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 231.548109][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 231.569692][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 231.638012][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 231.676311][ T5810] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 231.828802][ T5810] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 231.856156][ T5804] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 231.878218][ T5804] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 231.904653][ T5804] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 231.939795][ T5810] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 231.948775][ T5809] Bluetooth: hci2: command tx timeout [ 231.954033][ T5803] Bluetooth: hci0: command tx timeout [ 231.973938][ T5810] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 232.022963][ T5803] Bluetooth: hci1: command tx timeout [ 232.033118][ T5804] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 232.184052][ T5803] Bluetooth: hci4: command tx timeout [ 232.189692][ T5803] Bluetooth: hci3: command tx timeout [ 232.573638][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.645299][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.824102][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.902576][ T3595] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.910096][ T3595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.932311][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.987623][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.045790][ T3595] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.053358][ T3595] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.068520][ T3595] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.076173][ T3595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.170378][ T3861] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.177947][ T3861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.214237][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.334787][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.438701][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.459210][ T3861] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.466775][ T3861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.495548][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.568206][ T5815] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 233.615923][ T3861] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.623521][ T3861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.638402][ T3861] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.645951][ T3861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.675010][ T3861] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.682722][ T3861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.843917][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.996867][ T3595] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.004708][ T3595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.104438][ T3509] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.112027][ T3509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.172118][ T5804] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 234.215351][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 235.411752][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.638978][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.934455][ T5801] veth0_vlan: entered promiscuous mode [ 235.964863][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.997162][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.069975][ T5801] veth1_vlan: entered promiscuous mode [ 236.309434][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.390626][ T5815] veth0_vlan: entered promiscuous mode [ 236.422095][ T5805] veth0_vlan: entered promiscuous mode [ 236.484406][ T5801] veth0_macvtap: entered promiscuous mode [ 236.550675][ T5815] veth1_vlan: entered promiscuous mode [ 236.571036][ T5805] veth1_vlan: entered promiscuous mode [ 236.589955][ T5801] veth1_macvtap: entered promiscuous mode [ 236.814684][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.882041][ T5815] veth0_macvtap: entered promiscuous mode [ 236.916337][ T5810] veth0_vlan: entered promiscuous mode [ 236.945846][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.012878][ T5815] veth1_macvtap: entered promiscuous mode [ 237.040153][ T5801] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.050801][ T5801] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.061107][ T5801] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.072271][ T5801] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.118235][ T5805] veth0_macvtap: entered promiscuous mode [ 237.140225][ T5810] veth1_vlan: entered promiscuous mode [ 237.183087][ T5805] veth1_macvtap: entered promiscuous mode [ 237.283545][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.358914][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.424704][ T5815] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.433942][ T5815] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.443230][ T5815] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.452221][ T5815] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.517804][ T5810] veth0_macvtap: entered promiscuous mode [ 237.534710][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.573563][ T5810] veth1_macvtap: entered promiscuous mode [ 237.629984][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.740295][ T5805] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.750946][ T5805] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.761515][ T5805] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.771789][ T5805] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.809826][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.891175][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.969467][ T5810] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.980215][ T5810] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.990457][ T5810] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.999584][ T5810] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.639449][ T5804] veth0_vlan: entered promiscuous mode [ 238.722725][ T5804] veth1_vlan: entered promiscuous mode [ 239.039549][ T5804] veth0_macvtap: entered promiscuous mode [ 239.127307][ T5804] veth1_macvtap: entered promiscuous mode [ 239.286496][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.364996][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.433451][ T5804] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.445505][ T5804] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.455330][ T5804] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.466835][ T5804] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.404331][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.412777][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.745798][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.754130][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.903001][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.911061][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.248690][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.257795][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.297533][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.305672][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.365526][ T5801] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 244.465752][ T4330] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.474408][ T4330] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.573124][ T3509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.581173][ T3509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.814187][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.823799][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.132908][ T5987] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 245.281699][ T5989] syz.2.3 uses obsolete (PF_INET,SOCK_PACKET) [ 245.576453][ T3763] ===================================================== [ 245.583947][ T3763] BUG: KMSAN: uninit-value in nci_ntf_packet+0x2753/0x42b0 [ 245.591424][ T3763] nci_ntf_packet+0x2753/0x42b0 [ 245.596702][ T3763] nci_rx_work+0x403/0x750 [ 245.601340][ T3763] process_scheduled_works+0xb91/0x1d80 [ 245.607278][ T3763] worker_thread+0xedf/0x1590 [ 245.612434][ T3763] kthread+0xd5c/0xf00 [ 245.616779][ T3763] ret_from_fork+0x1e3/0x310 [ 245.621597][ T3763] ret_from_fork_asm+0x1a/0x30 [ 245.626777][ T3763] [ 245.629211][ T3763] Uninit was created at: [ 245.633919][ T3763] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 245.640034][ T3763] kmalloc_reserve+0x13c/0x4b0 [ 245.647573][ T3763] __alloc_skb+0x347/0x7d0 [ 245.652232][ T3763] virtual_ncidev_write+0x6b/0x430 [ 245.658464][ T3763] vfs_write+0x460/0x1580 [ 245.663156][ T3763] __x64_sys_write+0x1fb/0x4d0 [ 245.668164][ T3763] x64_sys_call+0x38c3/0x3db0 [ 245.673250][ T3763] do_syscall_64+0xd9/0x210 [ 245.677929][ T3763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.684111][ T3763] [ 245.686583][ T3763] CPU: 1 UID: 0 PID: 3763 Comm: kworker/u8:19 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(undef) [ 245.699215][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.709534][ T3763] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 245.715376][ T3763] ===================================================== [ 245.722608][ T3763] Disabling lock debugging due to kernel taint [ 245.728903][ T3763] Kernel panic - not syncing: kmsan.panic set ... [ 245.735518][ T3763] CPU: 1 UID: 0 PID: 3763 Comm: kworker/u8:19 Tainted: G B 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(undef) [ 245.749662][ T3763] Tainted: [B]=BAD_PAGE [ 245.753940][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.764163][ T3763] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 245.769932][ T3763] Call Trace: [ 245.773337][ T3763] [ 245.776396][ T3763] __dump_stack+0x26/0x30 [ 245.780943][ T3763] dump_stack_lvl+0x53/0x270 [ 245.785746][ T3763] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 245.791823][ T3763] dump_stack+0x1e/0x25 [ 245.796232][ T3763] panic+0x4bd/0xd50 [ 245.800417][ T3763] kmsan_report+0x31c/0x320 [ 245.805162][ T3763] ? stack_depot_save_flags+0x35/0x7b0 [ 245.810823][ T3763] ? __msan_warning+0x1b/0x30 [ 245.815711][ T3763] ? nci_ntf_packet+0x2753/0x42b0 [ 245.820952][ T3763] ? nci_rx_work+0x403/0x750 [ 245.825732][ T3763] ? process_scheduled_works+0xb91/0x1d80 [ 245.831705][ T3763] ? worker_thread+0xedf/0x1590 [ 245.836816][ T3763] ? kthread+0xd5c/0xf00 [ 245.841227][ T3763] ? ret_from_fork+0x1e3/0x310 [ 245.846174][ T3763] ? ret_from_fork_asm+0x1a/0x30 [ 245.851814][ T3763] ? ret_from_fork_asm+0x1a/0x30 [ 245.856980][ T3763] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 245.863240][ T3763] ? kmsan_get_metadata+0xfb/0x160 [ 245.868551][ T3763] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 245.875073][ T3763] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 245.881365][ T3763] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 245.887409][ T3763] ? stack_depot_save_flags+0x60f/0x7b0 [ 245.893132][ T3763] ? kmsan_get_metadata+0xfb/0x160 [ 245.898438][ T3763] ? kmsan_internal_memmove_metadata+0x181/0x230 [ 245.904986][ T3763] ? kmsan_get_metadata+0xfb/0x160 [ 245.910298][ T3763] __msan_warning+0x1b/0x30 [ 245.914979][ T3763] nci_ntf_packet+0x2753/0x42b0 [ 245.920025][ T3763] ? advisor_target_scan_time_store+0x130/0x180 [ 245.926506][ T3763] nci_rx_work+0x403/0x750 [ 245.931096][ T3763] ? __pfx_nci_rx_work+0x10/0x10 [ 245.936198][ T3763] process_scheduled_works+0xb91/0x1d80 [ 245.942053][ T3763] worker_thread+0xedf/0x1590 [ 245.946991][ T3763] kthread+0xd5c/0xf00 [ 245.951219][ T3763] ? __pfx_worker_thread+0x10/0x10 [ 245.956620][ T3763] ? __pfx_kthread+0x10/0x10 [ 245.961402][ T3763] ret_from_fork+0x1e3/0x310 [ 245.966188][ T3763] ? __pfx_kthread+0x10/0x10 [ 245.970935][ T3763] ret_from_fork_asm+0x1a/0x30 [ 245.975909][ T3763] [ 245.979385][ T3763] Kernel Offset: disabled [ 245.983802][ T3763] Rebooting in 86400 seconds..