last executing test programs: 9.775316144s ago: executing program 3 (id=129): mq_timedsend(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 9.551552445s ago: executing program 3 (id=136): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/load', 0x2, 0x0) 9.404281416s ago: executing program 3 (id=141): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock', 0x2, 0x0) 9.279936617s ago: executing program 3 (id=147): pause() 7.003593356s ago: executing program 1 (id=226): syz_open_dev$ircomm(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ircomm(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ircomm(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ircomm(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$ircomm(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$ircomm(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$ircomm(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$ircomm(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$ircomm(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$ircomm(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$ircomm(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$ircomm(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$ircomm(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$ircomm(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$ircomm(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$ircomm(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$ircomm(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$ircomm(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$ircomm(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$ircomm(&(0x7f0000000500), 0x4, 0x800) 6.90378925s ago: executing program 1 (id=230): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mali0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mali0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mali0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mali0', 0x800, 0x0) 6.884500245s ago: executing program 2 (id=231): faccessat(0xffffffffffffffff, &(0x7f0000000000), 0x0) 6.775553558s ago: executing program 1 (id=233): socket$nl_rdma(0x10, 0x3, 0x14) 6.749898261s ago: executing program 2 (id=236): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp', 0x800, 0x0) 6.72597143s ago: executing program 1 (id=237): alarm(0x0) 6.64735007s ago: executing program 0 (id=238): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 6.647246126s ago: executing program 4 (id=239): rename(&(0x7f0000000000), &(0x7f0000000000)) 6.621193042s ago: executing program 1 (id=240): syz_open_dev$drirender(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$drirender(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$drirender(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$drirender(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$drirender(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$drirender(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$drirender(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$drirender(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$drirender(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$drirender(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$drirender(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$drirender(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$drirender(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$drirender(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$drirender(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$drirender(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$drirender(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$drirender(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$drirender(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$drirender(&(0x7f0000000500), 0x4, 0x800) 6.593363111s ago: executing program 0 (id=241): rt_sigsuspend(&(0x7f0000000000), 0x0) 6.527164221s ago: executing program 4 (id=242): uname(&(0x7f0000000000)) 6.380250561s ago: executing program 4 (id=245): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm', 0x800, 0x0) 6.259285135s ago: executing program 4 (id=246): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio', 0x800, 0x0) 6.173756089s ago: executing program 3 (id=247): chdir(&(0x7f0000000000)) 5.942683687s ago: executing program 2 (id=249): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg/0:0:0:0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg/0:0:0:0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg/0:0:0:0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg/0:0:0:0', 0x800, 0x0) 5.833234187s ago: executing program 2 (id=250): socket$inet6_dccp(0xa, 0x6, 0x0) 5.445629112s ago: executing program 4 (id=251): syncfs(0xffffffffffffffff) 5.223698015s ago: executing program 2 (id=253): syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$dvb_frontend(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$dvb_frontend(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$dvb_frontend(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$dvb_frontend(&(0x7f0000000500), 0x2c, 0x800) 5.095682616s ago: executing program 2 (id=254): syz_open_dev$usbfs(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2c, 0x800) 4.856638269s ago: executing program 0 (id=243): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.855369838s ago: executing program 1 (id=244): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.366526236s ago: executing program 3 (id=248): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.340407644s ago: executing program 4 (id=252): expanding glob: /sys/**/* 1.188654671s ago: executing program 0 (id=255): syz_open_dev$sndmidi(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2b, 0x800) 356.604119ms ago: executing program 0 (id=256): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800) 0s ago: executing program 0 (id=257): syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. [ 195.249472][ T5748] cgroup: Unknown subsys name 'net' [ 195.384641][ T5748] cgroup: Unknown subsys name 'cpuset' [ 195.400901][ T5748] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 201.887689][ T5748] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 204.172488][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.179481][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 212.738913][ T6001] mmap: syz.1.222 (6001) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 214.279497][ T6036] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 214.291272][ T6036] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 214.304870][ T6036] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 214.321562][ T6036] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 214.337659][ T6036] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 215.860557][ T6030] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 216.394080][ T5069] Bluetooth: hci0: command tx timeout [ 218.478382][ T5069] Bluetooth: hci0: command tx timeout [ 220.553077][ T5069] Bluetooth: hci0: command tx timeout [ 222.633028][ T5069] Bluetooth: hci0: command tx timeout [ 240.641754][ T6036] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 240.652910][ T6036] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 240.667248][ T6036] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 240.707031][ T6036] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 240.721806][ T6036] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 240.779932][ T5069] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 240.791429][ T5069] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 240.801416][ T5069] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 240.817342][ T5069] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 240.830990][ T5069] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 240.949600][ T5069] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 240.970030][ T5069] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 240.979674][ T5069] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 241.007764][ T5069] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 241.019390][ T5069] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 241.045458][ T6083] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 241.060363][ T6083] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 241.084219][ T6083] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 241.110894][ T6083] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 241.123170][ T6083] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 241.186654][ T5069] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 241.203372][ T5069] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 241.214475][ T5069] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 241.231063][ T5069] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 241.247450][ T5069] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 242.793164][ T5069] Bluetooth: hci0: command tx timeout [ 242.875020][ T5069] Bluetooth: hci1: command tx timeout [ 242.911537][ T6080] chnl_net:caif_netlink_parms(): no params data found [ 243.113028][ T5069] Bluetooth: hci2: command tx timeout [ 243.187800][ T6088] chnl_net:caif_netlink_parms(): no params data found [ 243.194066][ T5069] Bluetooth: hci3: command tx timeout [ 243.249469][ T6081] chnl_net:caif_netlink_parms(): no params data found [ 243.273000][ T5069] Bluetooth: hci4: command tx timeout [ 243.694926][ T6091] chnl_net:caif_netlink_parms(): no params data found [ 244.018600][ T6085] chnl_net:caif_netlink_parms(): no params data found [ 244.068591][ T6080] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.077167][ T6080] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.086657][ T6080] bridge_slave_0: entered allmulticast mode [ 244.098000][ T6080] bridge_slave_0: entered promiscuous mode [ 244.189464][ T6080] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.198529][ T6080] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.208106][ T6080] bridge_slave_1: entered allmulticast mode [ 244.219381][ T6080] bridge_slave_1: entered promiscuous mode [ 244.348667][ T6088] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.357448][ T6088] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.366811][ T6088] bridge_slave_0: entered allmulticast mode [ 244.377991][ T6088] bridge_slave_0: entered promiscuous mode [ 244.476941][ T6088] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.486322][ T6088] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.495905][ T6088] bridge_slave_1: entered allmulticast mode [ 244.505659][ T6088] bridge_slave_1: entered promiscuous mode [ 244.530655][ T6080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.635537][ T6080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.645972][ T6081] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.656292][ T6081] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.665481][ T6081] bridge_slave_0: entered allmulticast mode [ 244.677046][ T6081] bridge_slave_0: entered promiscuous mode [ 244.799510][ T6081] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.807864][ T6081] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.816149][ T6081] bridge_slave_1: entered allmulticast mode [ 244.825324][ T6081] bridge_slave_1: entered promiscuous mode [ 244.873187][ T5069] Bluetooth: hci0: command tx timeout [ 244.893032][ T6088] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.953194][ T5069] Bluetooth: hci1: command tx timeout [ 244.987420][ T6080] team0: Port device team_slave_0 added [ 245.036642][ T6088] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.081513][ T6091] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.089436][ T6091] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.097802][ T6091] bridge_slave_0: entered allmulticast mode [ 245.106509][ T6091] bridge_slave_0: entered promiscuous mode [ 245.126846][ T6080] team0: Port device team_slave_1 added [ 245.141664][ T6081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.193113][ T5069] Bluetooth: hci2: command tx timeout [ 245.211208][ T6091] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.219630][ T6091] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.227608][ T6091] bridge_slave_1: entered allmulticast mode [ 245.236482][ T6091] bridge_slave_1: entered promiscuous mode [ 245.273152][ T5069] Bluetooth: hci3: command tx timeout [ 245.287776][ T6081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.333275][ T6088] team0: Port device team_slave_0 added [ 245.353053][ T5069] Bluetooth: hci4: command tx timeout [ 245.423489][ T6085] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.431203][ T6085] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.439285][ T6085] bridge_slave_0: entered allmulticast mode [ 245.448616][ T6085] bridge_slave_0: entered promiscuous mode [ 245.468302][ T6088] team0: Port device team_slave_1 added [ 245.506011][ T6080] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.513994][ T6080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.540822][ T6080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 245.587529][ T6085] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.615458][ T6085] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.645027][ T6085] bridge_slave_1: entered allmulticast mode [ 245.672044][ T6085] bridge_slave_1: entered promiscuous mode [ 245.759574][ T6091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.771736][ T6080] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 245.779729][ T6080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.806200][ T6080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 245.827015][ T6081] team0: Port device team_slave_0 added [ 245.899179][ T6091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.936627][ T6081] team0: Port device team_slave_1 added [ 245.951437][ T6085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.964706][ T6088] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 245.972788][ T6088] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 245.999348][ T6088] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.077378][ T6085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 246.089518][ T6088] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.097291][ T6088] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.123683][ T6088] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.174307][ T6091] team0: Port device team_slave_0 added [ 246.304888][ T6091] team0: Port device team_slave_1 added [ 246.313624][ T6081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.320825][ T6081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.347495][ T6081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.398553][ T6085] team0: Port device team_slave_0 added [ 246.462574][ T6081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.470371][ T6081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.497872][ T6081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.520362][ T6085] team0: Port device team_slave_1 added [ 246.541512][ T6080] hsr_slave_0: entered promiscuous mode [ 246.550561][ T6080] hsr_slave_1: entered promiscuous mode [ 246.665225][ T6091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.673111][ T6091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.699443][ T6091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.718036][ T6091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 246.725438][ T6091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.751942][ T6091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 246.830720][ T6085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 246.838256][ T6085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 246.865128][ T6085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 246.908641][ T6088] hsr_slave_0: entered promiscuous mode [ 246.918116][ T6088] hsr_slave_1: entered promiscuous mode [ 246.926568][ T6088] debugfs: 'hsr0' already exists in 'hsr' [ 246.932463][ T6088] Cannot create hsr debugfs directory [ 246.963136][ T5069] Bluetooth: hci0: command tx timeout [ 246.997927][ T6085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.005520][ T6085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 247.031984][ T6085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 247.043324][ T5069] Bluetooth: hci1: command tx timeout [ 247.164839][ T6081] hsr_slave_0: entered promiscuous mode [ 247.174016][ T6081] hsr_slave_1: entered promiscuous mode [ 247.181924][ T6081] debugfs: 'hsr0' already exists in 'hsr' [ 247.188051][ T6081] Cannot create hsr debugfs directory [ 247.273019][ T5069] Bluetooth: hci2: command tx timeout [ 247.353167][ T5069] Bluetooth: hci3: command tx timeout [ 247.415858][ T6091] hsr_slave_0: entered promiscuous mode [ 247.425559][ T6091] hsr_slave_1: entered promiscuous mode [ 247.433005][ T5069] Bluetooth: hci4: command tx timeout [ 247.440220][ T6091] debugfs: 'hsr0' already exists in 'hsr' [ 247.446211][ T6091] Cannot create hsr debugfs directory [ 247.571527][ T6085] hsr_slave_0: entered promiscuous mode [ 247.581779][ T6085] hsr_slave_1: entered promiscuous mode [ 247.590660][ T6085] debugfs: 'hsr0' already exists in 'hsr' [ 247.596893][ T6085] Cannot create hsr debugfs directory [ 248.795023][ T6080] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 248.825656][ T6080] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 248.836774][ T6080] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 248.857624][ T6080] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 248.868678][ T6080] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 248.888514][ T6080] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 248.916010][ T6080] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 248.935119][ T6080] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 249.030840][ T6088] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 249.039943][ T5069] Bluetooth: hci0: command tx timeout [ 249.080365][ T6088] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 249.092386][ T6088] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 249.116105][ T5069] Bluetooth: hci1: command tx timeout [ 249.128296][ T6088] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 249.166865][ T6088] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 249.186585][ T6088] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 249.197552][ T6088] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 249.217705][ T6088] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 249.353315][ T5069] Bluetooth: hci2: command tx timeout [ 249.397744][ T6091] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 249.418591][ T6091] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 249.432107][ T6091] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 249.439542][ T5069] Bluetooth: hci3: command tx timeout [ 249.459096][ T6091] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 249.479472][ T6091] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 249.499610][ T6091] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 249.513311][ T5069] Bluetooth: hci4: command tx timeout [ 249.526599][ T6091] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 249.548051][ T6091] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 249.830324][ T6081] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 249.861216][ T6081] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 249.888922][ T6081] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 249.914774][ T6081] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 249.927179][ T6081] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 249.955703][ T6081] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 249.988628][ T6081] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 250.013781][ T6081] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 250.167625][ T34] ===================================================== [ 250.175005][ T34] BUG: KMSAN: uninit-value in irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 250.184218][ T34] irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 250.190867][ T34] irqentry_exit+0x7b/0x760 [ 250.195593][ T34] sysvec_apic_timer_interrupt+0x52/0x90 [ 250.201441][ T34] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 250.207718][ T34] virt_to_page_or_null+0x27/0x170 [ 250.213056][ T34] kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.218922][ T34] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 250.225064][ T34] ip_fast_csum+0x1e6/0x3f0 [ 250.229805][ T34] nsim_dev_trap_report_work+0x8c0/0x1430 [ 250.235727][ T34] process_scheduled_works+0xb65/0x1e40 [ 250.241498][ T34] worker_thread+0xee4/0x1590 [ 250.246384][ T34] kthread+0x53f/0x600 [ 250.250679][ T34] ret_from_fork+0x20f/0x8d0 [ 250.255470][ T34] ret_from_fork_asm+0x1a/0x30 [ 250.260462][ T34] [ 250.262927][ T34] Uninit was created at: [ 250.267455][ T34] __kmalloc_node_track_caller_noprof+0x4f6/0x1750 [ 250.274204][ T34] __alloc_skb+0x90d/0x1190 [ 250.278934][ T34] nsim_dev_trap_report_work+0x3f2/0x1430 [ 250.284871][ T34] process_scheduled_works+0xb65/0x1e40 [ 250.290632][ T34] worker_thread+0xee4/0x1590 [ 250.295508][ T34] kthread+0x53f/0x600 [ 250.299971][ T34] ret_from_fork+0x20f/0x8d0 [ 250.304771][ T34] ret_from_fork_asm+0x1a/0x30 [ 250.309758][ T34] [ 250.312228][ T34] CPU: 0 UID: 0 PID: 34 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 250.321688][ T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 250.331914][ T34] Workqueue: events_unbound nsim_dev_trap_report_work [ 250.338944][ T34] ===================================================== [ 250.346165][ T34] Disabling lock debugging due to kernel taint [ 250.352437][ T34] Kernel panic - not syncing: kmsan.panic set ... [ 250.359099][ T34] CPU: 0 UID: 0 PID: 34 Comm: kworker/u8:2 Tainted: G B syzkaller #0 PREEMPT(full) [ 250.370172][ T34] Tainted: [B]=BAD_PAGE [ 250.374440][ T34] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 250.384637][ T34] Workqueue: events_unbound nsim_dev_trap_report_work [ 250.391649][ T34] Call Trace: [ 250.395039][ T34] [ 250.398079][ T34] __dump_stack+0x26/0x30 [ 250.402600][ T34] dump_stack_lvl+0x50/0x1c0 [ 250.407383][ T34] ? dump_stack+0x12/0x25 [ 250.411906][ T34] dump_stack+0x1e/0x25 [ 250.416235][ T34] vpanic+0x7b4/0x1430 [ 250.420514][ T34] panic+0x15d/0x160 [ 250.424644][ T34] kmsan_report+0x31a/0x320 [ 250.429354][ T34] ? __msan_warning+0x1b/0x30 [ 250.434203][ T34] ? irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 250.440979][ T34] ? irqentry_exit+0x7b/0x760 [ 250.445834][ T34] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 250.451830][ T34] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 250.458182][ T34] ? virt_to_page_or_null+0x27/0x170 [ 250.463682][ T34] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.469795][ T34] ? __msan_metadata_ptr_for_load_4+0x24/0x40 [ 250.476062][ T34] ? ip_fast_csum+0x1e6/0x3f0 [ 250.481049][ T34] ? nsim_dev_trap_report_work+0x8c0/0x1430 [ 250.487171][ T34] ? process_scheduled_works+0xb65/0x1e40 [ 250.493089][ T34] ? worker_thread+0xee4/0x1590 [ 250.498165][ T34] ? kthread+0x53f/0x600 [ 250.502643][ T34] ? ret_from_fork+0x20f/0x8d0 [ 250.507645][ T34] ? ret_from_fork_asm+0x1a/0x30 [ 250.512837][ T34] ? chacha_permute+0x1057/0x1200 [ 250.518125][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 250.523529][ T34] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 250.530050][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 250.535368][ T34] __msan_warning+0x1b/0x30 [ 250.540045][ T34] irqentry_exit_to_kernel_mode_preempt+0xb0/0xc0 [ 250.546662][ T34] irqentry_exit+0x7b/0x760 [ 250.551349][ T34] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 250.557875][ T34] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 250.564154][ T34] sysvec_apic_timer_interrupt+0x52/0x90 [ 250.569985][ T34] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 250.576167][ T34] RIP: 0010:virt_to_page_or_null+0x27/0x170 [ 250.582274][ T34] Code: 90 90 90 48 89 f8 48 2d 00 00 00 80 73 29 48 89 fa 48 2b 15 33 7e b3 0f 48 39 c2 77 12 0f b6 0d e8 4f 42 10 48 89 d6 48 d3 ee <48> 85 f6 74 1a 31 c0 c3 cc cc cc cc cc 48 3d ff ff ff 1f 77 f0 48 [ 250.602071][ T34] RSP: 0000:ffff888101eff9b8 EFLAGS: 00000246 [ 250.608471][ T34] RAX: ffff88819b570018 RBX: ffff88811b570018 RCX: 000000000000002e [ 250.616585][ T34] RDX: 000000011b570018 RSI: 0000000000000000 RDI: ffff88811b570018 [ 250.624692][ T34] RBP: ffff888101eff9d8 R08: ffffea000000000f R09: 0000000000000003 [ 250.632812][ T34] R10: 000000000000002e R11: 0000000000000000 R12: 0000000000000000 [ 250.640913][ T34] R13: 0000000004860170 R14: 0000000000000001 R15: 0000000000000001 [ 250.649110][ T34] ? kmsan_get_metadata+0xf1/0x160 [ 250.654435][ T34] kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.660271][ T34] __msan_metadata_ptr_for_load_4+0x24/0x40 [ 250.666443][ T34] ip_fast_csum+0x1e6/0x3f0 [ 250.671173][ T34] nsim_dev_trap_report_work+0x8c0/0x1430 [ 250.677134][ T34] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 250.683490][ T34] process_scheduled_works+0xb65/0x1e40 [ 250.689343][ T34] worker_thread+0xee4/0x1590 [ 250.694359][ T34] kthread+0x53f/0x600 [ 250.698773][ T34] ? __pfx_worker_thread+0x10/0x10 [ 250.704107][ T34] ? __pfx_kthread+0x10/0x10 [ 250.708905][ T34] ret_from_fork+0x20f/0x8d0 [ 250.713761][ T34] ? __switch_to+0x573/0x7a0 [ 250.718554][ T34] ? __pfx_kthread+0x10/0x10 [ 250.723390][ T34] ret_from_fork_asm+0x1a/0x30 [ 250.728391][ T34] [ 250.732138][ T34] Kernel Offset: disabled [ 250.736538][ T34] Rebooting in 86400 seconds..