last executing test programs: 6.660169264s ago: executing program 2 (id=679): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f00000018c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r1], 0x18}, 0x0) close(r1) sendmsg$inet(r0, 0x0, 0x0) close(r0) 6.562967005s ago: executing program 2 (id=682): mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @private1, 0x5}, 0x1c) futex(&(0x7f0000000040)=0x2, 0xb, 0x2, 0x0, &(0x7f0000000100)=0x1, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0) wait4(0x0, 0x0, 0x8, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r0, 0x4b52, &(0x7f0000000140)={0x0, 0x1, 0x6, 0x2, 0x200, 0x0}) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x6c304000) futex(&(0x7f0000000040)=0x1, 0x6, 0x0, &(0x7f0000000080)={0x77359400}, 0x0, 0x1) 4.126839381s ago: executing program 0 (id=691): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000005000000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340), 0xc) 4.060653175s ago: executing program 2 (id=692): syz_emit_vhci(0x0, 0x7) 3.794721667s ago: executing program 0 (id=694): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="00070000420091"], 0xfe33) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500163001000000080015"], 0x48}}, 0x0) 3.726202909s ago: executing program 2 (id=695): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB], &(0x7f00000005c0)='GPL\x00'}, 0x94) r1 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) r2 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="4800000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00?\x00\x00\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="200012800e0001006970366772657461700000000c00028008000100", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000440)={r0, r3, 0x25, 0x0, @val=@netkit}, 0x1c) 3.541055138s ago: executing program 3 (id=698): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x6, 0x4, 0xfff, 0x7, 0x88}, 0xa3) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000400000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x2000300, 0xe, 0xfffffd83, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.419918664s ago: executing program 0 (id=699): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd70000000000008000000180001801400020073797a5f74756e0000000000000000001c0002801800038010"], 0x48}}, 0x0) 3.419395282s ago: executing program 3 (id=700): socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f00000010c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) ppoll(&(0x7f0000000380), 0x0, 0x0, 0x0, 0x0) 3.094436074s ago: executing program 2 (id=704): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000005000000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x1f, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340), 0xc) 3.070450322s ago: executing program 0 (id=705): syz_emit_vhci(0x0, 0x7) 2.901942596s ago: executing program 2 (id=707): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, 0x0, &(0x7f0000000200)=""/166}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) unshare(0x62040200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) newfstatat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', &(0x7f0000000500), 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) writev(r5, 0x0, 0x0) 2.895825851s ago: executing program 4 (id=708): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @remote, @mcast2, {[@hopopts={0x84}], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xd5, 0x4, 0x40, 0x1ff}}}}}}, 0x0) 2.808020353s ago: executing program 0 (id=709): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="00070000420091"], 0xfe33) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="ebffffffffffffff280012800b00010065727370616e000018000280040012000500163001000000080015"], 0x48}}, 0x0) 2.807599433s ago: executing program 4 (id=710): syz_emit_ethernet(0x52, &(0x7f0000000440)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x4, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@lsrr={0x83, 0x7, 0xd7, [@multicast2]}, @timestamp={0x44, 0xc, 0x5, 0x3, 0x0, [0x787, 0x0]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) 2.729168388s ago: executing program 4 (id=711): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x804000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=']) 2.675758315s ago: executing program 4 (id=712): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0xd9a, @remote, 0x9}], 0x1c) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="02000000", 0x4) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000100), 0x4) recvmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) 1.832373403s ago: executing program 1 (id=713): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000780)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"}) ioctl$BINDER_THREAD_EXIT(r2, 0x40046208, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.757626114s ago: executing program 0 (id=714): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB], &(0x7f00000005c0)='GPL\x00'}, 0x94) r1 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) r2 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="4800000010001fff000000008000000000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00?\x00\x00\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="200012800e0001006970366772657461700000000c00028008000100", @ANYRES32], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000440)={r0, r3, 0x25, 0x0, @val=@netkit}, 0x1c) 1.662584844s ago: executing program 3 (id=715): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYBLOB="010028bd70000000000008000000180001801400020073797a5f74756e0000000000000000001c0002801800038010"], 0x48}}, 0x0) 1.277074503s ago: executing program 3 (id=716): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000c00)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x30, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_redir={0x87, 0x0, 0x0, '\x00', @local, @mcast2={0xe}, [{0x1, 0x1, "2025b07f3c58"}]}}}}}}, 0x0) 1.250385242s ago: executing program 4 (id=717): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r1 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x6) ftruncate(r1, 0x2000000) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fcntl$addseals(r1, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x1f, 0x0, 0x1000000}) 680.038417ms ago: executing program 1 (id=718): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000005000000095"], 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000340), 0xc) 405.887518ms ago: executing program 1 (id=719): syz_emit_vhci(0x0, 0x7) 387.599975ms ago: executing program 3 (id=720): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="0b000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000fe8000000000000000000000000000bb"], 0x190) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @remote, @mcast2, {[@hopopts={0x84}], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xd5, 0x4, 0x40, 0x1ff}}}}}}, 0x0) 275.509523ms ago: executing program 1 (id=721): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) open_by_handle_at(r1, &(0x7f0000000000)=@shmem={0xc, 0x1, {0x3ff, 0x5}}, 0x40080) 194.985565ms ago: executing program 1 (id=722): openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x804000, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=']) 156.171769ms ago: executing program 3 (id=723): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x16, 0x0, @void}, 0x10) setsockopt(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000040)="02", 0x1) r3 = socket(0x2b, 0x80801, 0x1) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000040)=0x400, 0x4) 27.349699ms ago: executing program 4 (id=724): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) socket(0xa, 0x3, 0x3a) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) 0s ago: executing program 1 (id=725): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. [ 72.475368][ T5582] cgroup: Unknown subsys name 'net' [ 72.717221][ T5582] cgroup: Unknown subsys name 'cpuset' [ 72.771958][ T5582] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.384689][ T5582] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.395635][ T5613] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.399045][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.418061][ T5614] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.424018][ T5613] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.430796][ T5614] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.449081][ T5614] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.450528][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.451755][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.452114][ T5614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.452504][ T5614] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.455892][ T5614] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.456218][ T5613] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.459687][ T5614] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.460638][ T5614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.461911][ T5613] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.464839][ T5616] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.465811][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.466799][ T5614] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.469343][ T5610] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.472918][ T5610] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.479130][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.480410][ T5610] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.487696][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.489977][ T5610] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.491016][ T5610] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.503162][ T4910] Bluetooth: hci1: command tx timeout [ 79.591412][ T4910] Bluetooth: hci0: command tx timeout [ 79.662191][ T4910] Bluetooth: hci2: command tx timeout [ 79.662229][ T5602] Bluetooth: hci4: command tx timeout [ 79.662338][ T4910] Bluetooth: hci3: command tx timeout [ 79.690715][ T5595] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.692599][ T5595] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.693166][ T5595] bridge_slave_0: entered allmulticast mode [ 79.695551][ T5595] bridge_slave_0: entered promiscuous mode [ 79.743953][ T5595] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.744056][ T5595] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.744444][ T5595] bridge_slave_1: entered allmulticast mode [ 79.745913][ T5595] bridge_slave_1: entered promiscuous mode [ 79.869235][ T5594] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.869353][ T5594] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.869446][ T5594] bridge_slave_0: entered allmulticast mode [ 79.870826][ T5594] bridge_slave_0: entered promiscuous mode [ 79.874198][ T5596] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.874305][ T5596] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.874746][ T5596] bridge_slave_0: entered allmulticast mode [ 79.879222][ T5596] bridge_slave_0: entered promiscuous mode [ 79.905977][ T5595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.928498][ T5594] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.928621][ T5594] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.929522][ T5594] bridge_slave_1: entered allmulticast mode [ 79.933627][ T5594] bridge_slave_1: entered promiscuous mode [ 79.935508][ T5596] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.935613][ T5596] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.936044][ T5596] bridge_slave_1: entered allmulticast mode [ 79.938406][ T5596] bridge_slave_1: entered promiscuous mode [ 79.962740][ T5595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.963169][ T5597] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.963312][ T5597] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.963444][ T5597] bridge_slave_0: entered allmulticast mode [ 79.965914][ T5597] bridge_slave_0: entered promiscuous mode [ 80.041099][ T5597] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.048437][ T5597] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.048719][ T5597] bridge_slave_1: entered allmulticast mode [ 80.063145][ T5597] bridge_slave_1: entered promiscuous mode [ 80.090360][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.090469][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.090941][ T5598] bridge_slave_0: entered allmulticast mode [ 80.093929][ T5598] bridge_slave_0: entered promiscuous mode [ 80.204818][ T5594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.208102][ T5596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.208341][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.208452][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.208597][ T5598] bridge_slave_1: entered allmulticast mode [ 80.212367][ T5598] bridge_slave_1: entered promiscuous mode [ 80.217162][ T5595] team0: Port device team_slave_0 added [ 80.242973][ T5594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.246736][ T5596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.274078][ T5595] team0: Port device team_slave_1 added [ 80.278575][ T5597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.328728][ T5597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.359526][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.388158][ T5594] team0: Port device team_slave_0 added [ 80.390008][ T5596] team0: Port device team_slave_0 added [ 80.393578][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.394822][ T5595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.394833][ T5595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.394855][ T5595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.420661][ T5594] team0: Port device team_slave_1 added [ 80.423901][ T5596] team0: Port device team_slave_1 added [ 80.448730][ T5595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.448744][ T5595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.448766][ T5595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.454584][ T5597] team0: Port device team_slave_0 added [ 80.526129][ T5597] team0: Port device team_slave_1 added [ 80.565075][ T5598] team0: Port device team_slave_0 added [ 80.583011][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.583021][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.583033][ T5594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.584194][ T5596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.584206][ T5596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.584227][ T5596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.586681][ T5598] team0: Port device team_slave_1 added [ 80.606173][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.606186][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.606207][ T5594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.607984][ T5596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.607994][ T5596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.608016][ T5596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.660052][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.660066][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.660089][ T5597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.717169][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.717183][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.717206][ T5597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.723735][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.723748][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.723769][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.736904][ T5595] hsr_slave_0: entered promiscuous mode [ 80.738274][ T5595] hsr_slave_1: entered promiscuous mode [ 80.758219][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.758240][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 80.758262][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.908362][ T5594] hsr_slave_0: entered promiscuous mode [ 80.909585][ T5594] hsr_slave_1: entered promiscuous mode [ 80.910468][ T5594] debugfs: 'hsr0' already exists in 'hsr' [ 80.910567][ T5594] Cannot create hsr debugfs directory [ 80.923811][ T5596] hsr_slave_0: entered promiscuous mode [ 80.925038][ T5596] hsr_slave_1: entered promiscuous mode [ 80.925828][ T5596] debugfs: 'hsr0' already exists in 'hsr' [ 80.925848][ T5596] Cannot create hsr debugfs directory [ 81.007724][ T5597] hsr_slave_0: entered promiscuous mode [ 81.008429][ T5597] hsr_slave_1: entered promiscuous mode [ 81.008956][ T5597] debugfs: 'hsr0' already exists in 'hsr' [ 81.008974][ T5597] Cannot create hsr debugfs directory [ 81.057024][ T5598] hsr_slave_0: entered promiscuous mode [ 81.057743][ T5598] hsr_slave_1: entered promiscuous mode [ 81.058243][ T5598] debugfs: 'hsr0' already exists in 'hsr' [ 81.058260][ T5598] Cannot create hsr debugfs directory [ 81.582806][ T5610] Bluetooth: hci1: command tx timeout [ 81.671486][ T5610] Bluetooth: hci0: command tx timeout [ 81.741453][ T4910] Bluetooth: hci2: command tx timeout [ 81.741482][ T4910] Bluetooth: hci3: command tx timeout [ 81.741604][ T5610] Bluetooth: hci4: command tx timeout [ 82.226404][ T5595] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.293656][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.300687][ T5595] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.325850][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.330190][ T5595] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.367442][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.389141][ T5595] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.436579][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.534663][ T5594] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.556044][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.568093][ T5594] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.594139][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.595982][ T5594] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.645001][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.675451][ T5594] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.705632][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.834513][ T5597] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.875481][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.880316][ T5597] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.907607][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.920362][ T5597] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.949131][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.977309][ T5597] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.006029][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.136178][ T5596] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 83.164365][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.173192][ T5596] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 83.194379][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.200062][ T5596] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 83.235185][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.276694][ T5596] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 83.317030][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.423364][ T5595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.439059][ T5598] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.455355][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 83.469520][ T5598] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.496290][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 83.499363][ T5598] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.525886][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 83.541168][ T5598] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.565022][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 83.615630][ T5595] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.635679][ T5594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.657800][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.658543][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.661447][ T5602] Bluetooth: hci1: command tx timeout [ 83.720497][ T1085] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.721021][ T1085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.741307][ T5602] Bluetooth: hci0: command tx timeout [ 83.784924][ T5594] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.812904][ T5597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.821529][ T5602] Bluetooth: hci4: command tx timeout [ 83.821556][ T5602] Bluetooth: hci3: command tx timeout [ 83.821574][ T5602] Bluetooth: hci2: command tx timeout [ 83.828971][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.829154][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.897417][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.898189][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.967803][ T5597] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.010480][ T168] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.010742][ T168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.069780][ T5596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.078642][ T168] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.078746][ T168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.229537][ T5596] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.271185][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.311273][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.311411][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.359604][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.359812][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.437611][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.513462][ T1085] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.513543][ T1085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.601099][ T4031] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.608574][ T4031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.188789][ T5595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.490267][ T5595] veth0_vlan: entered promiscuous mode [ 85.563922][ T5594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.579914][ T5595] veth1_vlan: entered promiscuous mode [ 85.751353][ T5602] Bluetooth: hci1: command tx timeout [ 85.831399][ T5602] Bluetooth: hci0: command tx timeout [ 85.835140][ T5595] veth0_macvtap: entered promiscuous mode [ 85.844692][ T5597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.867002][ T5595] veth1_macvtap: entered promiscuous mode [ 85.889344][ T5594] veth0_vlan: entered promiscuous mode [ 85.916704][ T5602] Bluetooth: hci2: command tx timeout [ 85.916736][ T5602] Bluetooth: hci3: command tx timeout [ 85.916756][ T5602] Bluetooth: hci4: command tx timeout [ 86.018642][ T5596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.034059][ T5594] veth1_vlan: entered promiscuous mode [ 86.068148][ T5595] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.115829][ T5595] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.180176][ T3769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.198073][ T3769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.248941][ T66] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.262080][ T66] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.265237][ T5597] veth0_vlan: entered promiscuous mode [ 86.360030][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.384626][ T5594] veth0_macvtap: entered promiscuous mode [ 86.443385][ T5594] veth1_macvtap: entered promiscuous mode [ 86.456088][ T5597] veth1_vlan: entered promiscuous mode [ 86.664684][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.740229][ T36] cfg80211: failed to load regulatory.db [ 86.778094][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.836523][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.836547][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.881149][ T70] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.893192][ T70] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.898086][ T70] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.898619][ T5597] veth0_macvtap: entered promiscuous mode [ 86.899857][ T5598] veth0_vlan: entered promiscuous mode [ 86.924071][ T70] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.967996][ T5597] veth1_macvtap: entered promiscuous mode [ 87.008134][ T5596] veth0_vlan: entered promiscuous mode [ 87.008320][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.008335][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.106654][ T5598] veth1_vlan: entered promiscuous mode [ 87.330270][ T5596] veth1_vlan: entered promiscuous mode [ 87.442470][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.541652][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.607745][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.607764][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.628071][ T1153] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.668929][ T1153] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.680112][ T1153] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.702438][ T5598] veth0_macvtap: entered promiscuous mode [ 87.717194][ T1153] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.826337][ T5598] veth1_macvtap: entered promiscuous mode [ 87.984289][ T1028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.984306][ T1028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.050609][ T5596] veth0_macvtap: entered promiscuous mode [ 88.203003][ T5596] veth1_macvtap: entered promiscuous mode [ 88.289286][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.358491][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.439284][ T1085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.460546][ T1085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.474853][ T1085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.492131][ T5596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.522866][ T1085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.522948][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.522961][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.604529][ T5596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.917685][ T3769] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.928889][ T3769] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.938474][ T3769] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.938546][ T3769] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.938558][ T3769] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.045845][ T3769] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.665705][ T3769] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.665724][ T3769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.148998][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.149016][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.506552][ T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.506571][ T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.964359][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.964378][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.432150][ T5900] binder: BINDER_SET_CONTEXT_MGR already set [ 94.432165][ T5900] binder: 5898:5900 ioctl 4018620d 200000000040 returned -16 [ 96.096190][ T5930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'. [ 96.096211][ T5930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.59'. [ 96.096450][ T5930] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'. [ 96.096463][ T5930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.59'. [ 96.096599][ T5930] Zero length message leads to an empty skb [ 96.437646][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.4.60'. [ 96.437674][ T5936] netlink: 20 bytes leftover after parsing attributes in process `syz.4.60'. [ 97.407011][ T5972] virt_wifi0: entered allmulticast mode [ 97.845510][ T5988] loop8: detected capacity change from 0 to 7 [ 97.926496][ T5988] Dev loop8: unable to read RDB block 7 [ 97.926556][ T5988] loop8: unable to read partition table [ 97.927065][ T5988] loop8: partition table beyond EOD, truncated [ 97.927095][ T5988] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 103.037575][ T6106] netlink: 80 bytes leftover after parsing attributes in process `syz.2.133'. [ 103.178719][ T6112] netlink: 5 bytes leftover after parsing attributes in process `syz.2.136'. [ 103.179584][ T6112] macsec0: entered allmulticast mode [ 103.179607][ T6112] veth1_macvtap: entered allmulticast mode [ 103.837368][ T5610] Bluetooth: hci4: Malformed HCI Event: 0x22 [ 105.364527][ T6169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.158'. [ 105.364548][ T6169] netlink: 24 bytes leftover after parsing attributes in process `syz.1.158'. [ 105.364783][ T6169] netlink: 8 bytes leftover after parsing attributes in process `syz.1.158'. [ 105.364796][ T6169] netlink: 24 bytes leftover after parsing attributes in process `syz.1.158'. [ 106.945682][ T6234] capability: warning: `syz.0.190' uses deprecated v2 capabilities in a way that may be insecure [ 107.086034][ T6229] binder: 6227:6229 ioctl c0306201 200000000540 returned -22 [ 108.074511][ T6266] binder: 6264:6266 ioctl c0306201 200000000540 returned -22 [ 109.174229][ T6309] binder: 6298:6309 ioctl c0306201 200000000540 returned -22 [ 110.043349][ T6334] process 'syz.0.231' launched './file1' with NULL argv: empty string added [ 111.723307][ T6367] binder: 6354:6367 ioctl c0306201 200000000540 returned -22 [ 111.779057][ T6368] netlink: 'syz.3.243': attribute type 2 has an invalid length. [ 111.779079][ T6368] netlink: 'syz.3.243': attribute type 1 has an invalid length. [ 112.384517][ T6362] nbd0: detected capacity change from 0 to 127 [ 112.436036][ T5958] block nbd0: Send control failed (result -32) [ 112.438830][ T5958] block nbd0: Request send failed, requeueing [ 112.487207][ T5610] block nbd0: Receive control failed (result -32) [ 112.552620][ T531] block nbd0: Dead connection, failed to find a fallback [ 112.552637][ T531] block nbd0: shutting down sockets [ 112.552690][ T531] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.552733][ T531] Buffer I/O error on dev nbd0, logical block 0, async page read [ 112.607075][ T5958] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.607114][ T5958] Buffer I/O error on dev nbd0, logical block 1, async page read [ 112.607403][ T5958] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.607425][ T5958] Buffer I/O error on dev nbd0, logical block 2, async page read [ 112.607757][ T5958] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.607780][ T5958] Buffer I/O error on dev nbd0, logical block 3, async page read [ 112.607930][ T5958] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.607950][ T5958] Buffer I/O error on dev nbd0, logical block 0, async page read [ 112.608096][ T5958] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.608116][ T5958] Buffer I/O error on dev nbd0, logical block 1, async page read [ 112.608256][ T5958] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.608276][ T5958] Buffer I/O error on dev nbd0, logical block 2, async page read [ 112.633390][ T5958] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.633419][ T5958] Buffer I/O error on dev nbd0, logical block 3, async page read [ 112.633570][ T5958] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.633590][ T5958] Buffer I/O error on dev nbd0, logical block 0, async page read [ 112.633718][ T5958] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 112.633745][ T5958] Buffer I/O error on dev nbd0, logical block 1, async page read [ 112.652921][ T5958] ldm_validate_partition_table(): Disk read failed. [ 112.659591][ T5958] Dev nbd0: unable to read RDB block 0 [ 112.669777][ T5958] nbd0: unable to read partition table [ 112.828721][ T6380] fuse: Bad value for 'fd' [ 112.843181][ T6380] Invalid source name [ 112.843197][ T6380] UBIFS error (pid: 6380): cannot open "./file0", error -22 [ 112.896537][ T5958] ldm_validate_partition_table(): Disk read failed. [ 112.900357][ T5958] Dev nbd0: unable to read RDB block 0 [ 112.950168][ T5958] nbd0: unable to read partition table [ 114.332558][ T6409] binder: 6400:6409 ioctl c0306201 200000000540 returned -22 [ 116.377964][ T6490] netlink: 40 bytes leftover after parsing attributes in process `syz.2.293'. [ 117.024633][ T6521] netlink: 24 bytes leftover after parsing attributes in process `syz.4.309'. [ 117.024704][ T6521] erspan0: entered promiscuous mode [ 117.024721][ T6521] erspan0: entered allmulticast mode [ 119.018131][ T6559] netlink: 20 bytes leftover after parsing attributes in process `syz.3.324'. [ 120.667556][ T6588] netlink: 20 bytes leftover after parsing attributes in process `syz.1.338'. [ 122.298171][ T6623] netlink: 20 bytes leftover after parsing attributes in process `syz.3.352'. [ 122.391289][ T6618] tipc: Started in network mode [ 122.391323][ T6618] tipc: Node identity ea5790fc027a, cluster identity 4711 [ 122.391642][ T6618] tipc: Enabled bearer , priority 0 [ 122.396653][ T6618] syzkaller0: entered promiscuous mode [ 122.396676][ T6618] syzkaller0: entered allmulticast mode [ 122.643282][ T6618] tipc: Resetting bearer [ 122.742561][ T6616] tipc: Resetting bearer [ 122.985222][ T6616] tipc: Disabling bearer [ 123.064990][ T6653] netlink: 20 bytes leftover after parsing attributes in process `syz.0.364'. [ 123.778479][ T6672] Bluetooth: MGMT ver 1.23 [ 124.090733][ T6683] 9p: Bad value for 'rfdno' [ 125.821378][ T5602] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.823745][ T5610] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 126.582277][ T6741] syzkaller0: entered promiscuous mode [ 126.582302][ T6741] syzkaller0: entered allmulticast mode [ 127.028960][ T6753] netlink: 12 bytes leftover after parsing attributes in process `syz.1.407'. [ 127.352581][ T6755] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 127.434414][ T6755] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 128.021582][ T6782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.418'. [ 128.087419][ T6784] binder: 6783:6784 ioctl c0306201 0 returned -14 [ 128.856362][ T6801] tipc: Enabled bearer , priority 0 [ 128.856688][ T6805] syzkaller0: entered promiscuous mode [ 128.856709][ T6805] syzkaller0: entered allmulticast mode [ 129.195471][ T6801] tipc: Resetting bearer [ 129.251682][ T6799] tipc: Resetting bearer [ 129.289336][ T6823] syz.0.436 uses obsolete (PF_INET,SOCK_PACKET) [ 129.655447][ T6838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.442'. [ 129.672748][ T6799] tipc: Disabling bearer [ 129.712414][ T6839] netlink: 28 bytes leftover after parsing attributes in process `syz.4.442'. [ 129.745497][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.439'. [ 130.196543][ T6844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.443'. [ 131.232719][ T6823] syzkaller1: entered promiscuous mode [ 131.232746][ T6823] syzkaller1: entered allmulticast mode [ 131.389922][ T5604] tipc: Node number set to 3895300348 [ 131.445944][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802139e800: rx timeout, send abort [ 131.449550][ C1] vcan0: j1939_tp_rxtimer: 0xffff888025ad1400: rx timeout, send abort [ 131.611992][ T6859] loop8: detected capacity change from 0 to 8 [ 131.654218][ T6859] Dev loop8: unable to read RDB block 8 [ 131.654261][ T6859] loop8: unable to read partition table [ 131.657576][ T6859] loop8: partition table beyond EOD, truncated [ 131.657619][ T6859] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 132.358745][ T6874] tipc: Started in network mode [ 132.358773][ T6874] tipc: Node identity 4ab01bb6ec37, cluster identity 4711 [ 132.358939][ T6874] tipc: Enabled bearer , priority 0 [ 132.362217][ T6874] syzkaller0: entered promiscuous mode [ 132.362238][ T6874] syzkaller0: entered allmulticast mode [ 132.660253][ T6878] tipc: Resetting bearer [ 132.954031][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.958800][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.538178][ T6873] tipc: Resetting bearer [ 133.764760][ T6873] tipc: Disabling bearer [ 133.941639][ T9] tipc: Node number set to 2793872310 [ 134.064484][ T6905] netlink: 28 bytes leftover after parsing attributes in process `syz.3.467'. [ 135.386169][ T6926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.474'. [ 135.689623][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'. [ 135.800105][ T6941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'. [ 135.855212][ T6949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'. [ 135.895523][ T6953] loop8: detected capacity change from 0 to 8 [ 135.908230][ T6953] Dev loop8: unable to read RDB block 8 [ 135.908271][ T6953] loop8: unable to read partition table [ 135.908485][ T6953] loop8: partition table beyond EOD, truncated [ 135.908500][ T6953] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 136.653676][ T6984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'. [ 136.728598][ T6984] netlink: 8 bytes leftover after parsing attributes in process `syz.0.499'. [ 139.749876][ T7109] netlink: 80 bytes leftover after parsing attributes in process `syz.0.556'. [ 141.255529][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 141.331992][ T7127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.566'. [ 141.956329][ T7173] syzkaller0: entered promiscuous mode [ 141.956352][ T7173] syzkaller0: entered allmulticast mode [ 143.513022][ T7227] netlink: 'syz.4.611': attribute type 4 has an invalid length. [ 143.876810][ T7241] netlink: 16 bytes leftover after parsing attributes in process `syz.2.617'. [ 143.910094][ T7241] netlink: 'syz.2.617': attribute type 1 has an invalid length. [ 143.910113][ T7241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.617'. [ 144.106587][ T7249] loop8: detected capacity change from 0 to 8 [ 144.107680][ T7249] Dev loop8: unable to read RDB block 8 [ 144.107719][ T7249] loop8: unable to read partition table [ 144.108028][ T7249] loop8: partition table beyond EOD, truncated [ 144.108051][ T7249] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 144.250456][ T7255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.624'. [ 144.362572][ T7255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.624'. [ 145.004104][ T7287] netlink: 16 bytes leftover after parsing attributes in process `syz.2.639'. [ 146.753411][ T7309] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 146.814247][ T7309] netlink: 'syz.4.645': attribute type 4 has an invalid length. [ 147.918821][ T7316] netlink: 56 bytes leftover after parsing attributes in process `syz.0.650'. [ 149.906501][ T7335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.659'. [ 151.815437][ T7353] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 152.212587][ T7356] netlink: 12 bytes leftover after parsing attributes in process `syz.4.652'. [ 152.466289][ T7358] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 152.500082][ T7358] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 152.597524][ T7363] loop8: detected capacity change from 0 to 8 [ 152.662974][ T7363] Dev loop8: unable to read RDB block 8 [ 152.663021][ T7363] loop8: unable to read partition table [ 152.663216][ T7363] loop8: partition table beyond EOD, truncated [ 152.663246][ T7363] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 153.604606][ T7385] netlink: 16 bytes leftover after parsing attributes in process `syz.0.676'. [ 153.701693][ T7390] netlink: 12 bytes leftover after parsing attributes in process `syz.1.678'. [ 155.207265][ T7407] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 156.630623][ T7438] netlink: 12 bytes leftover after parsing attributes in process `syz.2.695'. [ 156.719629][ T7420] syz.1.689 (7420) used greatest stack depth: 19048 bytes left [ 157.035699][ T7439] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 157.039707][ T7453] netlink: 16 bytes leftover after parsing attributes in process `syz.1.701'. [ 157.057855][ T7439] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 157.555519][ T7471] 9p: Bad value for 'wfdno' [ 158.098423][ T7477] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 158.687016][ T7482] binder: BINDER_SET_CONTEXT_MGR already set [ 158.687030][ T7482] binder: 7481:7482 ioctl 4018620d 200000004a80 returned -16 [ 158.763461][ T7486] netlink: 12 bytes leftover after parsing attributes in process `syz.0.714'. [ 159.757359][ T7486] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 159.944264][ T7489] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 160.087085][ T7507] 9p: Bad value for 'wfdno' [ 160.300771][ T7511] ------------[ cut here ]------------ [ 160.300784][ T7511] refcount_t: saturated; leaking memory. [ 160.300798][ T7511] WARNING: lib/refcount.c:22 at refcount_warn_saturate+0x8c/0x110, CPU#0: syz.4.724/7511 [ 160.300843][ T7511] Modules linked in: [ 160.300872][ T7511] CPU: 0 UID: 0 PID: 7511 Comm: syz.4.724 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 160.300892][ T7511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 160.300906][ T7511] RIP: 0010:refcount_warn_saturate+0x8c/0x110 [ 160.300928][ T7511] Code: 75 68 e8 b7 15 23 fd 48 8d 3d 10 d2 f1 0a 67 48 0f b9 3a eb 66 85 db 74 3e 83 fb 01 75 4c e8 9b 15 23 fd 48 8d 3d 04 d2 f1 0a <67> 48 0f b9 3a eb 4a e8 88 15 23 fd 48 8d 3d 01 d2 f1 0a 67 48 0f [ 160.300944][ T7511] RSP: 0018:ffffc9001034f6f8 EFLAGS: 00010283 [ 160.300959][ T7511] RAX: ffffffff84a15eb5 RBX: 0000000000000001 RCX: 0000000000080000 [ 160.300972][ T7511] RDX: ffffc90006e42000 RSI: 0000000000000f57 RDI: ffffffff8f9330c0 [ 160.300985][ T7511] RBP: 00000000ffffffff R08: ffff888025bc5c40 R09: 0000000000000005 [ 160.300997][ T7511] R10: 0000000000000100 R11: 0000000000000004 R12: ffff88802c83d418 [ 160.301009][ T7511] R13: ffffffff9975a8c0 R14: ffff88802c83d410 R15: ffff88802c83d400 [ 160.301022][ T7511] FS: 00007f08d2a8e6c0(0000) GS:ffff888126179000(0000) knlGS:0000000000000000 [ 160.301038][ T7511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.301050][ T7511] CR2: 00007f08d4825f40 CR3: 0000000032328000 CR4: 00000000003526f0 [ 160.301066][ T7511] Call Trace: [ 160.301073][ T7511] [ 160.301082][ T7511] dvb_device_open+0x31f/0x360 [ 160.301112][ T7511] chrdev_open+0x4d0/0x5f0 [ 160.301140][ T7511] ? __pfx_chrdev_open+0x10/0x10 [ 160.301217][ T7511] ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0 [ 160.301246][ T7511] ? __pfx_chrdev_open+0x10/0x10 [ 160.301269][ T7511] do_dentry_open+0x83d/0x13e0 [ 160.301308][ T7511] vfs_open+0x3b/0x350 [ 160.301331][ T7511] ? path_openat+0x2e2b/0x38a0 [ 160.301359][ T7511] path_openat+0x2e43/0x38a0 [ 160.301413][ T7511] ? __pfx_path_openat+0x10/0x10 [ 160.301437][ T7511] ? kasan_save_track+0x4f/0x80 [ 160.301454][ T7511] ? kasan_save_track+0x3e/0x80 [ 160.301470][ T7511] ? __kasan_slab_alloc+0x6c/0x80 [ 160.301487][ T7511] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 160.301515][ T7511] ? do_raw_spin_lock+0x12b/0x2f0 [ 160.301555][ T7511] do_file_open+0x23e/0x4a0 [ 160.301575][ T7511] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 160.301601][ T7511] ? __pfx_do_file_open+0x10/0x10 [ 160.301619][ T7511] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 160.301668][ T7511] ? alloc_fd+0x64e/0x6c0 [ 160.301706][ T7511] do_sys_openat2+0x113/0x200 [ 160.301731][ T7511] ? __pfx___schedule+0x10/0x10 [ 160.301759][ T7511] ? __pfx_do_sys_openat2+0x10/0x10 [ 160.301795][ T7511] __x64_sys_openat+0x138/0x170 [ 160.301823][ T7511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.301842][ T7511] do_syscall_64+0x15f/0xf80 [ 160.301863][ T7511] ? clear_bhb_loop+0x40/0x90 [ 160.301886][ T7511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.301903][ T7511] RIP: 0033:0x7f08d47fd60e [ 160.301929][ T7511] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 160.301942][ T7511] RSP: 002b:00007f08d2a8db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 160.301960][ T7511] RAX: ffffffffffffffda RBX: 00007f08d2a8e6c0 RCX: 00007f08d47fd60e [ 160.301974][ T7511] RDX: 0000000000000002 RSI: 00007f08d2a8dc00 RDI: ffffffffffffff9c [ 160.301986][ T7511] RBP: 00007f08d2a8dc00 R08: 0000000000000000 R09: 0000000000000000 [ 160.301998][ T7511] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 160.302010][ T7511] R13: 00007f08d4ab6038 R14: 00007f08d4ab5fa0 R15: 00007ffc12dc4148 [ 160.302040][ T7511] [ 160.302050][ T7511] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 160.302063][ T7511] CPU: 0 UID: 0 PID: 7511 Comm: syz.4.724 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 160.302082][ T7511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 160.302092][ T7511] Call Trace: [ 160.302099][ T7511] [ 160.302107][ T7511] vpanic+0x56c/0xa60 [ 160.302133][ T7511] ? __pfx__printk+0x10/0x10 [ 160.302158][ T7511] ? __pfx_vpanic+0x10/0x10 [ 160.302177][ T7511] ? is_bpf_text_address+0x292/0x2b0 [ 160.302199][ T7511] ? is_bpf_text_address+0x26/0x2b0 [ 160.302229][ T7511] panic+0xc5/0xd0 [ 160.302249][ T7511] ? __pfx_panic+0x10/0x10 [ 160.302280][ T7511] __warn+0x315/0x4c0 [ 160.302294][ T7511] ? refcount_warn_saturate+0x8c/0x110 [ 160.302315][ T7511] ? refcount_warn_saturate+0x8c/0x110 [ 160.302337][ T7511] __report_bug+0x29a/0x540 [ 160.302363][ T7511] ? refcount_warn_saturate+0x8c/0x110 [ 160.302383][ T7511] ? __pfx___report_bug+0x10/0x10 [ 160.302412][ T7511] ? dvb_device_open+0x82/0x360 [ 160.302439][ T7511] report_bug_entry+0x19a/0x290 [ 160.302458][ T7511] ? refcount_warn_saturate+0x8c/0x110 [ 160.302474][ T7511] ? refcount_warn_saturate+0x91/0x110 [ 160.302492][ T7511] handle_bug+0xce/0x200 [ 160.302513][ T7511] exc_invalid_op+0x1a/0x50 [ 160.302542][ T7511] asm_exc_invalid_op+0x1a/0x20 [ 160.302558][ T7511] RIP: 0010:refcount_warn_saturate+0x8c/0x110 [ 160.302576][ T7511] Code: 75 68 e8 b7 15 23 fd 48 8d 3d 10 d2 f1 0a 67 48 0f b9 3a eb 66 85 db 74 3e 83 fb 01 75 4c e8 9b 15 23 fd 48 8d 3d 04 d2 f1 0a <67> 48 0f b9 3a eb 4a e8 88 15 23 fd 48 8d 3d 01 d2 f1 0a 67 48 0f [ 160.302589][ T7511] RSP: 0018:ffffc9001034f6f8 EFLAGS: 00010283 [ 160.302601][ T7511] RAX: ffffffff84a15eb5 RBX: 0000000000000001 RCX: 0000000000080000 [ 160.302612][ T7511] RDX: ffffc90006e42000 RSI: 0000000000000f57 RDI: ffffffff8f9330c0 [ 160.302623][ T7511] RBP: 00000000ffffffff R08: ffff888025bc5c40 R09: 0000000000000005 [ 160.302635][ T7511] R10: 0000000000000100 R11: 0000000000000004 R12: ffff88802c83d418 [ 160.302647][ T7511] R13: ffffffff9975a8c0 R14: ffff88802c83d410 R15: ffff88802c83d400 [ 160.302666][ T7511] ? refcount_warn_saturate+0x85/0x110 [ 160.302691][ T7511] ? refcount_warn_saturate+0x85/0x110 [ 160.302707][ T7511] dvb_device_open+0x31f/0x360 [ 160.302733][ T7511] chrdev_open+0x4d0/0x5f0 [ 160.302759][ T7511] ? __pfx_chrdev_open+0x10/0x10 [ 160.302782][ T7511] ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0 [ 160.302807][ T7511] ? __pfx_chrdev_open+0x10/0x10 [ 160.302829][ T7511] do_dentry_open+0x83d/0x13e0 [ 160.302865][ T7511] vfs_open+0x3b/0x350 [ 160.302887][ T7511] ? path_openat+0x2e2b/0x38a0 [ 160.302911][ T7511] path_openat+0x2e43/0x38a0 [ 160.302963][ T7511] ? __pfx_path_openat+0x10/0x10 [ 160.302987][ T7511] ? kasan_save_track+0x4f/0x80 [ 160.303003][ T7511] ? kasan_save_track+0x3e/0x80 [ 160.303019][ T7511] ? __kasan_slab_alloc+0x6c/0x80 [ 160.303037][ T7511] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 160.303064][ T7511] ? do_raw_spin_lock+0x12b/0x2f0 [ 160.303094][ T7511] do_file_open+0x23e/0x4a0 [ 160.303113][ T7511] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 160.303137][ T7511] ? __pfx_do_file_open+0x10/0x10 [ 160.303155][ T7511] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 160.303202][ T7511] ? alloc_fd+0x64e/0x6c0 [ 160.303239][ T7511] do_sys_openat2+0x113/0x200 [ 160.303264][ T7511] ? __pfx___schedule+0x10/0x10 [ 160.303283][ T7511] ? __pfx_do_sys_openat2+0x10/0x10 [ 160.303322][ T7511] __x64_sys_openat+0x138/0x170 [ 160.303350][ T7511] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.303369][ T7511] do_syscall_64+0x15f/0xf80 [ 160.303390][ T7511] ? clear_bhb_loop+0x40/0x90 [ 160.303412][ T7511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.303430][ T7511] RIP: 0033:0x7f08d47fd60e [ 160.303446][ T7511] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 160.303460][ T7511] RSP: 002b:00007f08d2a8db28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 160.303476][ T7511] RAX: ffffffffffffffda RBX: 00007f08d2a8e6c0 RCX: 00007f08d47fd60e [ 160.303489][ T7511] RDX: 0000000000000002 RSI: 00007f08d2a8dc00 RDI: ffffffffffffff9c [ 160.303501][ T7511] RBP: 00007f08d2a8dc00 R08: 0000000000000000 R09: 0000000000000000 [ 160.303513][ T7511] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 160.303525][ T7511] R13: 00007f08d4ab6038 R14: 00007f08d4ab5fa0 R15: 00007ffc12dc4148 [ 160.303563][ T7511] [ 160.303935][ T7511] Kernel Offset: disabled