Warning: Permanently added '[localhost]:49890' (ED25519) to the list of known hosts. 2025/11/20 18:49:09 parsed 1 programs syzkaller login: [ 53.793798][ T5806] cgroup: Unknown subsys name 'net' [ 53.901447][ T5806] cgroup: Unknown subsys name 'cpuset' [ 53.908154][ T5806] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 55.496078][ T5806] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.756449][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 59.128287][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.130822][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.252048][ T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.254640][ T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.911178][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 60.060418][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.062685][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.064968][ T5854] bridge_slave_0: entered allmulticast mode [ 60.071597][ T5854] bridge_slave_0: entered promiscuous mode [ 60.086080][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.091129][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.094432][ T5854] bridge_slave_1: entered allmulticast mode [ 60.098652][ T5854] bridge_slave_1: entered promiscuous mode [ 60.145008][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.149774][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.186005][ T5854] team0: Port device team_slave_0 added [ 60.191304][ T5854] team0: Port device team_slave_1 added [ 60.222475][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.225783][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.234604][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.254965][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.258857][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.271992][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.340625][ T5854] hsr_slave_0: entered promiscuous mode [ 60.343104][ T5854] hsr_slave_1: entered promiscuous mode [ 60.523955][ T5889] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.528147][ T5889] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.531621][ T5889] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.535160][ T5889] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.547642][ T5889] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.756214][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.765745][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.775167][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.784469][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.951647][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.965391][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.040015][ T1230] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.042714][ T1230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.061489][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.063982][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.223182][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.247233][ T5854] veth0_vlan: entered promiscuous mode [ 61.253346][ T5854] veth1_vlan: entered promiscuous mode [ 61.270562][ T5854] veth0_macvtap: entered promiscuous mode [ 61.274713][ T5854] veth1_macvtap: entered promiscuous mode [ 61.283843][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.291749][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.300999][ T5631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.305140][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.313118][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.319219][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 2025/11/20 18:49:18 executed programs: 0 [ 61.441679][ T5889] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.445478][ T5889] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.449719][ T5889] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 61.455098][ T56] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.461589][ T56] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 61.465116][ T56] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.470012][ T56] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 61.470139][ T5918] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.474232][ T56] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.482279][ T5917] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.502218][ T5889] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.505999][ T5889] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.509622][ T5889] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.513811][ T5889] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.523070][ T5889] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.548589][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.603044][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.660556][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.745448][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 61.866562][ T5913] chnl_net:caif_netlink_parms(): no params data found [ 61.925260][ T5915] chnl_net:caif_netlink_parms(): no params data found [ 61.955613][ T5919] chnl_net:caif_netlink_parms(): no params data found [ 61.969941][ T5913] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.972572][ T5913] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.974999][ T5913] bridge_slave_0: entered allmulticast mode [ 61.978179][ T5913] bridge_slave_0: entered promiscuous mode [ 61.996375][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.999469][ T5913] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.001854][ T5913] bridge_slave_1: entered allmulticast mode [ 62.004638][ T5913] bridge_slave_1: entered promiscuous mode [ 62.042173][ T5913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.066584][ T5913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.123488][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.126529][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.130177][ T5915] bridge_slave_0: entered allmulticast mode [ 62.134015][ T5915] bridge_slave_0: entered promiscuous mode [ 62.140140][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.143242][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.146410][ T5915] bridge_slave_1: entered allmulticast mode [ 62.150758][ T5915] bridge_slave_1: entered promiscuous mode [ 62.162518][ T5913] team0: Port device team_slave_0 added [ 62.201447][ T5913] team0: Port device team_slave_1 added [ 62.220744][ T5915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.227691][ T5915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.231471][ T5919] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.234377][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.237031][ T5919] bridge_slave_0: entered allmulticast mode [ 62.241111][ T5919] bridge_slave_0: entered promiscuous mode [ 62.245491][ T5919] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.248907][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.251868][ T5919] bridge_slave_1: entered allmulticast mode [ 62.255714][ T5919] bridge_slave_1: entered promiscuous mode [ 62.325923][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.328912][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.338959][ T5913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.344428][ T5915] team0: Port device team_slave_0 added [ 62.346757][ T5913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.350158][ T5913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.360729][ T5913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.375877][ T5919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.381204][ T5915] team0: Port device team_slave_1 added [ 62.395654][ T5919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.413335][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.415852][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.424582][ T5915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.444106][ T5919] team0: Port device team_slave_0 added [ 62.449179][ T5919] team0: Port device team_slave_1 added [ 62.451722][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.454386][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.463441][ T5915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.492628][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.494908][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.503184][ T5919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.511120][ T5913] hsr_slave_0: entered promiscuous mode [ 62.513336][ T5913] hsr_slave_1: entered promiscuous mode [ 62.515487][ T5913] debugfs: 'hsr0' already exists in 'hsr' [ 62.517691][ T5913] Cannot create hsr debugfs directory [ 62.532229][ T5919] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.534390][ T5919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 62.542659][ T5919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.602871][ T5915] hsr_slave_0: entered promiscuous mode [ 62.605690][ T5915] hsr_slave_1: entered promiscuous mode [ 62.608672][ T5915] debugfs: 'hsr0' already exists in 'hsr' [ 62.610922][ T5915] Cannot create hsr debugfs directory [ 62.629112][ T5919] hsr_slave_0: entered promiscuous mode [ 62.631875][ T5919] hsr_slave_1: entered promiscuous mode [ 62.634265][ T5919] debugfs: 'hsr0' already exists in 'hsr' [ 62.636188][ T5919] Cannot create hsr debugfs directory [ 63.548206][ T5889] Bluetooth: hci3: command tx timeout [ 63.548264][ T5918] Bluetooth: hci2: command tx timeout [ 63.548544][ T5918] Bluetooth: hci1: command tx timeout [ 64.064090][ T13] bridge_slave_1: left allmulticast mode [ 64.065945][ T13] bridge_slave_1: left promiscuous mode [ 64.069719][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.078951][ T13] bridge_slave_0: left allmulticast mode [ 64.080802][ T13] bridge_slave_0: left promiscuous mode [ 64.082612][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.283806][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 64.288455][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 64.292159][ T13] bond0 (unregistering): Released all slaves [ 64.399176][ T13] hsr_slave_0: left promiscuous mode [ 64.401422][ T13] hsr_slave_1: left promiscuous mode [ 64.404061][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 64.406947][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 64.415410][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 64.418837][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 64.436127][ T13] veth1_macvtap: left promiscuous mode [ 64.438820][ T13] veth0_macvtap: left promiscuous mode [ 64.441728][ T13] veth1_vlan: left promiscuous mode [ 64.444005][ T13] veth0_vlan: left promiscuous mode [ 64.655838][ T13] team0 (unregistering): Port device team_slave_1 removed [ 64.672895][ T13] team0 (unregistering): Port device team_slave_0 removed [ 65.028673][ T5915] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.044184][ T5915] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.060420][ T5915] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.064477][ T5915] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.137623][ T5919] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.163483][ T5919] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.246061][ T5919] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.259227][ T5919] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.315697][ T5913] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.326374][ T5913] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.331894][ T5913] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.340007][ T5913] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.353153][ T5915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.372858][ T5915] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.380212][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.383029][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.401433][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.404096][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.473798][ T5919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.484611][ T5913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.508772][ T5919] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.513243][ T5913] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.522872][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.525407][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.534418][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.536729][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.543776][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.546042][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.556472][ T5915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.574357][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.576651][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.631374][ T5918] Bluetooth: hci3: command tx timeout [ 65.633408][ T5918] Bluetooth: hci2: command tx timeout [ 65.638191][ T5889] Bluetooth: hci1: command tx timeout [ 65.651797][ T5915] veth0_vlan: entered promiscuous mode [ 65.661122][ T5915] veth1_vlan: entered promiscuous mode [ 65.700797][ T5915] veth0_macvtap: entered promiscuous mode [ 65.704424][ T5915] veth1_macvtap: entered promiscuous mode [ 65.715677][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.721699][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.731340][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.736005][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.742190][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.752582][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.761898][ T5919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.802501][ T5913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.841892][ T5919] veth0_vlan: entered promiscuous mode [ 65.868725][ T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.871883][ T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.881255][ T5919] veth1_vlan: entered promiscuous mode [ 65.895937][ T5913] veth0_vlan: entered promiscuous mode [ 65.909535][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.910606][ T5913] veth1_vlan: entered promiscuous mode [ 65.915134][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.921719][ T5919] veth0_macvtap: entered promiscuous mode [ 65.943326][ T5919] veth1_macvtap: entered promiscuous mode [ 65.950989][ T5913] veth0_macvtap: entered promiscuous mode [ 65.970343][ T5913] veth1_macvtap: entered promiscuous mode [ 65.991484][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.003925][ T5919] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.014046][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.022114][ T5998] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 66.024706][ T5998] syzkaller0: entered promiscuous mode [ 66.026397][ T5998] syzkaller0: entered allmulticast mode [ 66.029564][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.043413][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.047448][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.050532][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.069043][ T5913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.085867][ T5631] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.099868][ T5631] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.103293][ T5631] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.106869][ T5631] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.145321][ T6000] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 66.148839][ T6000] syzkaller0: entered promiscuous mode [ 66.150634][ T6000] syzkaller0: entered allmulticast mode [ 66.155867][ T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.162734][ T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.211256][ T1230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.216710][ T1230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.239906][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.242475][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.282933][ T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.290848][ T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.296901][ T6003] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 66.305893][ T6003] syzkaller0: entered promiscuous mode [ 66.308492][ T6003] syzkaller0: entered allmulticast mode [ 66.324082][ T6005] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 66.326786][ T6005] syzkaller0: entered promiscuous mode [ 66.328749][ T6005] syzkaller0: entered allmulticast mode [ 66.331397][ T13] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI [ 66.335783][ T13] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 66.340000][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 66.343499][ T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 66.346649][ T13] Workqueue: ipv6_addrconf addrconf_dad_work [ 66.348495][ T13] RIP: 0010:tun_net_xmit+0xdf0/0x1840 [ 66.350117][ T13] Code: 00 00 00 fc ff df 48 89 44 24 50 0f b6 04 18 84 c0 0f 85 1f 07 00 00 4c 89 7c 24 30 4d 63 37 4f 8d 3c f4 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 92 ba e3 fb 49 83 3f 00 74 0a e8 17 [ 66.355933][ T13] RSP: 0018:ffffc90000126f80 EFLAGS: 00010202 [ 66.357816][ T13] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: dffffc0000000000 [ 66.360178][ T13] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000126f00 [ 66.362604][ T13] RBP: ffffc900001270b0 R08: 0000000000000003 R09: 0000000000000004 [ 66.365067][ T13] R10: dffffc0000000000 R11: fffff52000024de0 R12: 0000000000000010 [ 66.367445][ T13] R13: ffff8881730b6a48 R14: 0000000000000000 R15: 0000000000000010 [ 66.369826][ T13] FS: 0000000000000000(0000) GS:ffff8882a9f38000(0000) knlGS:0000000000000000 [ 66.372609][ T13] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.374659][ T13] CR2: 0000200000002280 CR3: 00000001bb189000 CR4: 0000000000352ef0 [ 66.377037][ T13] Call Trace: [ 66.378070][ T13] [ 66.379016][ T13] ? tun_net_xmit+0xe5/0x1840 [ 66.380495][ T13] ? __pfx_tun_net_xmit+0x10/0x10 [ 66.382105][ T13] ? __lock_acquire+0xab9/0xd20 [ 66.383691][ T13] dev_hard_start_xmit+0x2d7/0x830 [ 66.385260][ T13] __dev_queue_xmit+0x172a/0x3740 [ 66.386823][ T13] ? look_up_lock_class+0x74/0x170 [ 66.388432][ T13] ? register_lock_class+0x51/0x320 [ 66.390050][ T13] ? __dev_queue_xmit+0x284/0x3740 [ 66.391693][ T13] ? __pfx___dev_queue_xmit+0x10/0x10 [ 66.393397][ T13] ? read_seqbegin+0x122/0x250 [ 66.394917][ T13] ? neigh_connected_output+0x1ea/0x460 [ 66.396606][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 66.398174][ T13] ? read_seqbegin+0x1ac/0x250 [ 66.399636][ T13] ? __pfx_read_seqbegin+0x10/0x10 [ 66.401240][ T13] ? ___neigh_create+0x1c83/0x2260 [ 66.402907][ T13] ? neigh_connected_output+0x3b6/0x460 [ 66.404609][ T13] ip6_finish_output2+0xfb3/0x1480 [ 66.406153][ T13] ? __pfx_ip6_finish_output2+0x10/0x10 [ 66.407849][ T13] ? ip6_mtu+0x7d/0x490 [ 66.409129][ T13] ? ip6_mtu+0x38c/0x490 [ 66.410480][ T13] ? ip6_finish_output+0x2ef/0x4e0 [ 66.412133][ T13] ? ip6_output+0x126/0x550 [ 66.413867][ T13] ip6_output+0x340/0x550 [ 66.415585][ T13] ndisc_send_skb+0xbce/0x1510 [ 66.417507][ T13] ? ndisc_send_skb+0x1e4/0x1510 [ 66.419471][ T13] ? __pfx_ndisc_send_skb+0x10/0x10 [ 66.421552][ T13] ? __pfx_dst_output+0x10/0x10 [ 66.423483][ T13] ? ipv6_get_lladdr+0x378/0x3f0 [ 66.425465][ T13] addrconf_dad_completed+0x7ae/0xd60 [ 66.427534][ T13] ? __pfx_addrconf_dad_completed+0x10/0x10 [ 66.429887][ T13] addrconf_dad_work+0xc36/0x14b0 [ 66.431869][ T13] ? __lock_acquire+0xab9/0xd20 [ 66.433747][ T13] ? __pfx_addrconf_dad_work+0x10/0x10 [ 66.435877][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 66.437755][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.439423][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 66.441230][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 66.443041][ T13] process_scheduled_works+0xae1/0x17b0 [ 66.444745][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 66.446562][ T13] worker_thread+0x8a0/0xda0 [ 66.448023][ T13] kthread+0x711/0x8a0 [ 66.449343][ T13] ? __pfx_worker_thread+0x10/0x10 [ 66.450977][ T13] ? __pfx_kthread+0x10/0x10 [ 66.452529][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 66.454201][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 66.455885][ T13] ? __pfx_kthread+0x10/0x10 [ 66.457396][ T13] ret_from_fork+0x4bc/0x870 [ 66.458940][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 66.460760][ T13] ? __pfx_kthread+0x10/0x10 [ 66.462346][ T13] ret_from_fork_asm+0x1a/0x30 [ 66.463958][ T13] [ 66.464975][ T13] Modules linked in: [ 66.466392][ T13] ---[ end trace 0000000000000000 ]--- [ 66.468202][ T13] RIP: 0010:tun_net_xmit+0xdf0/0x1840 [ 66.469849][ T13] Code: 00 00 00 fc ff df 48 89 44 24 50 0f b6 04 18 84 c0 0f 85 1f 07 00 00 4c 89 7c 24 30 4d 63 37 4f 8d 3c f4 4c 89 f8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ff e8 92 ba e3 fb 49 83 3f 00 74 0a e8 17 2025/11/20 18:49:23 executed programs: 10 [ 66.476703][ T13] RSP: 0018:ffffc90000126f80 EFLAGS: 00010202 [ 66.478910][ T13] RAX: 0000000000000002 RBX: dffffc0000000000 RCX: dffffc0000000000 [ 66.481807][ T13] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000126f00 [ 66.484356][ T13] RBP: ffffc900001270b0 R08: 0000000000000003 R09: 0000000000000004 [ 66.486886][ T13] R10: dffffc0000000000 R11: fffff52000024de0 R12: 0000000000000010 [ 66.489501][ T13] R13: ffff8881730b6a48 R14: 0000000000000000 R15: 0000000000000010 [ 66.492045][ T13] FS: 0000000000000000(0000) GS:ffff8882a9f38000(0000) knlGS:0000000000000000 [ 66.494882][ T13] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.496962][ T13] CR2: 0000200000002280 CR3: 00000001bb189000 CR4: 0000000000352ef0 [ 66.499564][ T13] Kernel panic - not syncing: Fatal exception in interrupt [ 66.502677][ T13] Kernel Offset: disabled [ 66.504223][ T13] Rebooting in 86400 seconds.. VM DIAGNOSIS: 18:49:23 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000006 RCX=0000000000000008 RDX=0000000000008014 RSI=0000000000000006 RDI=ffff88815fffb400 RBP=0000000000000000 RSP=ffffc9000953f3b0 R8 =ffff88810a6f0000 R9 =0000000000000002 R10=0000000000000006 R11=0000000000000000 R12=0000000000000008 R13=ffffffff92708640 R14=ffff88815fffb400 R15=0000000000000006 RIP=ffffffff82043653 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fd10cf9f280 ffffffff 00c00000 GS =0000 ffff88818eb38000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f17d0dd5a90 CR3=0000000166b61000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000004080 Opmask01=00000000100001ff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055a6f1d6b8c0 000055a6f1d70a10 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe90584380 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe90583920 0000003000000010 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 00ff000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00ff000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6172742f30706f6f 6c2f6b636f6c622f 6c6175747269762f 736563697665642f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f646e756f732f00 682e6c6974752f64 65726168732f6372 732f2e2e2f2e2e00 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6172742f30706f6f 6c2f6b636f6c622f 6c6175747269762f 736563697665642f ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 746e6e6f635f666e 000055a6f1d6b789 0000000000000031 000065636172742f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000161 000000000036316c 6c696b66722f3031 7968702f31313230 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 383a263e4b383a26 3b4b383a26383238 3a264c3f383a264e 3f383a26483f383a ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692054524f50202c 2064696c61696d20 0070253a20252054 524f504d49005452 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 692020520050202c 2025204f504d4900 0061253a20252000 2527204d49005452 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000030 RBX=0000000000000030 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001267b0 R8 =ffff888109df0237 R9 =1ffff110213be046 R10=dffffc0000000000 R11=ffffffff8514d3e0 R12=dffffc0000000000 R13=ffffffff997dc950 R14=ffffffff99aeff20 R15=0000000000000000 RIP=ffffffff8514d45c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8882a9f38000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000200000002280 CR3=00000001bb189000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd3b758c20 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a13050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a1305d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a13057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a1306b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a130f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2a64a131cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000