[ 8.231506][ T4358] 8021q: adding VLAN 0 to HW filter on device bond0 [ 8.235547][ T4358] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK [ 8.277124][ T3766] gve 0000:00:00.0 enp0s0: Device link is up. Starting sshd: OK syzkaller syzkaller login: [ 64.477802][ T10] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.56' (ED25519) to the list of known hosts. 1970/01/01 00:01:22 parsed 1 programs [ 83.218257][ T4698] cgroup: Unknown subsys name 'net' [ 83.329122][ T4698] cgroup: Unknown subsys name 'cpuset' [ 83.331138][ T4698] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.474273][ T4698] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 85.968182][ T4713] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 86.437973][ T4709] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.439652][ T4709] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.440996][ T4709] bridge_slave_0: entered allmulticast mode [ 86.442556][ T4709] bridge_slave_0: entered promiscuous mode [ 86.449507][ T4709] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.449549][ T4709] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.449626][ T4709] bridge_slave_1: entered allmulticast mode [ 86.450047][ T4709] bridge_slave_1: entered promiscuous mode [ 86.467155][ T1305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.470925][ T1305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.483859][ T4709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.487289][ T4709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.500374][ T4709] team0: Port device team_slave_0 added [ 86.501125][ T4709] team0: Port device team_slave_1 added [ 86.502309][ T1403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.502341][ T1403] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.521587][ T4709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.521616][ T4709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.521628][ T4709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.548684][ T4709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.549921][ T4709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.554707][ T4709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.612882][ T4709] hsr_slave_0: entered promiscuous mode [ 86.615649][ T4709] hsr_slave_1: entered promiscuous mode [ 86.628000][ T4772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.628391][ T4772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.628849][ T4772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.629168][ T4772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.629963][ T4772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.965574][ T4709] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.969524][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 87.044040][ T4709] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.046262][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 87.047333][ T4709] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.049404][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 87.050956][ T4709] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.052052][ T4709] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 87.060905][ T4709] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.060954][ T4709] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.061101][ T4709] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.061129][ T4709] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.105518][ T4709] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.109156][ T4709] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.110575][ T1403] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.111963][ T1403] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.117721][ T1403] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.117770][ T1403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.118135][ T1403] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.118155][ T1403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.234698][ T4709] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.262645][ T4709] veth0_vlan: entered promiscuous mode [ 87.264464][ T4709] veth1_vlan: entered promiscuous mode [ 87.271275][ T4709] veth0_macvtap: entered promiscuous mode [ 87.272419][ T4709] veth1_macvtap: entered promiscuous mode [ 87.276511][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.279037][ T4709] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.282895][ T4126] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.282939][ T4126] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.282956][ T4126] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.282971][ T4126] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:27 executed programs: 0 [ 87.372847][ T4722] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.374992][ T4722] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.383096][ T4722] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.383769][ T4722] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.383990][ T4722] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.400806][ T4722] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.403828][ T4722] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.406514][ T3766] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.412977][ T4813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.415191][ T4813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.417400][ T4813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.423356][ T4722] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.425199][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.428228][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.431232][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.432917][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.434237][ T4818] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.435732][ T4818] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.438694][ T4818] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.441111][ T4818] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.442912][ T4722] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.462885][ T4722] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 87.465256][ T3766] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.470182][ T4722] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 87.472157][ T4722] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 87.473750][ T4722] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 87.475336][ T4722] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.533418][ T3766] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.589971][ T3766] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.815016][ T4803] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.816337][ T4803] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.817842][ T4803] bridge_slave_0: entered allmulticast mode [ 87.819409][ T4803] bridge_slave_0: entered promiscuous mode [ 87.822427][ T4803] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.823641][ T4803] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.824957][ T4803] bridge_slave_1: entered allmulticast mode [ 87.827136][ T4803] bridge_slave_1: entered promiscuous mode [ 87.868470][ T4803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.871198][ T4803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.880087][ T4810] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.881367][ T4810] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.882583][ T4810] bridge_slave_0: entered allmulticast mode [ 87.883983][ T4810] bridge_slave_0: entered promiscuous mode [ 87.885770][ T4810] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.887433][ T4810] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.887497][ T4810] bridge_slave_1: entered allmulticast mode [ 87.887913][ T4810] bridge_slave_1: entered promiscuous mode [ 87.888426][ T4811] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.888453][ T4811] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.888505][ T4811] bridge_slave_0: entered allmulticast mode [ 87.888932][ T4811] bridge_slave_0: entered promiscuous mode [ 87.889681][ T4811] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.889698][ T4811] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.889745][ T4811] bridge_slave_1: entered allmulticast mode [ 87.890148][ T4811] bridge_slave_1: entered promiscuous mode [ 87.911714][ T4803] team0: Port device team_slave_0 added [ 87.913707][ T4811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.916340][ T4811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.926927][ T4811] team0: Port device team_slave_0 added [ 87.932555][ T4803] team0: Port device team_slave_1 added [ 87.940384][ T4811] team0: Port device team_slave_1 added [ 87.941642][ T4810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.942771][ T4810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.948580][ T4803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.948605][ T4803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.948630][ T4803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.948846][ T4805] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.948900][ T4805] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.949006][ T4805] bridge_slave_0: entered allmulticast mode [ 87.949683][ T4805] bridge_slave_0: entered promiscuous mode [ 87.950514][ T4805] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.950539][ T4805] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.950593][ T4805] bridge_slave_1: entered allmulticast mode [ 87.951041][ T4805] bridge_slave_1: entered promiscuous mode [ 87.964801][ T4803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.964810][ T4803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.964823][ T4803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.977563][ T4810] team0: Port device team_slave_0 added [ 87.987066][ T4805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.987343][ T4811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.987350][ T4811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.987362][ T4811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.988257][ T4811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.988267][ T4811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.988285][ T4811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.992781][ T4810] team0: Port device team_slave_1 added [ 87.997881][ T4803] hsr_slave_0: entered promiscuous mode [ 87.998195][ T4803] hsr_slave_1: entered promiscuous mode [ 87.998416][ T4803] debugfs: 'hsr0' already exists in 'hsr' [ 87.998460][ T4803] Cannot create hsr debugfs directory [ 87.999403][ T4805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.007460][ T4805] team0: Port device team_slave_0 added [ 88.023582][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.024857][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.026842][ T4810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.027658][ T4805] team0: Port device team_slave_1 added [ 88.036854][ T4811] hsr_slave_0: entered promiscuous mode [ 88.037945][ T4811] hsr_slave_1: entered promiscuous mode [ 88.038144][ T4811] debugfs: 'hsr0' already exists in 'hsr' [ 88.038153][ T4811] Cannot create hsr debugfs directory [ 88.044993][ T4810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.046134][ T4810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.046801][ T4810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.055145][ T4805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.056383][ T4805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.061151][ T4805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.067288][ T4805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.067309][ T4805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.067331][ T4805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.086016][ T4805] hsr_slave_0: entered promiscuous mode [ 88.087042][ T4805] hsr_slave_1: entered promiscuous mode [ 88.087232][ T4805] debugfs: 'hsr0' already exists in 'hsr' [ 88.087242][ T4805] Cannot create hsr debugfs directory [ 88.093353][ T4810] hsr_slave_0: entered promiscuous mode [ 88.094702][ T4810] hsr_slave_1: entered promiscuous mode [ 88.095553][ T4810] debugfs: 'hsr0' already exists in 'hsr' [ 88.095565][ T4810] Cannot create hsr debugfs directory [ 88.112437][ T4821] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.112513][ T4821] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.112610][ T4821] bridge_slave_0: entered allmulticast mode [ 88.113919][ T4821] bridge_slave_0: entered promiscuous mode [ 88.114711][ T4821] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.114728][ T4821] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.114776][ T4821] bridge_slave_1: entered allmulticast mode [ 88.115202][ T4821] bridge_slave_1: entered promiscuous mode [ 88.154298][ T4821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.155502][ T4821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.200627][ T4821] team0: Port device team_slave_0 added [ 88.210155][ T4821] team0: Port device team_slave_1 added [ 88.228832][ T4821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.230093][ T4821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.234679][ T4821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.243031][ T4821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.243908][ T4821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.243930][ T4821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.264294][ T4821] hsr_slave_0: entered promiscuous mode [ 88.264642][ T4821] hsr_slave_1: entered promiscuous mode [ 88.264865][ T4821] debugfs: 'hsr0' already exists in 'hsr' [ 88.264875][ T4821] Cannot create hsr debugfs directory [ 88.282405][ T4810] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.284587][ T4810] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 88.285016][ T4810] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.287206][ T4810] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 88.289403][ T4810] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.291591][ T4810] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 88.292051][ T4810] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.293525][ T4810] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 88.332533][ T4810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.339063][ T4810] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.341891][ T4126] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.341938][ T4126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.344117][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.344138][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.354329][ T4810] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 88.354358][ T4810] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.437938][ T4810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.448468][ T4810] veth0_vlan: entered promiscuous mode [ 88.451292][ T4810] veth1_vlan: entered promiscuous mode [ 88.462131][ T4810] veth0_macvtap: entered promiscuous mode [ 88.463663][ T4810] veth1_macvtap: entered promiscuous mode [ 88.468970][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.470125][ T4810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.471600][ T39] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.475500][ T39] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.475724][ T39] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.475742][ T39] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.494752][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.496507][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.504412][ T1403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.504438][ T1403] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.441573][ T4722] Bluetooth: hci1: command tx timeout [ 89.442825][ T4818] Bluetooth: hci2: command tx timeout [ 89.517092][ T4722] Bluetooth: hci4: command tx timeout [ 89.517099][ T50] Bluetooth: hci3: command tx timeout [ 89.519256][ T4818] Bluetooth: hci5: command tx timeout [ 91.526924][ T50] Bluetooth: hci1: command tx timeout [ 91.527032][ T4818] Bluetooth: hci2: command tx timeout [ 91.597231][ T50] Bluetooth: hci4: command tx timeout [ 91.597263][ T50] Bluetooth: hci3: command tx timeout [ 91.599221][ T4818] Bluetooth: hci5: command tx timeout [ 92.366750][ T3766] bridge_slave_1: left allmulticast mode [ 92.366812][ T3766] bridge_slave_1: left promiscuous mode [ 92.367327][ T3766] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.370349][ T3766] bridge_slave_0: left allmulticast mode [ 92.370361][ T3766] bridge_slave_0: left promiscuous mode [ 92.370457][ T3766] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.618748][ T3766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 92.648263][ T3766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 92.697576][ T3766] bond0 (unregistering): Released all slaves [ 92.708134][ T4358] 8021q: adding VLAN 0 to HW filter on device eth0 [ 92.812333][ T3766] hsr_slave_0: left promiscuous mode [ 92.814342][ T3766] hsr_slave_1: left promiscuous mode [ 92.814667][ T3766] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 92.814688][ T3766] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 92.820471][ T3766] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 92.822595][ T3766] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 92.836991][ T3766] veth1_macvtap: left promiscuous mode [ 92.837054][ T3766] veth0_macvtap: left promiscuous mode [ 92.837101][ T3766] veth1_vlan: left promiscuous mode [ 92.837133][ T3766] veth0_vlan: left promiscuous mode 1970/01/01 00:01:32 executed programs: 16 [ 93.011400][ T3766] team0 (unregistering): Port device team_slave_1 removed [ 93.017029][ T3766] team0 (unregistering): Port device team_slave_0 removed [ 93.596657][ T4722] Bluetooth: hci2: command tx timeout [ 93.597716][ T4722] Bluetooth: hci1: command tx timeout [ 93.677448][ T4818] Bluetooth: hci5: command tx timeout [ 93.677486][ T4818] Bluetooth: hci3: command tx timeout [ 93.677515][ T4818] Bluetooth: hci4: command tx timeout [ 93.842476][ T4811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.845384][ T4811] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.857424][ T4811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.861132][ T4811] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.870931][ T4811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.880735][ T4811] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.896989][ T4811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.899335][ T4811] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.914086][ T4805] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.918478][ T4805] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.920643][ T4805] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.923853][ T4805] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.932591][ T4805] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.935232][ T4805] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.939427][ T4805] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.942694][ T4805] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.973111][ T4803] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.977514][ T4803] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.982241][ T4803] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.986013][ T4803] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.989244][ T4803] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.991936][ T4803] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.003930][ T4803] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.006975][ T4803] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.032015][ T4821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.034699][ T4821] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.044692][ T4821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.048182][ T4821] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.049834][ T4821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.052461][ T4821] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.056469][ T4821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.060600][ T4821] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.105336][ T4811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.126338][ T4811] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.137432][ T4805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.141475][ T4803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.144229][ T3766] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.144273][ T3766] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.153042][ T4805] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.164251][ T3766] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.164289][ T3766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.174365][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.174418][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.190613][ T4803] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.193111][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.193155][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.212257][ T3766] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.212300][ T3766] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.224848][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.224889][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.248079][ T4821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.260672][ T4805] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.265523][ T4805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.299715][ T4803] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.303647][ T4803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.313077][ T4821] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.317568][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.317607][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.318175][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.318203][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.511440][ T4805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.559657][ T4805] veth0_vlan: entered promiscuous mode [ 94.565137][ T4805] veth1_vlan: entered promiscuous mode [ 94.593851][ T4805] veth0_macvtap: entered promiscuous mode [ 94.601396][ T4805] veth1_macvtap: entered promiscuous mode [ 94.613683][ T4811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.622471][ T4805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.630910][ T4805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.644998][ T4126] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.645050][ T4126] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.645085][ T4126] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.645107][ T4126] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.679425][ T4821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.750970][ T4811] veth0_vlan: entered promiscuous mode [ 94.771056][ T4811] veth1_vlan: entered promiscuous mode [ 94.781355][ T3766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.781383][ T3766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.826531][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.826563][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.860322][ T4811] veth0_macvtap: entered promiscuous mode [ 94.872082][ T4811] veth1_macvtap: entered promiscuous mode [ 94.897679][ T4811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.902106][ T4811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.915876][ T3766] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.917860][ T3766] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.920073][ T3766] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.920113][ T3766] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.983360][ T4821] veth0_vlan: entered promiscuous mode [ 95.111046][ T4821] veth1_vlan: entered promiscuous mode [ 95.135730][ T4803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.151502][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.151518][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.160580][ T4821] veth0_macvtap: entered promiscuous mode [ 95.183734][ T4821] veth1_macvtap: entered promiscuous mode [ 95.203403][ T39] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.203433][ T39] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.686951][ T4722] Bluetooth: hci1: command tx timeout [ 95.686993][ T4722] Bluetooth: hci2: command tx timeout [ 95.699332][ T4803] veth0_vlan: entered promiscuous mode [ 95.701004][ T4803] veth1_vlan: entered promiscuous mode [ 95.708698][ T4821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.709708][ T4821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.752697][ T14] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.752756][ T14] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.752793][ T14] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.752816][ T14] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.757148][ T4818] Bluetooth: hci4: command tx timeout [ 95.757179][ T4818] Bluetooth: hci3: command tx timeout [ 95.757207][ T4818] Bluetooth: hci5: command tx timeout [ 95.763764][ T4803] veth0_macvtap: entered promiscuous mode [ 97.227907][ T4803] veth1_macvtap: entered promiscuous mode [ 97.232188][ T4803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.242640][ T4803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.271384][ T4126] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.971372][ T4126] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.976406][ T3766] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:38 executed programs: 27 [ 98.237557][ T4126] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.237586][ T4126] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.267561][ T3766] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.269322][ T39] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.269349][ T39] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.357491][ T3766] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.357514][ T3766] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.747876][ T4126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.747905][ T4126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:43 executed programs: 42 1970/01/01 00:01:48 executed programs: 56 [ 111.156134][ T5218] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) 1970/01/01 00:01:53 executed programs: 70 1970/01/01 00:01:59 executed programs: 84 1970/01/01 00:02:04 executed programs: 100 [ 126.075329][ T1573] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.075394][ T1573] ieee802154 phy1 wpan1: encryption failed: -22 [ 126.221962][ T5365] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 126.388815][ T5364] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 126.388855][ T5364] ================================================================== [ 126.388864][ T5364] BUG: KASAN: slab-use-after-free in dvb_frontend_open+0xdac/0x105c [ 126.388885][ T5364] Read of size 4 at addr ffff0000cc9e9c3c by task syz.4.109/5364 [ 126.388892][ T5364] [ 126.388897][ T5364] CPU: 1 UID: 0 PID: 5364 Comm: syz.4.109 Not tainted syzkaller #0 PREEMPT [ 126.388905][ T5364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.388910][ T5364] Call trace: [ 126.388912][ T5364] show_stack+0x2c/0x3c (C) [ 126.388925][ T5364] __dump_stack+0x30/0x40 [ 126.388934][ T5364] dump_stack_lvl+0xd8/0x12c [ 126.388942][ T5364] print_address_description+0xb0/0x238 [ 126.388952][ T5364] print_report+0x68/0x84 [ 126.388961][ T5364] kasan_report+0x8c/0xc4 [ 126.388969][ T5364] __asan_report_load4_noabort+0x20/0x2c [ 126.388978][ T5364] dvb_frontend_open+0xdac/0x105c [ 126.388986][ T5364] dvb_device_open+0x1f4/0x250 [ 126.388996][ T5364] chrdev_open+0x398/0x3e8 [ 126.389003][ T5364] do_dentry_open+0x5c8/0x10dc [ 126.389011][ T5364] vfs_open+0x44/0x2d4 [ 126.389019][ T5364] path_openat+0x2234/0x2a6c [ 126.389026][ T5364] do_file_open+0x1c4/0x2e4 [ 126.389032][ T5364] do_sys_openat2+0x114/0x1e8 [ 126.389040][ T5364] do_sys_open+0xac/0xdc [ 126.389048][ T5364] __arm64_sys_openat+0x9c/0xb8 [ 126.389056][ T5364] invoke_syscall+0x98/0x244 [ 126.389065][ T5364] el0_svc_common+0xe8/0x23c [ 126.389074][ T5364] do_el0_svc+0x48/0x58 [ 126.389083][ T5364] el0_svc+0x60/0x25c [ 126.389092][ T5364] el0t_64_sync_handler+0x48/0x148 [ 126.389100][ T5364] el0t_64_sync+0x198/0x19c [ 126.389108][ T5364] [ 126.389110][ T5364] Allocated by task 1: [ 126.389113][ T5364] kasan_save_track+0x40/0x78 [ 126.389123][ T5364] kasan_save_alloc_info+0x44/0x54 [ 126.389130][ T5364] __kasan_kmalloc+0x9c/0xb4 [ 126.389135][ T5364] __kmalloc_cache_noprof+0x284/0x56c [ 126.389143][ T5364] dvb_register_device+0x1ac/0x16ec [ 126.389152][ T5364] dvb_register_frontend+0x464/0x698 [ 126.389158][ T5364] vidtv_bridge_probe+0x57c/0xa24 [ 126.389166][ T5364] platform_probe+0xfc/0x198 [ 126.389174][ T5364] really_probe+0x2a8/0x7e8 [ 126.389182][ T5364] __driver_probe_device+0x1e0/0x33c [ 126.389190][ T5364] driver_probe_device+0x6c/0x19c [ 126.389198][ T5364] __driver_attach+0x164/0x374 [ 126.389206][ T5364] bus_for_each_dev+0x128/0x1b4 [ 126.389213][ T5364] driver_attach+0x4c/0x5c [ 126.389221][ T5364] bus_add_driver+0x208/0x4fc [ 126.389228][ T5364] driver_register+0x220/0x30c [ 126.389233][ T5364] __platform_driver_register+0x6c/0x80 [ 126.389239][ T5364] vidtv_bridge_init+0x34/0x5c [ 126.389249][ T5364] do_one_initcall+0x274/0xc20 [ 126.389256][ T5364] do_initcall_level+0x128/0x1c4 [ 126.389263][ T5364] do_initcalls+0x70/0xd0 [ 126.389270][ T5364] do_basic_setup+0x7c/0x90 [ 126.389276][ T5364] kernel_init_freeable+0x268/0x3a8 [ 126.389283][ T5364] kernel_init+0x24/0x1dc [ 126.389291][ T5364] ret_from_fork+0x10/0x20 [ 126.389298][ T5364] [ 126.389300][ T5364] Freed by task 5364: [ 126.389303][ T5364] kasan_save_track+0x40/0x78 [ 126.389312][ T5364] kasan_save_free_info+0x58/0x70 [ 126.389318][ T5364] __kasan_slab_free+0x74/0xa4 [ 126.389323][ T5364] kfree+0x188/0x5e4 [ 126.389330][ T5364] dvb_device_put+0x64/0xd0 [ 126.389338][ T5364] dvb_generic_release+0xec/0x154 [ 126.389346][ T5364] dvb_frontend_open+0x9b8/0x105c [ 126.389352][ T5364] dvb_device_open+0x1f4/0x250 [ 126.389360][ T5364] chrdev_open+0x398/0x3e8 [ 126.389366][ T5364] do_dentry_open+0x5c8/0x10dc [ 126.389373][ T5364] vfs_open+0x44/0x2d4 [ 126.389379][ T5364] path_openat+0x2234/0x2a6c [ 126.389384][ T5364] do_file_open+0x1c4/0x2e4 [ 126.389394][ T5364] do_sys_openat2+0x114/0x1e8 [ 126.389401][ T5364] do_sys_open+0xac/0xdc [ 126.389407][ T5364] __arm64_sys_openat+0x9c/0xb8 [ 126.389414][ T5364] invoke_syscall+0x98/0x244 [ 126.389422][ T5364] el0_svc_common+0xe8/0x23c [ 126.389430][ T5364] do_el0_svc+0x48/0x58 [ 126.389437][ T5364] el0_svc+0x60/0x25c [ 126.389443][ T5364] el0t_64_sync_handler+0x48/0x148 [ 126.389450][ T5364] el0t_64_sync+0x198/0x19c [ 126.389455][ T5364] [ 126.389457][ T5364] The buggy address belongs to the object at ffff0000cc9e9c00 [ 126.389457][ T5364] which belongs to the cache kmalloc-256 of size 256 [ 126.389462][ T5364] The buggy address is located 60 bytes inside of [ 126.389462][ T5364] freed 256-byte region [ffff0000cc9e9c00, ffff0000cc9e9d00) [ 126.389469][ T5364] [ 126.389471][ T5364] The buggy address belongs to the physical page: [ 126.389475][ T5364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000cc9e9200 pfn:0x10c9e8 [ 126.389482][ T5364] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 126.389488][ T5364] flags: 0x5ffc00000000240(workingset|head|node=0|zone=2|lastcpupid=0x7ff) [ 126.389496][ T5364] page_type: f5(slab) [ 126.389503][ T5364] raw: 05ffc00000000240 ffff0000c0001b40 fffffdffc333d590 fffffdffc3064090 [ 126.389508][ T5364] raw: ffff0000cc9e9200 000000080010000f 00000000f5000000 0000000000000000 [ 126.389514][ T5364] head: 05ffc00000000240 ffff0000c0001b40 fffffdffc333d590 fffffdffc3064090 [ 126.389519][ T5364] head: ffff0000cc9e9200 000000080010000f 00000000f5000000 0000000000000000 [ 126.389525][ T5364] head: 05ffc00000000001 fffffdffc3327a01 00000000ffffffff 00000000ffffffff [ 126.389530][ T5364] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 126.389533][ T5364] page dumped because: kasan: bad access detected [ 126.389536][ T5364] [ 126.389537][ T5364] Memory state around the buggy address: [ 126.389541][ T5364] ffff0000cc9e9b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.389545][ T5364] ffff0000cc9e9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.389549][ T5364] >ffff0000cc9e9c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 126.389552][ T5364] ^ [ 126.389556][ T5364] ffff0000cc9e9c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 126.389560][ T5364] ffff0000cc9e9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 126.389563][ T5364] ================================================================== [ 126.389575][ T5364] Disabling lock debugging due to kernel taint [ 126.389592][ T5364] ------------[ cut here ]------------ [ 126.389598][ T5364] refcount_t: underflow; use-after-free. [ 126.389705][ T5364] WARNING: lib/refcount.c:28 at refcount_warn_saturate+0x154/0x1f8, CPU#1: syz.4.109/5364 [ 126.490958][ T5364] Modules linked in: [ 126.491573][ T5364] CPU: 1 UID: 0 PID: 5364 Comm: syz.4.109 Tainted: G B syzkaller #0 PREEMPT [ 126.493296][ T5364] Tainted: [B]=BAD_PAGE [ 126.493962][ T5364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.495758][ T5364] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 126.497101][ T5364] pc : refcount_warn_saturate+0x154/0x1f8 [ 126.498045][ T5364] lr : refcount_warn_saturate+0x154/0x1f8 [ 126.499009][ T5364] sp : ffff80009bdd7540 [ 126.499718][ T5364] x29: ffff80009bdd7540 x28: ffff0000dbdcc748 x27: dfff800000000000 [ 126.501127][ T5364] x26: 1fffe0001b7b98e9 x25: dfff800000000000 x24: ffff0000cc649068 [ 126.502476][ T5364] x23: ffff0000dbdcc748 x22: ffff800083949be4 x21: 0000000000000000 [ 126.503764][ T5364] x20: ffff0000cc9e9c10 x19: ffff800089f06000 x18: 0000000000000000 [ 126.505049][ T5364] x17: 3d3d3d3d3d3d3d3d x16: 3d3d3d3d3d3d3d3d x15: 3d3d3d3d3d3d3d3d [ 126.506346][ T5364] x14: 3d3d3d3d3d3d3d3d x13: 0000000000000001 x12: 0000000000000000 [ 126.507694][ T5364] x11: 0000000000000b4e x10: 0000000000ff0100 x9 : 9ef5470fdd42bb00 [ 126.508953][ T5364] x8 : 9ef5470fdd42bb00 x7 : 0000000000000000 x6 : ffff8000804886d0 [ 126.510269][ T5364] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f13b0 [ 126.511625][ T5364] x2 : 0000000100000000 x1 : ffff0000d7dc8000 x0 : 0000000000000000 [ 126.512817][ T5364] Call trace: [ 126.513390][ T5364] refcount_warn_saturate+0x154/0x1f8 (P) [ 126.514310][ T5364] dvb_device_put+0xac/0xd0 [ 126.515012][ T5364] dvb_device_open+0x238/0x250 [ 126.515753][ T5364] chrdev_open+0x398/0x3e8 [ 126.516512][ T5364] do_dentry_open+0x5c8/0x10dc [ 126.517273][ T5364] vfs_open+0x44/0x2d4 [ 126.517893][ T5364] path_openat+0x2234/0x2a6c [ 126.518603][ T5364] do_file_open+0x1c4/0x2e4 [ 126.519420][ T5364] do_sys_openat2+0x114/0x1e8 [ 126.520227][ T5364] do_sys_open+0xac/0xdc [ 126.521011][ T5364] __arm64_sys_openat+0x9c/0xb8 [ 126.521830][ T5364] invoke_syscall+0x98/0x244 [ 126.522600][ T5364] el0_svc_common+0xe8/0x23c [ 126.523380][ T5364] do_el0_svc+0x48/0x58 [ 126.524049][ T5364] el0_svc+0x60/0x25c [ 126.524732][ T5364] el0t_64_sync_handler+0x48/0x148 [ 126.525623][ T5364] el0t_64_sync+0x198/0x19c [ 126.526359][ T5364] irq event stamp: 562843 [ 126.527072][ T5364] hardirqs last enabled at (562843): [] arm64_exit_to_kernel_mode+0x7c/0x90 [ 126.528751][ T5364] hardirqs last disabled at (562842): [] el1_interrupt+0x28/0x60 [ 126.530288][ T5364] softirqs last enabled at (562784): [] local_bh_enable+0x10/0x34 [ 126.531823][ T5364] softirqs last disabled at (562782): [] local_bh_disable+0x10/0x34 [ 126.533441][ T5364] ---[ end trace 0000000000000000 ]--- [ 126.540337][ T5369] ------------[ cut here ]------------ [ 126.540354][ T5369] refcount_t: saturated; leaking memory. [ 126.542443][ T5369] WARNING: lib/refcount.c:22 at refcount_warn_saturate+0x1b4/0x1f8, CPU#1: syz.1.110/5369 [ 126.544000][ T5369] Modules linked in: [ 126.544591][ T5369] CPU: 1 UID: 0 PID: 5369 Comm: syz.1.110 Tainted: G B W syzkaller #0 PREEMPT [ 126.546245][ T5369] Tainted: [B]=BAD_PAGE, [W]=WARN [ 126.547088][ T5369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 126.548737][ T5369] pstate: 63400005 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 126.550068][ T5369] pc : refcount_warn_saturate+0x1b4/0x1f8 [ 126.550990][ T5369] lr : refcount_warn_saturate+0x1b4/0x1f8 [ 126.551931][ T5369] sp : ffff80009bd97540 [ 126.552610][ T5369] x29: ffff80009bd97540 x28: ffff0000d6f19008 x27: dfff800000000000 [ 126.553994][ T5369] x26: ffff7000137b2ebc x25: dfff800000000000 x24: ffff80008725c908 [ 126.555426][ T5369] x23: ffff0000d6f19008 x22: 000000007ffffffe x21: 00000000c0000000 [ 126.556747][ T5369] x20: ffff0000cc9e9c10 x19: ffff800089f06000 x18: 1fffe00035c25820 [ 126.558036][ T5369] x17: ffff8000888db000 x16: ffff80008898cfc0 x15: ffff0001ae12c10c [ 126.559355][ T5369] x14: ffff0001ae12c108 x13: 0000000000000001 x12: 0000000000000000 [ 126.560706][ T5369] x11: 0000000000000000 x10: 0000000000000003 x9 : c53cbbee27d09a00 [ 126.562084][ T5369] x8 : c53cbbee27d09a00 x7 : 0000000000000000 x6 : ffff8000803bd40c [ 126.563321][ T5369] x5 : 0000000000000000 x4 : 0000000000000008 x3 : ffff8000803b0794 [ 126.564627][ T5369] x2 : 0000000000000001 x1 : ffff0000d8ab9d00 x0 : 0000000000000001 [ 126.566354][ T5369] Call trace: [ 126.566849][ T5369] refcount_warn_saturate+0x1b4/0x1f8 (P) [ 126.567784][ T5369] dvb_device_get+0x9c/0xbc [ 126.568537][ T5369] dvb_device_open+0x100/0x250 [ 126.569311][ T5369] chrdev_open+0x398/0x3e8 [ 126.570017][ T5369] do_dentry_open+0x5c8/0x10dc [ 126.570758][ T5369] vfs_open+0x44/0x2d4 [ 126.571390][ T5369] path_openat+0x2234/0x2a6c [ 126.572139][ T5369] do_file_open+0x1c4/0x2e4 [ 126.572925][ T5369] do_sys_openat2+0x114/0x1e8 [ 126.573666][ T5369] do_sys_open+0xac/0xdc [ 126.574378][ T5369] __arm64_sys_openat+0x9c/0xb8 [ 126.575191][ T5369] invoke_syscall+0x98/0x244 [ 126.575934][ T5369] el0_svc_common+0xe8/0x23c [ 126.576659][ T5369] do_el0_svc+0x48/0x58 [ 126.577317][ T5369] el0_svc+0x60/0x25c [ 126.577957][ T5369] el0t_64_sync_handler+0x48/0x148 [ 126.578812][ T5369] el0t_64_sync+0x198/0x19c [ 126.579590][ T5369] irq event stamp: 58 [ 126.580255][ T5369] hardirqs last enabled at (57): [] _raw_spin_unlock_irqrestore+0x38/0x98 [ 126.581855][ T5369] hardirqs last disabled at (58): [] __schedule+0x308/0x2d24 [ 126.583327][ T5369] softirqs last enabled at (24): [] local_bh_enable+0x10/0x34 [ 126.584824][ T5369] softirqs last disabled at (22): [] local_bh_disable+0x10/0x34 [ 126.586359][ T5369] ---[ end trace 0000000000000000 ]--- [ 127.157348][ T5373] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) 1970/01/01 00:02:09 executed programs: 118 1970/01/01 00:02:15 executed programs: 137 [ 136.320774][ T5482] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)