last executing test programs: 6.069185893s ago: executing program 3 (id=4): ioctl$SNDRV_PCM_IOCTL_UNLINK(0xffffffffffffffff, 0x40044160, 0x5) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) readlink(0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000180)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, 0x0) 5.531336646s ago: executing program 3 (id=7): r0 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x20004e, 0x101441) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000340)=ANY=[@ANYBLOB="64069fb482"]) 5.257012137s ago: executing program 3 (id=8): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f00000003c0)={0x8}, &(0x7f0000000400)) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0x0, 0x7, 0x10}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r3 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x300, 0x198, 0xffffffff, 0xffffffff, 0x198, 0xffffffff, 0x268, 0xffffff7a, 0xffffffff, 0x268, 0xffffffff, 0x7fffffe, 0x0, {[{{@ip={@broadcast, @loopback, 0x0, 0x0, 'veth1\x00', 'veth0_to_team\x00', {}, {}, 0x0, 0x0, 0x41}, 0x6, 0x130, 0x198, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x7d}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x2, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x360) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x19, 0x79, 0x2e, 0x20, 0x7b4, 0x10a, 0x102, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x44, [{{0x9, 0x4, 0xbd, 0x0, 0x0, 0x34, 0x67, 0xc3}}]}}]}}, 0x0) 3.575989634s ago: executing program 0 (id=10): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e22, 0x0, @empty}, 0x1c) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), r2) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000800)={'wpan0\x00', 0x0}) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000c00)='ns/net\x00') sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fedbdf2514000000080001000300000008000300", @ANYRES32=r4, @ANYBLOB="0c000600020000000200000008001d00", @ANYRES32=r5], 0x38}}, 0x14) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan1\x00'}) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wpan1\x00'}) sendmsg$NL802154_CMD_SET_CCA_ED_LEVEL(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0xa740256f7f41da6d}, 0x44010) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) listen(r0, 0x3) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a0435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0x1, 0x2}, 0x6) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0) 3.369747428s ago: executing program 2 (id=3): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000001c0)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000140)='sit0\x00', 0x10) setsockopt$inet_mtu(r3, 0x0, 0xa, 0x0, 0x0) write$binfmt_elf64(r3, &(0x7f0000000e40)=ANY=[], 0xfdef) 2.548946715s ago: executing program 0 (id=11): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.284849997s ago: executing program 0 (id=12): ioperm(0x1000, 0x9, 0x7) mq_notify(0xffffffffffffffff, 0x0) 1.893222762s ago: executing program 0 (id=13): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@remote, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x0, 0x16}}, {{@in6=@empty, 0x0, 0x2b}, 0x0, @in6=@mcast2}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x6) writev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)="480000001500190a20ffff7fffffff5602113e850e1de0974881030491720000de213ee23ffbf510040041feff5aff2b0000000000000700"/68, 0x44}, {&(0x7f0000000080)="c1130389", 0x4}], 0x2) 1.844986011s ago: executing program 3 (id=14): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) creat(&(0x7f0000000300)='./file0\x00', 0x0) read$FUSE(r3, &(0x7f000000c3c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f00000000c0)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x50) syz_fuse_handle_req(r3, &(0x7f0000002140)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007ed10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000889049938edebcd600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r3, &(0x7f0000004140)="02f00c1d0dda83190c8b2969e5d107b997d557314c4da896298ff72343456d7ad8d0a3c9d50de42ef139d0d06f47aefa86d39e623e4983730bc4acd2a3453e9ce8ab83ca57bba44ef9418053978935925402ab801b6979708a525ed019908b34e02f859ad4fe7ea4a350535a413c192c59200cfe1146cfce7eecb4623aeba4b78d98a60a06859f115f185f5849bc4bf657cc34fdbd22e7093ab80cc806d17ca48f8eece4181c9ac3c9683567bd26348a00f13b4227b52da5dbbff4d3903749eb428bb6a464379db2f0332abbfe4d5a1d8f3175def20fd81e00e99af5cd23e1fe1a02affae45d2fcca7311570b269f073fc727285b6eeaacd862f40f1e5b84abec8f63212c89e4458c61ab5c32f7347d7d537d267708129701bdc744d35218ce52988699adf1e34f61493fd397296b4ca0aefbeeea873eff80fe26c0bf3c058ab0ae570ac08e3c53079d31669f34bee6d68b92398fe21c1d76a24d858af557d7723d27c0435f70fe46b18d17f3c207ad809bf3cf81c3074be87ba9d2beb513903109a9dae4a56576ae7bd3ecd4917a2f22c756f100eb0f3b48f3c506aa5d717b9683762e8d268ecddcf5121ab06300b1cf3586c910bf23de3defeedfcc1e899c899eb483c9b30cc56181f34937c70e9a2482ce13531bb80293f85fe080e722bb628b67a1cc9a9e7607313f0ce60a8f79fb0807139f503622c7cdfbdef26fc004897ca200a9b4328e0961a79e46ea7734a51d3c8930ff903d4779a48b338f43ba5d6b50f27f69802ffeb5473b15e66835035b7bf41489804e99eab0fc7579f569b1ba37151913454be46c6cb12b4e5f8c7a0a64c992fe18e07088d4ae91fbe6ef05d74d63173823bcd63948ebd29b70f144c7a03c951de8e3873623c14c4a99b52a9ad881206005e66f8588b0d73994cbfd6aefddbf8cec9622f948fe21287b38b9daf40c6ccb3feedf50f90e8f4da6a6bbc14b87e514cd976302e223a3c9165ec4b79f341908a97e13331582f39da15f2e9a6ea5a836bff4a42cd816f7f2028763bee37e7bbd0ccdf419edd48c55a6883825cb3373eb0b222187fdbf7a0dd4c862e9c658a5590c62b95b2467b155a87013ad20d47bfc8e8049f8bee091cb893b5d507772ccaadabf407a25647019312cad64b940137ceb603e9854a41d540649d52e5b2a39e7865ac1ab41cc1304712520e8e2827403b01dbee87b8b0caffa3c1bdd3b81538743a5422be517a5c679543282fdb46b29cf256a9d7e1c3dfb69c399db615e2e785d5a3cc719cafaa7973a542679b3185f5f86e4864637ececc4557a5465b05bfbdfe433546fe822d00f41b45c1473fe88d8a6911cd673f3d71518d3d3918ed766030448f01ad5e5ab66a6eac88720f7205491f9bd15d448172de258c865534b0dad6e607819aca86211254ecaafe4597af845c1c92098320dc14d1bae44486a02b8e81733a2be227acf940df9a2e717d9373a52a82ae0863af2320ec820fa8778b1e0123d41e6a79055adbe1b63da8e84ad6eb7906ab65b92c493a8150685dab1e2f2a16da54abe9cddf141dc41ea8a600a5e28bd8a342be318fa91d2e98c36a681c98f5676b27583d49f4948666c80f3b49b2ef6b71896e980c6cf93856d2dfb59cdeab1d8940296207d1f15cf75d7beb6f744fdb38f34e00148f48b3b92d65dab43f3514761864c693e6fdf1e08be74ec507d180301d419cf151901bf2bbc1245bedfe9f8b91f64c869d0741026acb0499a4a7cb167107f609141c349a7810d16b417727ded0decd32b4d48a624d027a3d057a9763ac5139adb0042d70caf9969c7a6bad7afe5d8a48d0e5726396d379a2bfaf957468748c9944bad2dcbefb1474a7d782b2e8e278a10dc6d6dc921476d661cea4439d8ba17c95c9189ef879b52a1889574f70c022b0cb973587a70e5d4147aaf1d1f58836540eb0824e73386d2c3a94d253b99d4532c97c2a75588c536cbc24e47088dfebf31ffc0cb23076bb2f515546b3721d8063e3b88d3a8ea196b88564f65e5f808eff5ab6a30095d6e0978a286b9d693a6053231d71dbf96967b5a2c6eec44117078851bab60718ff22a3e8c522fa8d85d6df1a816b62a557b47b05c5df626a47928523541c23e9f0a0a86515437bc0eb7b9b4b7bb866206e093fb4a5dba6ad9d2424d7fb2f8f220b00be734c781a91ad4555f2714c6c59588300ad47d3ecb86fae178609fe60d9f604be31c05cf3cf1edffb45cc2ce24ec44434107834c6335ac09e2e931b0a8c6cea5ddee3686ec9bf9ef6693fc85e36a7fe1146aa93da6f4dd5f36ab0dcbc28d29ddeb481d5d4f8a2817733a8dff3cb07ac1256bd43dab768c1661e4c8bd3ede3aa548f90424fea8e39c6d5d639b49b7b4da6a95700ac6d9f66bae43320ebe5add0c0cf5fb8a1482c60a21d1ed54ca7967bc22362ccad5c9aca0a7151b53546618500ab0a32151c7e61fc1cd7207f165449d4935337ac69259142d952d83e415bf39227224f208ccd4f6476804b7a9ed45f14f7414e36c9c1000ae4ff34e5ccfa224875c81bf30a73300a22c9dbba7770d0078ff37c965b2d9f97e50e64072d7db371fe4cd364e305f64c1fc70b682cde8fa865fdd7cefbc528f3177a67a4f31f3085ab385705a5008d7572b8f6690c07a9f0d8754614bf036d4efa96b09258cc43787df3259138f995a6d9dd13728fa1745c8e4af63e48853bc63106859defe07c53ead96f2bbd300ace2df4281ee764ba0c2234d4e0da8c0bce90ee74322d50a5653001a6706c8f4f315219bbc7fa42ee186ac031ae2a7f806e539f6d498514c3b657f6b6864ba1cc94879bc70ec199ce4124907bbaf5087280f9288a51f6d2849a2ad906aac9e98874fa678c66e0d71479f71d81aea11acca91b1a80e1517f6ce93d63deb7712a15232856db2e4e33b0c50f638c5c0b11fb81c4d9d1f4ba9914b8cdb1ee091b320db91850700a5ee1f8b837deaf3eac758b1aa03ceaf559cd87f5bea97897b97661746fd0e08713fd5fe42a87de04a2c9256571a14818750dc51d3c5190d8c2055860c0470309ebdbcdf1c050e0de01e6111bafd83eed68935fa61dea3dc55c278080935ee9d36233148dcc1ea0a3867ece386248ffb58ad2c198ef8ba29ea07983740e584daad92c62ec10c3dc16be4283bae22ed5e39a9821a29a40952950abf6b41732933950312719749ad06eee0c08eae0136eb4f16cee5ed167df66482ece475632dd25cc43782df12a8573492fa46da81b527213b098e3d9b0bfc9da02bde9c8f0672778cc418f4c0a113a513b358674de8b218fd3345ccf4179a9db6c0e1858e558e749036ea70c045d572ead75e60cf08fb26551741fdb86ff3c0bfcda029aecb789c9b8e27f360ce04159b9814674a3b5ac823546d4ac467ae878d2d4482e4d5bbf8945155410b8e7ec05619c3d6e254e30879f4dcc3d93b5c3e3f73230e2bb406accf83cc5a3f4b8388b851a98fafa03ddf392b9c0c5232445a313f440f158b20cbc34c29a0e36a062a10ec77d0bbeeba5771da4dfdf3654140f53e85d98f6a065850ff5afec907eddae8b7128ba9dd0821acc8511f3e3c68e9ef9da35df09315619ab781192a648baf254fd5f35cb650b7672a9a82f989bf2039961f68763e34db401c903a40a5ee9495b7011893639ed3c3b83998503905cdc1dcfbc223bec4cbb5e1459ec4bfc6eb14dec0741e2364eb9cd9d988013ae2740b722704d99576f897aca6b3d5c34a057d8a5f51c1bce080936a21fe214c3516c6edda99c4fd104e033fb553839a386fa74549921ff4216589dfee205fec1031e121bb58ede2fad12805785abedd162396e11d36dcdb1993853eefb6e1c8c72afecf98969db8216da5276e347a327c60ec97865e2397127198151feeb9e0e6268fa6e88c50ec8d681450e642fc01455fa216f9835d6e309f9e4b5129a2a56db042f0c0486a47033b52f59513094864c0c6c313c7edebebc28db44679c3544e93375c80cb782763f37d85eba6c0bae5934875444245d467de5d6a463443933ae95400f88441d70891e6455f73356717f68e408b0cf91f0deb9aabce6c1cbb1459d8095433a1e08039132fb8ec30687f856e524ca8ba00b6a20225da41bfd260fa214c26de5844246d44ac5ee2af44f158da1f55188277161d7158fcb97b1e37ff3088cad7e79e78b19c7440ae76356f0b094f928a61e9195fe87a0330baa29dc5e1370abc024577a521ad224074f5ee52c30326e2d1e87044b2027232ac28ba099e211a7b33df9fb6d2fd662b7d38a14c40538dcad133f4f75ce114cf8e583f74d2d5251547541af0236aa59075263e2611fc807ff898163c56ef01e7454da2a6000ac229530ea7bf1eb75529d3c98e6f7fbf3d4cba327ed5cdcb83df0c11fbead1de4ec3ac5c2cb8dda8591f4c316e23a0668ca25149f8a55a47649daf9e40f784319e8b901e70a8a31bb4f8c0a86a4999bdfcb0e9f297e753bdb2a275ef98a92b8dbab2d6eedc06ce92502ae7ae76f6b13264ba41e717f8257e34bf1ba512b335d5d178d74742cc0ec6e7b16942095cde010cd90b5c8a158b65fc51d958a96a7d20446c1fd8d1b0fc9f2de8f404a80b504098dc68e2c60b0f43ab538cba0ca5409dacfbdff2267374775605dce498514ee7b32a7f55452986b12dc6178d6a926dfbac6bbdcc051d0cd54bc3aca47bd665e01bf1f050f7903f031197594c513ce5ba931e2819f5bb63c5238c19c1be9f4d9668e5c075804fd43ea60f0ab9f00e06683b8e29379a9326b40e8fe05161adf1cb519c31ecebcb042ed1fbb4b9f1b12470bef6e964855baaff5a7dd6146f07caa8097c778bd10e5ce995884d1f3b91962a7974d84de6157d3f54735d5b82e11e6fc000874ecd396114c693ce2297caf7a9c6a6814a890e4d74e17a16339ba103c0d2da87e522ed67cd23047c7d9bd1562234aec98b85ad4534522cca58ee17ccb9c8fe7cd68ad3d6d6e0edbb550ec957772ee1109d501ab76e364a988e02e6b4a5b62f72e61fa7cc6120d12414d3c8ea09bfaac8e806d19dd76f940b769863d200861e44c72bfd870005f6663a7a6d1d60ac1e376806293d5143968d37af14301c9d6506985eb7bdd607dfa4d3cb5cb058019cc5502c534d3a5a1337bbf6306184230cc21e3ef7744b839cd82fc6347316e098e05ced0f25b9cf5721f2d003bdb4e0a79eff90ec4aacd6afbb78ca6f129cd16c8b2f3aefb5a2036951db7ebb40d36723a75723b3d1011e6085493664bf5d336c5cb4079ae1ca2412c53c464831844c27f089ffe345a2029118672b2fd2a24c72f9088dc5f92cc5f3bcd6c7359f52d32ea15172e95af7e6c81c52f20995877cafed48dd49762701c88c225bbffbbc3160d838957588fc2d41efab4148bc961e8d66b5b21e7eb4228a132d61a1c9f6e2baf7430d92478a3948fca4e10594167ca5e72678189cb4e90a0b0e45caada64d15010d73157cd8b4d04099ecefb1ed187d673d1bd33f13dbe4b44d351a34738280f21a79b3146b0071a0924e643c1dffe0d8c72b3bdcc00f203153f63c249f18e0e9e7ed1c0237411893832fc5be40d308b194bb04a17e38f0717a0808058b7291d20b6f0f1e5ba11e2351d985138c61806b41ea5a77ef80feb1f6f7383000e97549487f1bc9c3b5e8ccb6ed7ab8e08b258c75d5aad2a01fe8b5777ef5c7ec1eb3feca16dabf8eb50312f8786d5018d7bb7c9776f028af7b3423af3410696587f3feba823e5e3ccacfeb23fd4359c252b2ab5136d2fa7a6633758b5c45099f70a672999329eba1c89f07af0eb7c3fea5ac468ce042d699b6f391eaccadcf6d14e97c620a5eff7d92946f09d79d31cc876da261182a73a3234d5e53709185680c8b5376e4d8445fe4fff988062f23e42e4b7908ec079a840f0be839062074c22c44b7f4c4b23be2b6656abbb103acc0bd5058e0112a7d55cdce5042a76fe24ba5e9a1105c68dab94dddd44cc6c860172847f20e6ebc49787ed8ca19824b09468933ae9a496e960b7c592e783b6a5f10a9d9c2265794c5891ae7eb9cca9b3f99981a252d522047b95fdb518fe681829948a9d329b9cc7cb2f806ee81a3c930c73c8f12a05b47f1470ff08d5a03f37dacc1e4a7f65563f8825f9ffc316c2ed7a5ea434cab348c850d1b8eaaa0ab2ef7460269aef06f9c46a1957575cee49e1aa72d470dc9763b4abd61d34693e462353c1d023249bb7085f1362ec6bab9d349633d5f9637e6a12690e502f8af9c2d37a3f573411595539c66e9f82d5b39c01606af258e769b2391c3cd0bb0d93eaa36e168136b301d516724ecb173a0766ea9e9d5be5dcbf58e0322261e584d22594cfac91d16bcf38b8cb69e022b0956fb4be2981a526bb1832749ea1f7b188dce590927620ad9d6162ea52bbdbd14b45ff967f183c1af4269dc16a1be7b0b5278ec02a259aed022039e70a9c1456997fc1d053b1ab54238d8282dd11b68b806c745a257a7c0fcfad3277245b1f7749243f457121b3d17122f27be6b1c56e9bc151f52db66c92246072ca4e5d10619a6730b1609f133b5db1f2b0bb4a86dee2c44a6e25299ee74b99eeab5f195728aa45dc7bd300bccb48819bd40b12152b40e1395ac25d8b0cd1ae12b9cd46a8e54f495cca85a680cd43f70f55505f1a72c030dcebbb2e5b26ec971cd58c76ee67d86fe075bcad475658f1cdf09c94bcb5b4db83b3147882f65f67921267f8471d8deb7b159761c83fb9547db71b6878a21287aef6a2e01134e735c073645d2488138f280754ddf66cf8c0208e51a96696e185120a6b84a73d2c9bfbfa9e501f1126b44c491ec437a0b490cbcec5e8e0e0c21f803354d2d1923fe82509706ab34eb03101dded5f6421a6b90dea3db643a22eee1549e30d44184bbe7b842a656b91184ebbea76d00942b429dc07c704750fcab290c43bfdd2aed8257c21312933a11a76d0be361753a49ccbad5fab68eef867e11fa99a1d8021218809c0ce0bd52bed2d5c97fff7283e549afee371b7f1b3973ebebcf11f9687c7086129ada7bc09bca2da4fc02c0af28aa043f3f2c1e02dadfbc3a245dfd2e30e6050e05388006852e871b6890ddc006072d1a062978240df6166ba6ccb732195f21bec579d3d2b3f13e818e9fac77be72152fd441f6ab772b7fd3f888a91f8420f336e5a69e36dfdcc23b066506167960dcd1e5c84d4f236bb83f8daf03007d86d5b34aee798755077dea9b4faf98daa725cc3ab671b3b2b95c193530e0d018309a460a518878ee82e8495622028383ee97fe6a0111521b9a60fe51011bd0c62ee11e7a3dc5a0e8e8b82e476e752f63c5ba75a32e7b5b40d8ed1f539b3262351ce42d1bbcae0371ca72790ca4deff1441404f072947970ed3f23894e6c894c9fc7644c4082188b1ac8ef1e5c045bf438b9b81c7333859fcd071100785e14568c784ca30c4aea8a728a7796a201aa1b65a9355cf368b440498c433414141aaeaf722b9ee70b7cd28a3c2beb61ed99b619a4486b4b7210fe5b1cffa4474421b41303f6de7432874327532cbaecd0e1e9e90f00cf03161e9748807f3728e947c1ce281f3417a3a162deb2d01a5aa330e95b5624769d278aabfdfe6e8089c62ee1c26be5c121cfef2fcb549c1671497a05c2a397f5090caf6913fb39f01a095d55d33ae31d36bf223cd506ef2eaa48b1729c2dbdd7cf84bd1c2d0ebed7b6487991de616517c4e53665e60e6bbf559dd5cddd5eb88087fe6d0e2632f10b9e0f653bafbf992f55dd2592bea82a9a5958ae3e767bcf2c50b691e33dab8d2b1b2fb33419b5dae945a7d4a0169ec64817cc02b02139d7f70bfb42516c913311b42323cca46e690467c894a26ea624432b3c536f48ad569d56d8bf131048f81c0bf77460bf7acdf513087bcca1366bbfd05136ab5456f7e99f545f343eebf57299bfb4ef4a3af05357037e7080ba36084505eaa7339fc981cb99e381c3456d3de6cec5c5dc76427b13db53c9bfe516577b51411602146929e08c8762e6c99325a00242bd15f511f25eed7aac3537aca0407c70f362a0583fa10bb259f758feca1edb4f8adff7626bbf67fa0d940bb773d1afd523033b25107fe02161faa7a2bfcd629e58d681be5e980f8d563daac8532bc747a4242fa539416bfedf38cd8e3aab1764102c87627308abc41f6ebf8f03126d26ef90c10f0dd0fb5be22ee794fffb3ef0537f640b92c2ec335ff99422fe5fa41467e1a95fdc98e13881e1912f73afb489f237acfa971f6f64d9dc0066552167ebad1a7797412998a748d3b236e41ee5a8c223a1fa033389dfd2beb582987344db19988096e3bc0c44c8fcc4ef4a1d60b3991a5e3eb08d476c6dbdef30ce2b7f84de6925e28eed23daafe6be895d9b9c055519f9f3dd5c67cfafb5138380f581ec2bcd15c415087c85c32db56fd589883d3f1c81d56fe2436e910bc873596d4fc5abe0046e00934912f70c028c41390091988fe9fc46df6f10edb697bd1408486860fb6e77c76b4778a151769be25d891c1bde084ddcf964a7d3e528fb39835d8a003ee95e31f7c6c8f22e2d97454b8bff0450f6d9d3f3066041f19aa7e99cd00bcdb238e493912ffa5992eaa0c10dc4e0c4277ad8b5b9be74f72a0b2b89cb5df3ff6e06d84b4db052a1846a2b8284d49c0562f561dde8fe38bde79afa4eb12095c9fcfb9805ff76db4c63f2c737bb97117f880284feac51aeb26e21071a8770cffb4670fb94894c5b7cb6b60c3cc6a0e04458371bf59669f07be5517d5aafd2485aac11e29332bc9c0d9aab851d40aa713665be691c1887ed057e63bdb4da732f70dfe503a009c6c431d6780559273215a222228082dbe613d2dc235908927b1693adf812ddd267d1f7b64abc5e174b057e550c60d5b4e5f4aed8fe16dc5ecd7d7fbc3647efe8abbd9f2ce4f21a14d2e76af8a0551d99f1d35cfee6a068f521af0340750658b415685ae99459744c3b29e24f70977ca21e8638045a3dcb88556904f4cdb31920b89dadc5b846d7a1306d1f86d179e1f611d0c061146e3df0aac42cc6710231d844e167a57b99f68ca174152d088d5af232d5d4e186f026dbd0fff228e7de1ce0e5d28f439e94b6cf106306a740071a03ee25387d1c0b2da3b24dfbbbf078458e3db1c42d1c369b3f57946cfba615151c118e5bc31d43f9621bc30ab6fca226285c50eaca6daedb148d0c4acf1d9691e875338221074630d9ac117fc704b06da6b595f9906681f5a598d0308da0d56e45a216860a3acbb2e00376d2931a21695239a8216347d39f649c0d990191a62a32563cc967a03e606ada7dc76e67a1e867ace9e05e8a27d96987b93eec3cbce6c8c4021ef2a7a862bcb49b2450c63802c41bbfd8ae9f3c9a55a570470c41a9ac7ec88c83d5c1f2c9342b30ab09e50271a7be04feedf85abac9efaf1422a045f6383886d3014c6436c7986f264d119b1f8aec8c67be8147feebbb94266c009d98db54dcfd9b6f275f13c210d10d808b55cb558faaa2a89f90023fb7aff01dcd6143c7fb985e286ae7bcd521916794ac148bf85ef14d8a54fe91739a4b0c3bfa4e77d70ebe0bd187364be48953bbcbb220dd43f2e9382d430dd0baf069b6e3fa46d696317b4b0dc030c7edf27c416f33082ae1b0b13290580b5c513adb90fd373af0403f268521fcad12940dec7f0532aff0f78813416cf965937f7ca0eaeee97dcf7a7ec603b892ba55801a6637ff1a8e4d99bbb969ae06bfadc232f131b19cece7b8c998d6c57b9b68d2252d7e543091583b67b868c8dc079c1c95294c5e039c637b1a02e58d614fdb79f3f08a29f9f90ba09370675ac1b071f07bbf97e48d3e3d102590c2fc4ccf5354c088f41f1abe507901a1b5e246c88f81e297a2876182669b16f1be10e68f3bc66c7e20f34ea5a5252ea013f71ef78931ea4e99f5ee9e4761cc3f773eb02fce9065c333eb58da334a67525d9f885747aeeb3193c3e6b60e037b7006435be7bf1eb5ac592e288984885b5f9781a900885c59ee235785501ab93d73ce758aba261f5cf1d732246096412a0a9334fc113b1fdedd0a15961a252479a91a889dd312a4fe44a49a5c8f3364740e2c84ad375226b0a8070d6e5f316320c6f33461e7c32395c60b531aef2690da2ce0a965df38756c26be257f62e89404ce58a62846e11ae30490ed476a484c5b798d0c67cbd795b7e02d460fc1be0dbf85180fbc7d650c14cc86cfe65259fde8d330ff96a175c49ccdca9dcc9886dcfdd763a8ac7bf4c02cec7ca5f808406a9a04ea18cab07febdb8f1f65e987de2cf830ed782ee590f857385f3514798bd3c98bc0bf3c9ceb63b7d2c4d084332f0f4702c185fe9b1a5780f8b11f18b10c9eae1d18a5d45d2677cda5c927906c507f21b987026965d5a9edc182cf6b104878aa8afe22731b2ec16b692cd2819b37a50036db1b6a47f6c47299a8bd35735d180eb1d75d956e8d020db4279fe1332664dfc01cedb5742545a3f2173a159841e11552564c3fbd39fdff26c4438d0b2f66b65f4ddd5778734562eb2bf1d56f5970a8463b520cbbc55dbacdf37a6a16e5c7135f3120c7bd4bf2fcefdf47d55d5a7ac628341ecf694098fd457d23bcce0b2296bf99ab9aff749af11b22fa2f24d4ee95659f3faf48978aea794a80415c845a6d7f924c68a62972db65b9185ff527719c5f8bae299fd50bb7ee1ced73528ab0648b870d8e8ff0acecabf2de8fd4ad30b1fce4084d8e1cfcee237f13a27e4d238f6d2eff350f2393f5ed9918cc35917f2035b1a5faf297bff886b6716db37215b822c8af5142ac94849e5484adb4e59ef85dd56473b1f6e1f6065c8e744377d98815f53244558c42af67e3502865bc81c37741c5ed3ed07e33c64a9d8b2f527e54e3c7e10666dd95eed759e8a3244c5a704a9349ee929752226d01c10bfa94d31ac2ced8261e5fc3a15f68500a9e7b5ad53fe3de581ae3fc9a03fc4da706c17b40ba5d9505938dd55f09989812e25ee54f7668fe8bd274e0c0b040a15c18b9d8bcee0cc88590637a8e7b6792ea8aa8dfd4fa8cfa183f3ce15308acc9d91d02e7f7b46f472c8fabead73ebe033fcc507384948a1eaf03548d79b649be7715b1aa0814a59183424e49e86bc9781ce2e9e8277a85f9b0b4faff231453829faa628ab00daedf8b8aeaeef758bbcbeaf8863ba179e1054b3da56466486fd9b8dcc42ca1bae2d4ff8e0877d9a726744080e125f7a1bbca906bcc59e8798e73bd79e5de3b4a79aa2bc2e8be40b695b5add3a8fc0952053bfc352849fe1ba9da83daca4c904c66fe91e55709ebca2a36356912a285f2206446b3216d78c9fe498431025b1af22d99537d5f86efb23e11e6e8e7d6cd97069c533e908cfb234c26a3424915459c53bf76ff18d7cceca11511b689611ff74118844aed1d4882f5d2a9d051bc3e051a53b7633138d0325082263497c9102cd33fb16c27a93055617ad14befe6321d40251d239d45a89bb079e24b04470fa75454d91bcc39c233eb0ad4a03d5667b9c7eea0d927d665dc2db377c71cfee93bbcd77f6096a2dd14452f1d74a9ebc7288670943ce9910f", 0x2000, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r3, &(0x7f0000006380)="f7709f77945ec10b4eecea480cce6641402373da5e6d7f24014f7acee96be0135b59ce90b463223252169e036a4daf3dae250a1e6de526211d43d9512ae526730f553268794994fd54868ec480d09862b687b463a8fc5058903593b9bb4d50879635cbf67a9e7d1110fa0e8ef89dbd2abdae33183737b8c0b907f5cc74ad6ab0383f8240e091417d2816317f40abb64224f616136f93d932f2223ef42fa3c3155d53075d3eb1db73beb32bc364e3fc246d3dcaca2dc91a634815412bae915cdb1a6da7884559403b545235541ddac97d7b1ea8135539ebcfac1edfa2fee8cf78bb46da7644a8f9e42ae06ca7a188b83fa537b0962a10411b67fc4d7dfe9e95cce2aef82e75f4680b8ff9976b6569523b72a86bd3a8c96f30e85812fe33a610c2be0a3c1063e2ee864c6e8bbf331f2768accfea78700a7321e4af2db46fd162457e439369da2217992b77502b9b958df27bc086369963793854d7f8b00c537de3216898b8f2c1dd925049eef1ab57bb6f63b2d88850b49b3c54d71f545afafa16bd2d06ae501344987623890fdf9ac04b179d2131070a34cf143697b6642bf5da67437aaf5e78e7e6be85e44ad7b265d78d2baf92ee5ccb0a452eb32fb3fdd1a41abf3a68086acd20458af55c086f77c30bbbce4c19542f92ab1e68393ffa58b140586b49761aacdf6aeb7682561f01e0869f503c4a161fd405046d3e6523bd4071c09b7516e4e784f4d11706f1c2eb170e735e563c43317a5a9afad28511163cdb63660beb699f7b8a7eaf57d48517974ffa766fe8deab0cfb11562b9c281bce2493d08c40a259e0325c52124e303064c6fbae2826355e531543863030fef484621a381a945b6ec7253e20047e7294bd069442f72672e6dfe1ca17d75d8c6b16c931438cec72e6ee53f3db89a10a38a93cc84c7393773461db5074b4f5060dd0a04a069a7a9b078856a3fa1786fc8dab621ba622acafd0781b523ea097283afb0c59222a316c6ddc0554bcaccc70288e524ed7719fc02a86283b57690a7320af028efbaedd5bd158a9dc9ea8e4f53c7da7566cdbdd4f4d9f01a9dfa6251a355e338efc8eee258add8731c7d22161482b7e3c8bc83f30482f9935fcc5974d9d0685b5fba3b07d7f85cc8fef18ac4e8e915b8476bb44d7384c996921ae40a4fdd2dd2a70ba17e1c2d6ec67b8f7b45568c105d52afa9c82bdc1dc7fd951b1e4fc1212bf29231d8e41ed4dacafec9a823a672dceeee0e4048b5620373c53ab8f3553c842a5a6d914f8334d6d8a4af785f418e6b4aab3965f94ca9d80a74a5a034fb6edd0322696aa1060d82c7b104983f8889026819ffdf3d45c604e53066b03dfae13fad499e3894120c10944eaf752989daee4e172decca9c2b324a817a7c787e6bc59fc2884e358a1a9b14b3704cabe374d23c002b8112be68f409302d3dad0a4c02105cb54c4350c24e6f3b7588bf1c28ae321eaebb930cf0c3b607acff20663eab8a593320c518eba8f9205350f11a9c1530115f7e00f2aa335c92e1305ffcfeac7cdecd6f1b6a33710ec77ce428484712d66bad137b6c8da5aa51d1b7196d981a14a40df8406b292f385cb149cfc0a86701566674e089b88487f34fdb0bf16ca94d9da4a837f15d5cf8f11d9c226844d3eb18d848420f344a3992772125319abb641ea56f03fc626f092f67a8b6716b29cf8585cf5fe25a35f5dab0e3e075ba3c84116fb6cbbf99a8153d179ffc1e64356f1fa0bca6823ebd8e1a176636962cff271cee5c5bafcb68fad4921e070c4ae08cd8fa0b94534f11e66403d129a5e8253bd3a9dc09a8189895819ff618532bf6743b17a243d515e63868bdf9287fd1bad0d525759953624c8e82debf88159b2c22945535d9379c911f89c7856be1438bd02df70c939b80741ddad245082a72556a2ab3c2390b84c17b6119103a0b8126dbc55e05b153ef9a12cc67f649c14160c698a7127b39fe88fb91d19b2a381c08114c6e3e6d3d42b77602c838c421a9a414f1eb182d0197ff67dcfb5d79404afbdf9c96f475a0d5afc9a4d7cdad458eed6b1de6c13b11c46004243db779e7ad6dbbf15e69ee34bd2524cf72e49a5352992a9251a86c3dc30d7d5fe61ae538928e8fdca0e04fdb5917523d8266b7b4f1679a5082e798f587c5ed9084c70965e94e12f643ab0191e606c2eb0c3359a2b8504f3bb2e721cfbcfdd90c31cde10992c9400273bbc45fe5ba34d7ede773036e2fd1fec1f001c495accdf8ff572de3eb2aeebad29acfe3d2b1448fd67368d0c37f8bfbbf09bafc8f99a44b187f4f443c82b21f66f722fb59f40ce0f9d83c52b9b3358a80e102b21795a1cfcb986c787ccbb9f9c96c2b66d2f7a94ef2c2a5b65d5c2970ba6f3107609f4a67432835c2ce1682d260f6826072a6b6d4b113a5b06311677ca01260f3567ff1ab6be13b455f93916906273c5430fcccb57e0d78224ebec422763ee3a6b94528749a7ee5f70c9036cf3a99a9c98abc0e8aec18733a0c7da76814f2ff741582a9d96eb798426065764fcf86e40b6490f545494b48749fa8d398c5938d6bc7dbe183deecb913ef4c61aef27ea6bb77c23af09c3dec453f01d8e0cf1a3df30d73d44c4e147d9ff2853cb05b1d9fcd2d80815016f65368c477f3e8b676ee1ef5b9154850f02951060f5335d7b8b1c395151b443130d27b4aa0cdd9c1badc38e1825cbaea22480e1d8a986b001a4464fea618707f43bdf7949f500f3f9293b7f7f28170d45eb3e9422d7a107d5dfab18b8e7a2cbc4b42a818384136a49a021721fe07dff4fb2f26e74ee6b5725166409d794c69a1a5b27cb6263c387b81612add3c9e9e509845843a6ffb2250d37c365e3f57f0ad6e908fab119211e7679b41c8e298f9e85558be25ec0a4e6c9aa3d523ef3771971bfd272fcb736d10fa98a87b78c532fcc322f5e24baa21f2a3c84a90ec9b546869400bad19dec3575ebc69c8e512210b81667ed3cede89d10ee5871a6fb166b2f5c96f079cd5bf97f41327930b210627106c4cb6d77e3793b808c425b8a4118bbaa2d1a1454b162cf9886ec17e215d12223a65348ab33185861ab1f3166a4a925d25a63def895a5b01deea11bcaf17c79d27a922834a32aa0f8676793c7257e44d3f7768de19292a385a7a4b3fc992abfb9f8f3ada57b83dc7955c0b2edef1a8214dd8ea2cc9679685137dd63f3918020e2e2f38602005a4a6e84422867b9160f65e92e053d0b58191eadcd5a8a69b18e3216ea63df3f31869c81de88fc75a1d9e15cbdf8d68ba50cd8dfa55259aa362c2615ccab13489844d5ed995383e334074f561a4a67e1060e64a818fc96135d34e604cabe3d9195cf1283725c7700e397ecb72fc8b36f38cd0830b19b439101e4b3839c48ddc95367bff87b888407a517f94fbe58a7033db1123c0a0074c730e34ce821e12f43d84d3b4f0310c6ecd8afe7779671d7b825bb3892825c762b86f0ffd182b6aafd477fadf0c7a931cb61e2b05fc11267bf0a9882e7c2f8e84d3480d9e4576cc03f0e1dbfbef9f66840ad37e76da3ff8a419730a0076de67e9b913f03f5b637287d981eafa1223feafb86bcff5b2ce987f6fa8386ee036a3f75fe014ef90b05a744e038c43766b5fd552e66b9b4996f774988d2a70fa0bf05fbc453cc4fd0ab642db1bc71e1b63919f3c49254f177306f9b00af5782c0633d68ecb85f93fc1afd8dee3dd1ca8b0d7ba0ea463de0b6e3e05c080f832e129cec16853923cf15f06d9a38e20a5a6fa5125d03c1b72680547eafd9fdf246af08dcb4d4d746577478fbc72d7a36bb4bd3b5ba4dc5e407babfcd64b8c413d7dd5433d6a4ee17d5b4835a74c81414a9397d73e15ae387f04a5012a37c88b226207aba933d68a67bcd38f5e0fb8b24c4434c3a0109deaef4f9ab1d230ea6a4acd6db0c3962d0de3bb64e33a29af8dcbf39d48a27c1649a66d4aecdce2db60c50bcec31677559369184608db197f2ebed81ca8fbeb9d2f8c486ec9839e765df69ea634f2815e75eac613febfa26012767c28eae207ed9315bf19c42de9602f44f45a9cb9913a67548787a30c9e56f3399ab281c537751a28d98392655a60ceb9f2515772d2f1d5d2843952312e2a59061b60f128def6795e0c8eb7b12a710c1afacc84f498a29d683d1949c17f3aeeb8b9a32eb10bb242d61a2db5902d592224fb8e1e713ef33caaec6f8516333ca4886345555166e91a6469d67f39241d144c6457c0f74c60e662439281a660b3c802eafa5825fab36b764d4753b33920dc72ec4b7136be556c7d0d528eef67049f5a7bd9cc7e4e94a4874ad8d06595ed38a5f1cafff1018c1351d1d7eab144edba6d4f9eeb7924a25b9f7a3eb20984919d9ade66a18c33f92b65031472ca657a724d86053a3fc60fc5502acec81822bc609954e402a406081cfe7931a1adbfc45a3168e30a451561302a131ff702b4d6c5d3603ea9d1b54c64aad93407e078d6b435154236ba594e8d2f798bbdface489b43120bc0bd7e1bcb6658c2c192ccf18f278e9c5bb14dbdf1a4eb3412f9dc64a31abefd79bd7c91bb7297c9f694840a75cae5d3482d15a2d148092a6545972b7f95a23206bda509260bb370a012b744c2bb46b57da12367d35e778b7d7f463fd8230368b5a5636f28e2cddd03c69adc9c913027a726130c95d818fa38ca7ba8421d3fcf0736cd3001ffcf80701cf6d737cc3dd8f905af39fb2806d2f22289d0001c74eb482f4faf0a1863099cc1b236edd1cfa206b21a2ed86affb4e6a3a4dfb54fab46c8c06cd3e370b50e08e1b7a08864269d867eba5fae8a49560e9479209966002c09719ab8ca58702bfb0071d3859df0193a956ed4d8ad19a2c79656c6dd42eb5a44b808df394333683b605ad0cf176bfcfdc89b01317a802cf0ab02fc3673822b55fcfba512792c9e40a150cfae4dcd40b2b12296ba95063a2f50f552b4682c4d461b1efb7555816b5b836ff0319af6935ae5b41e67329a7b21da93c36fcd87cbba1653c0d00077b14cfcba24f891d62219c157b6354300837d211fbcf1881f5e98d6195fb782479e106c072020b56285107e2fd7947bc64ec9a43a0b239c140ec0456685ac3eba988952e641d2eb16cd0132d2bb25576fc6bcd5e29eb9da2d40e8b50776abe5cd7ea45da8442a311977c51755015b3e4995739edef0567a3f169e980addb1705224175372339de904eb952e13f648449722258fa21f7e53f4a1956e8e9a39dbb18c6d2d10d9146358158a0ab7ce3f54120b705e1ccb7a13fb7e9103d0b80faaac31cab07f6d2d9f668c707b5e3bdf259923a1057816a31e8c771267fd974193d90e1a9000001009ba52f7af599c1aeed13f6619cc0b334396b750c9017f84cff56c0dfecc12faee59e37cf7d44575bb448abb19616d4fa79f4fdf96631328dd0d0717f12b9587d76b577bbe78eaa7b0acace3b79776b5d2e77942c57745e347ec766170e90cc66a5191bff3ad49d423ba2817cf92be74e653cc6274a20bade324638d57a27f2fea01d4670bc1ad5ec4d006492ff5fa616a0010be824766f12acec9b26a7606cc8453382c3dd1f5f5c85354569123824002c44d0ae4cd2e1ebb4e33e3d7b69fe14e05fb53af9d66f53990a830120cd618cfaa10e5f6deab4ef4522afd380ea52f90b181fd5b538f424900aac643d118c33dbb6ffe0b2428844f51943412d8fda4a327b71c814cd6345b3690a4716f04fc7323ff1af08e82ef5e571c9fb0fa9b22af40948febda32ea14ecf61700eb02967d09bfd078ace6cea259952c0be90fab1ce841f1022d2da82f173c580d43effdb424b1729aa9fe40292c082043a7c901bc76426ef6e3de788db31e50f54458ca4e360bb803b48d5a4be50724c1f48b504b086d9dca3ae74eae76a1849d14a4074f389aba805b793f9662f072405026afc3ef108ede69dbd2c769886dfc75a9a2e093137d92b38e34a050eca73cd3067d56dfd58fedaff2857e720b09d676607a1e8eeeb06b26494cc2b844f5e856271732477f384af839e98889d5c9cc28651f6eb74029f839150f947d180e48776ef1c829509e12016c6d1b717713e6325751a944cd259b1b86b1f5e793cdb55a73784498be09c2cebdd70159c77abc7c64af2e2de1a860a3e9dd8646b7a6866e1891fcf97a2b3ea47c0c57c5fa9a94129c2e27940ab9fe996eb1813d21d48fb6dbc9b8071c50dc26b4ed21588211fc5edb1ca873c70b606678ae7de9c10d2d083f372421a3038c592a38aec69020862f4432ef9ae7f400ed53b44bb58e92b022ac8b62a6b459337af339dc3346a809b715f9974d21e606244d23cf4dcb0956f93c14047243172adc97a1fed868bc49fb57ecc123425a21e94dd5b9d1ff52bc45965a7be2f5ea8218750e2cc8f174fbd2c7811742f5f17fa1f954b8423c403fd2e4e96296e37e0bfe2edd52e8c3b921dac771c61524455b401017ab5f655eca76139557a4a87cc30210b052ae17a5ca8b634322657ea4d87e0da2392c470f8951ac0560a01b4d0befe632ee311d0b87af31465d6cf7854f5738cb5debfa1d7381c74f45eea08c06d4ddc9e811d1a33394a35efdb7121cdf5f1603343df8431c87718a5d4cf3b2e593508d8b63f0d1e82f9ebc40d4022ba06327cc8233f29c0995da512b318bfa212e9582cb880d9bd6a02050a014294ef321bb2c65e4638a4fd2c8c27fd9ac28c9e49cdae6dd9eb05dafb38a4a003a56dba826e386f5fd3ab0d54b92f53ec11c850927fc4c5b669c67505ce59306ad86460b480b711d4b31c512829b7037d1c45b5b84c0be40a038b5e975c57c860476318a22df2e4f90009c38481e519b9511e54dc59e89a6593bc53ae03224466513930c5ed3689793f00be192a58a919db9ad1267962c0ee60327ee710accb0da037610ef8aaff63f6582f691096fbdfb1996abc4443cd4ffe04fcad3608413044b978d86d3a18bdf86fdb70cf7e7bbb0e4db9d36176d0ba8a4cf81369fa84ee55466df70e6d4431a873000c19bb5caff30c01c7f7f928cde86bea5c401e525fb8a938fd016bffd5c9d52b279e867bc64f575b80eec74e7f66fe92aef613636e50c8f32831ab4b7eabbc89ce6d7bbfd03b6b005e0c5ba27268369f5083b2ded32c1f9e8cd73a1daee26cf03dbbf9c476fd0f14935244eb7b544f8db1c19d8a21de7e8a88f540e8949f721f20d7a47cfad3f52d93c11a796fbe9fbe415194193e5c70b33237f70790905816b856c252a30e72c081a8bac6a1c9fd2c372b9f870831d6ba6671fd8684f25e60cc7e3a1a02ed5f1a4fe426373bf61404a68571e93f35659b6c37f939233ca6663603b053c8fc74da84dd971b9319a1260fa2f5d66609962e93f7f33a40b22066b86a74fb38bf1444d025f27f14e922661471ef8ad503e97f8e7dd6b9c9a420885e519e085a1f26f7149b82881908021f601679f79c944549bcb431a7d2b12f75aa54cae39f9caafefc01e7eb589d2eb574937abbe18b419d7d27309acb330293456337cb9d753e08f7b890bbf76c4d6ef548bc3b5965302bc65ab08a2420527c1ad8be374cae7cc858376219d39a7a6d58c478a721678e789bcc317a4d1acbf47870a4802a07ac0332f7fdad7156065de511862c2a076e264138b98e7abd1a2555ef2e1ca44ee68f06725508891051f6bd24479a616606024841c8203744b999868b9f2b3b5e8a42f454d25fcddf8f5569594716a4022c3ac8ba67115b93d8bb50684b0fb100dabca7f6b7e29b723007776435829c6f21223d7a2556766d198c76ab6cce3b6e6da5c4d14a26b7cda1cebe6792ce4c1498fe644fb4408189e472efde923506ea4d18aa3284ec311fa942dfa5d8b939e509a10c69461993cc9d3ace2fef29afee8d0894764ffd82371d5ed363b5968447ad3c0962b86584cc97740d7bc3838ab1c1b0198ea830f122b200722d3c2c8815a2a5f90382e1c58f2348dbd38449e28c67ed85f66ea3e383b91c782a4e77ad4aa538db6d15ab90dd464318ded6fd293a1b0279852335e3c94bcce6f37950fb23d96f84465aeaa8fc2f71ce61a1416e579399c363bb37ded602fbea1ba5de87ab12bc7aeb5c62f026f648ab2babea2517c3ade2828109da58c010e6efef544088ba412ea57d3cd4fad3fd85b17e386ffc8a700664b2604c8a71c011e894ac03a109d9ddbe0b6d625d33d7d16fba5bcbc1ee1cdcfc6a475a23aff414e5b4f83e9d18e10f9e6dc49e518561ad53a110794d2ad9c7fee95a03b632b2acbebac42c996e1b856b2f18a2a3bf7cb0726c10b6aa3ec2d78bebd26e86ecf78b87736017cffa7d654b357be120985c553d11dbc932139ea6e1efdb7ef34598db568e66d42429e414b5903ad6e616ff7faff6ecedec529cf16b280c18dd4c3c8cd5192f625965e15c29104855364565a4a52ac5ff78eb31a6e7602e84226a87364708c2a9fdcf2f66f5dd0951aacb7b6c8f9bd0e534ae44b47799cdb8f683db5a3258d6f1943e04e59b11fbc6f57d16ff150c94a22717c1b483ad064c25f09022cc4ce09e76fed2b2ce84e9a50623f84cb013d00b8ee3fd2eaf1ed84df2b29d3119865f5df8fbb6d7440ec6da33deff5c60f466f91959c0d7c7800937cf59fdc6e2d53e809a6f6754ed545fc71c42a95d198df6329a3f32ecd091e7e643727ee34241b9244ea9a2118ccc6d5b52f8dbd61dbc7a4b65e8a4b0e937669a8a6377022df74ac0d2d42008edfa83a71c2e14c8cb7f3e54612cbe5b64b31371f445ea6235467b339b285bffaad0acd9af5159b84f58a3e0230a7e6f055a016a0737b893e0d1b2dba11de53529c825bea86a455bba90eb4f10ea5425d498c18c0bc643a5bb07491a8b6d89b1c92329aaff3a9cb9302f81100d97b78a09d1f5c512c26409796608b77c969c070f6e55037c97bef2c30ebb373110c2356e0663c0a7010d13f18f9b7b1d4a5de88b110efe433a5dc9dd03ac7621a6de39584de91e9b43c5ef4cb435eeb45b8865540355030acddeaf451a453a0b0a76cb064ea1e939dc5491f2c591973c741cf1f73ef4451a1b43ed9d9e0c7b126b869e7cd326900a470dc08a15fb176346f7431dadd6b820ec10cba33d7097ebac9c1ff147fe39d9cedad2828facd8c37cb22a8b7d55b63170f55ccf45fc25715d00e7eb7c3f32c5a7dce02bb07073daa170caa4813b2102648cf6a5bc9ae5ef3fc4c6240447190340469cea21650f79f5ff0ab60e6fa8a30a45f29ca7f4356c275ef4dad63b07f73cc672d26091db75eff3e19b51272b0b786609333f6580a3ad3c83673df3776d04cd05fa86b7b8066076b71377580d8b226d9daec174cf2a62ffd48259ca04821e949021b3f540b5268c794a5314de9cb143dafce0575c06750f0c125b507bf39bf0abfc25b9bc39ddbc4450f0f3a70c312905a5c2d11f7b39a3cb0fd08be6f8b74c5d74fdfb0477c942caac42ae596e0aa36db5f10e1571231ebfc327e5a6111eb2f2a0e1be0b0752018973500f1b7c832cf36078c24717f66983bb72649829af53389e89694bce146f8cb358d7922ba07dfa9da6fbd65b7f5159010b1bc6847967b9eeef7c6db90f48b1c1a7ab63481809111b2876c73c375064bdca8064ee8d6d7b3817db8f5dc82709c586afea5850f415ca7641b5e6f45ff93b9dbc2f62c40c47dbe61a069d88e3664c8dfc9be2b35f8896e6d5c8a35b864b50d50364d3cec828a4f7dcff3cb314c9f7ab03c93e1fd8c5bfa2c303d76cb0954b401927a000babc400497d3f3a37c1f7a685ecc12b28db4b9b75debccfb132a4bb3b19ba91a441a94403eef6ad8222edd1dcecf215580296020731cab55029a189561499d34faef21eadfc370f98872c2192aef73f0cdf80de61cc9157d1e08d7153a49f7d1151fb9f110febc34e760c1afb87eb36c9df1d6aa047cb655b3ec5fdae8e2d93861070f98bd5f1c53c26f07d7c43cb295440af75e87671a552e39f9bfe1853222eb8ba0c8013944ee61dbe21281b1d4e3ea3dc0353d4ded5db0128504b97491353120c63bea1c5656be047a77bebe93efbab10375cb0946624e076a93a6ffdc284f4aa9fcf54ebda3653d5abf7da76f19c165d0982d48279ba8ee9f33b2fb060491aa26517e39f2cb4d4ce7726b249f070aeefca6843a813026e45c6ddfccd1e0b8883a7170644c43b227a2a3c03cbd17b8f3dc0910685169ada487a72251eeb6e6a1dd5661294337cf4cee2d74fdfbe00ff6d07847e63880059bcd12951e8b649cca1dc6a355a7d2c26ef8cabd467b21d6bbe28b108b385ffff7304d96b03500c912efd2af7c45f81f5f2f0e3357ec7da616f81ead2f823a128696ec7dd65a6587e5ecb56a8fba1bdea28909da5e085e164b046310182fad711d4e46abaa61281c88c729810c615ce9636b5c96e4150e2fcec6c111469ba8b0c010963d4338fba8a8a080e384198e1410af15f7ee18e5396b721fc331860e072207da236b35dd94fa7dab288a114ea46e754f1d0b4bfa1a5b216706652e52c489e9a3a1cee8ab4fe5d416ac22c2649673715909c27f31684f6e103913bfd28e02fca507940b86405cebb8084d1c6532a5508b716070c67ba544a1593895f4cc1a8d075415feb69d50fb674c3a89b59f80032cdfa8d1181856817bb16f50bafd0e21aa656661bf3b6bfc207a7a645a8edc15ff1cb706b6292a3263ef5ad1479338f59058d08ce76dc801d8e11e280badd5a0c0dcf1c6285d95cc087e7f0dd823b6b7c353d22f1e7ed03c1461cc4c170e33cd06c45f17fe1af233cca638611449493d533f701d77163f6784202d995e17b797d4d2f0d87d05a00728e8fdda47c70ecf919a2a110371da3474580720e8eae934888cf84f1f1a5530baf815e7c16129732ec4af417c1be0970b845dbced563f00a86135bda35c525aa020f285116b00071858e6eacf7b124b635ff7b62410e8c27a4c76adcdec10f5180130e8c554d2d8038677650171a2f6c3da4c04e340b48df92cf41d08a499f680a2cd6ab099fcede2f8b1888aa052c7f2dffdb203e19fb1e2e6237e19b218740c89cce311ff168437500a6eec570780938c3291a19482656a8d53b19bde3d4148bf1a9f2ea67ae835df675662f27b5b6f5e2652d0471c81740acef306d9605b4ca09a2c4c0f3f8063b6fa5fe01109c5e348eb318074785771ab2cedc48d0f5e15b3a368ace5aea415aa2d566063f25571b7a218b9e95117aaf0a389284e763e448c88b49205392fe032ed206ca8e27fb1c65a72d125cc860913dabe714be1a2a85120066cad66d53dec9a30664bfdd33e25398199211b15fe0770cb243bee320e95e506be4617c3e5e6825342c769bc1da3127f8d34c922f60ed2727f5d9209fc28099ec86c29572fc7159f6ced79b0a2a2653100230a55f7a578e2f1d90f6301069ed04106de45b976f2aabe769ed17d59a53116b74fa2f598c0d1e9919ca8d9cc21265ebc218ab9808b094eebd9a48d8349cf3faeaaa7c8ddb07f6eb874f70cdfafe050de69c6e7da6c8d2f71d581d6c604f4bb29243e9d1bbcb0890b436cb43d1a33c4b96a08af4137135a8c8fe74034dcaf1581856f800771", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000, 0x0, 0x0, r5}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) socket(0x10, 0x803, 0x0) 1.340795381s ago: executing program 0 (id=15): syz_open_procfs(0x0, &(0x7f0000000080)='attr/sockcreate\x00') r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) 63.781642ms ago: executing program 0 (id=16): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) unshare(0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'veth0_to_team\x00', &(0x7f0000000080)}) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@nodiscard}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resuid}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") chdir(&(0x7f00000001c0)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) r2 = creat(&(0x7f0000002440)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000240), 0xfb3f) fallocate(r1, 0x8, 0x0, 0x8000) pipe2$9p(&(0x7f0000000240), 0x0) fcntl$getown(r0, 0x9) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) 0s ago: executing program 3 (id=17): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000a40)={[{}, {@nls={'nls', 0x3d, 'cp866'}}, {@barrier}, {@nobarrier}, {@force}, {@part={'part', 0x3d, 0x9}}, {}]}, 0x1, 0x6fc, &(0x7f0000005a80)="$eJzs3U9sHFcZAPBv1uu1N5XcbZu0BSHFNCKCBhLbS0mQkAgIIR8qFIlLr0viNFbWbmRvkRMhsgUKRzihHHooQubQE+oBqYgDopyRkLii3CNxjziwaGZn1rtre+1N/CdJfz9pPG9m3p/vfZ59Xo8TbQCfWYtvxWQ7klg89+ZGenx/s968v1lfKcoRMRURpYhydxfJakTyacTl6G7xufRk3l2y2zhvPPjkg7P3Pqp3j8r5ltUvjWq3pTNihHa+xWxETOT7MZV36+/qDv3dHavrpBd3mrAzReLguHW2aY/TfB+vW+BJdzdiYnKH87WIExExnb8PiHx1KB1xeAdurFUOAAAAnkwTe1V4/mE8jI2YOZpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQdD8zMMm3UlGejaT4/P9Kfi5VqRxzvKN9dY/r718/okAAAAAAAAAA4FB8nP/h/vTDeBgbMVOc7yTZ3/xfyw5OZl+fi3djPZZiLc7HRjSiFa1Yi/mIyZm+DisbjVZrbb6/ZSlr+dtIW3Y6nbt5y4WIqG1ruXAUswYAAAAAAACAZ9bPYjFmjjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADol0RMdHfZdrIo16JUjojpiKik9doRfynKT7O/HncAAAAAcPiq+X4m+V+30Emy3/lfzn7vn453YzVasRytaMZSXMueBXR/6y/9s11v3t+sr6Tb9o6/85+x4sh6jIiJeG+XkeeyGqd6LRbj+/HDOBezcSXWYjl+HI1oxVLMRjWdRDQiiVq1+/SiVsS5c7yXB46uDMd2euj41SySalyP5Sy283G1Et3HJtkc0jFf7RvtT5WIoRHfS7OTfDu3zxxd6/t+/SZ/LpPrPL/PPg5Ap9PpDJ2qZTOf7GVkLs19no0XRud+zPtkeKT5KPWeQZ3cGiU9HB6pyPmPxsn5iXyf5vqXgzk/aGM+ShvOxEKU8rsv4uXBnN/60r0XBxt/5V9/u3KjtHrzxvX1c4c4pUM1WRSGM1Hvy8Qro+++PBPNNBPt/WdicvjE9GPM4wBV8mxkS9Ho1TKba7pafi9bNxvxWt8t+E5ci6W4GHMxH5diLr4ZC1EfuMNODeS1XF8ZzEn2WittX9+qI4I/8+W+Sr/ao/LRSvPyQl9e+1e6WnYtP3P51zHXl6UXR999Y/8USMf/fF5Ox/h57yfOk2AgE/naXET30uhM/C77ibLeXL25dqNxa5/jnc336a38/uDa/PuDmM+jS++XdMUtZ0dZTqrF/ZJee6kX7WC+KvlfXLrtStuunepdq8VMLMcPdn2lVvL3cNt76l57pf/av7dWzkr+/qa4NvAuJ96JZvYuZMjs0WQVgH078fqJSvVB9R/VD6u/qN6ovjn93alLU1+oxOTfy3+e+GPpD6VvJa/Hh/HTmDnuSAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FmwfvvOzUazubTWK8T08JnHLVR2HWt0IUp71tl8bn8dRi1i9FhJXqgc7NwPq/DFiEgLk2Nnde9CNQ4p+I8jYkSdymMPkRxCNoYK6Y18IB0WH5yWnelMjNG8XLTauU451qd3+w5Obb0Konaz0fxvZ6BONfpeMsAz7kJr5daF9dt3vra80nh76e2l1YVLFy9drH9j/usXri83l+a6X487SuAwrN++M3HcMQAAAAAAAAAAAADjyf/1f+uR/zNDeY86lbX1nUc+fdRTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/FZDuSmJ87P5ce39+sN9OtKG/VLEdEKSKSn0Qkn0Zcju4Wtb7ukt3GeePBJx+cvfdRfarXV7moXxrVbn/a+RazETGR7/c2tUM32/u72tdf+5HCS3ozTBN2pkgcHLf/BwAA//91Xfo3") listxattr(&(0x7f0000000340)='./file1\x00', 0x0, 0x300) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.221' (ED25519) to the list of known hosts. [ 100.663001][ T5212] cgroup: Unknown subsys name 'net' [ 100.819797][ T5212] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.876294][ T1166] cfg80211: failed to load regulatory.db [ 102.980015][ T5212] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 106.638047][ T5240] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 106.654158][ T5240] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 106.673621][ T5240] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.681459][ T5247] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 106.694369][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 106.704043][ T5240] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 106.707852][ T5245] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 106.711339][ T5249] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.734889][ T5245] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 106.744232][ T5249] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 106.752008][ T5244] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 106.753875][ T5245] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.760090][ T5249] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 106.773509][ T5240] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 106.781649][ T5244] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 106.785495][ T5250] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 106.791405][ T5244] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 106.804386][ T5244] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 106.805161][ T5250] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 106.813508][ T5249] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 106.825949][ T5244] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 106.838543][ T5249] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 106.846951][ T5244] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 106.854651][ T5248] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 106.863284][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 106.863871][ T5244] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 106.877867][ T5244] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 106.878614][ T5248] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 106.889412][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 106.894973][ T5248] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.900082][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 106.908559][ T5248] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 106.916622][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 106.921255][ T5248] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 106.947166][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 106.956309][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 108.237683][ T5225] chnl_net:caif_netlink_parms(): no params data found [ 108.327529][ T5228] chnl_net:caif_netlink_parms(): no params data found [ 108.390827][ T5224] chnl_net:caif_netlink_parms(): no params data found [ 108.660899][ T5227] chnl_net:caif_netlink_parms(): no params data found [ 108.742571][ T5229] chnl_net:caif_netlink_parms(): no params data found [ 108.973106][ T5226] chnl_net:caif_netlink_parms(): no params data found [ 108.993793][ T5242] Bluetooth: hci2: command tx timeout [ 108.993837][ T5231] Bluetooth: hci4: command tx timeout [ 109.062307][ T5228] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.071927][ T5228] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.079696][ T5231] Bluetooth: hci1: command tx timeout [ 109.079977][ T5231] Bluetooth: hci0: command tx timeout [ 109.080242][ T5231] Bluetooth: hci3: command tx timeout [ 109.080496][ T5231] Bluetooth: hci5: command tx timeout [ 109.096834][ T5228] bridge_slave_0: entered allmulticast mode [ 109.105970][ T5228] bridge_slave_0: entered promiscuous mode [ 109.119702][ T5225] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.127199][ T5225] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.134622][ T5225] bridge_slave_0: entered allmulticast mode [ 109.142678][ T5225] bridge_slave_0: entered promiscuous mode [ 109.209214][ T5224] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.216511][ T5224] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.224906][ T5224] bridge_slave_0: entered allmulticast mode [ 109.233908][ T5224] bridge_slave_0: entered promiscuous mode [ 109.263418][ T5228] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.270644][ T5228] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.278432][ T5228] bridge_slave_1: entered allmulticast mode [ 109.286782][ T5228] bridge_slave_1: entered promiscuous mode [ 109.294933][ T5225] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.302263][ T5225] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.309625][ T5225] bridge_slave_1: entered allmulticast mode [ 109.317772][ T5225] bridge_slave_1: entered promiscuous mode [ 109.363472][ T5224] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.370690][ T5224] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.378111][ T5224] bridge_slave_1: entered allmulticast mode [ 109.386766][ T5224] bridge_slave_1: entered promiscuous mode [ 109.577650][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.584985][ T5229] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.592179][ T5229] bridge_slave_0: entered allmulticast mode [ 109.601431][ T5229] bridge_slave_0: entered promiscuous mode [ 109.667077][ T5225] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.689586][ T5227] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.697090][ T5227] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.705072][ T5227] bridge_slave_0: entered allmulticast mode [ 109.714302][ T5227] bridge_slave_0: entered promiscuous mode [ 109.752702][ T5224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.762604][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.770280][ T5229] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.778096][ T5229] bridge_slave_1: entered allmulticast mode [ 109.786430][ T5229] bridge_slave_1: entered promiscuous mode [ 109.825356][ T5228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.840400][ T5228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.853817][ T5225] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.895957][ T5227] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.903638][ T5227] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.910866][ T5227] bridge_slave_1: entered allmulticast mode [ 109.919282][ T5227] bridge_slave_1: entered promiscuous mode [ 109.955143][ T5224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.137521][ T5227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.177749][ T5229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.206616][ T5228] team0: Port device team_slave_0 added [ 110.218546][ T5225] team0: Port device team_slave_0 added [ 110.233316][ T5225] team0: Port device team_slave_1 added [ 110.266619][ T5227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.280696][ T5224] team0: Port device team_slave_0 added [ 110.292684][ T5224] team0: Port device team_slave_1 added [ 110.304394][ T5229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.341193][ T5228] team0: Port device team_slave_1 added [ 110.560757][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.568193][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.577127][ T5226] bridge_slave_0: entered allmulticast mode [ 110.586451][ T5226] bridge_slave_0: entered promiscuous mode [ 110.603750][ T5227] team0: Port device team_slave_0 added [ 110.640164][ T5229] team0: Port device team_slave_0 added [ 110.651343][ T5229] team0: Port device team_slave_1 added [ 110.660606][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.667681][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.701246][ T5228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.716539][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.723662][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.749826][ T5225] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.761642][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.773297][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.780494][ T5226] bridge_slave_1: entered allmulticast mode [ 110.789432][ T5226] bridge_slave_1: entered promiscuous mode [ 110.799772][ T5227] team0: Port device team_slave_1 added [ 110.832536][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.839603][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.865952][ T5224] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.907829][ T5228] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.915315][ T5228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.941372][ T5228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.966022][ T5225] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.973214][ T5225] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.999868][ T5225] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.056426][ T5224] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.063927][ T5224] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.089835][ T55] Bluetooth: hci4: command tx timeout [ 111.089960][ T55] Bluetooth: hci2: command tx timeout [ 111.095431][ T5224] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.164092][ T55] Bluetooth: hci5: command tx timeout [ 111.164141][ T5242] Bluetooth: hci0: command tx timeout [ 111.169487][ T5237] Bluetooth: hci1: command tx timeout [ 111.181095][ T5231] Bluetooth: hci3: command tx timeout [ 111.219836][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.227677][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.254338][ T5227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.277282][ T5227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.284279][ T5227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.310273][ T5227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.322822][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.330248][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.356280][ T5229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.373556][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.380519][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.406931][ T5229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.446165][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.502699][ T5228] hsr_slave_0: entered promiscuous mode [ 111.510406][ T5228] hsr_slave_1: entered promiscuous mode [ 111.541699][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.791246][ T5225] hsr_slave_0: entered promiscuous mode [ 111.800241][ T5225] hsr_slave_1: entered promiscuous mode [ 111.807601][ T5225] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 111.816479][ T5225] Cannot create hsr debugfs directory [ 111.846067][ T5226] team0: Port device team_slave_0 added [ 111.858751][ T5226] team0: Port device team_slave_1 added [ 111.933674][ T5224] hsr_slave_0: entered promiscuous mode [ 111.943970][ T5224] hsr_slave_1: entered promiscuous mode [ 111.950647][ T5224] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 111.959079][ T5224] Cannot create hsr debugfs directory [ 112.021582][ T5227] hsr_slave_0: entered promiscuous mode [ 112.029681][ T5227] hsr_slave_1: entered promiscuous mode [ 112.037807][ T5227] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.045847][ T5227] Cannot create hsr debugfs directory [ 112.084223][ T5229] hsr_slave_0: entered promiscuous mode [ 112.091348][ T5229] hsr_slave_1: entered promiscuous mode [ 112.098687][ T5229] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.106381][ T5229] Cannot create hsr debugfs directory [ 112.267922][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.275506][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.302091][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.316299][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.323356][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.349673][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.997477][ T5226] hsr_slave_0: entered promiscuous mode [ 113.007844][ T5226] hsr_slave_1: entered promiscuous mode [ 113.014883][ T5226] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 113.022443][ T5226] Cannot create hsr debugfs directory [ 113.154049][ T5231] Bluetooth: hci2: command tx timeout [ 113.159481][ T5242] Bluetooth: hci4: command tx timeout [ 113.233399][ T5242] Bluetooth: hci3: command tx timeout [ 113.233881][ T5231] Bluetooth: hci5: command tx timeout [ 113.238817][ T5242] Bluetooth: hci0: command tx timeout [ 113.244240][ T5231] Bluetooth: hci1: command tx timeout [ 113.438428][ T5228] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 113.455842][ T5228] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 113.470033][ T5228] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 113.496966][ T5228] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 113.726150][ T5225] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.742053][ T5225] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.763548][ T5225] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.784788][ T5225] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.952133][ T5227] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 113.984993][ T5227] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 114.017292][ T5227] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 114.035631][ T5227] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 114.196415][ T5229] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 114.260777][ T5229] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 114.308568][ T5229] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 114.360050][ T5229] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 114.555986][ T5226] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 114.578523][ T5228] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.627186][ T5226] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 114.645246][ T5226] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 114.665887][ T5226] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 114.766649][ T5228] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.882518][ T958] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.890044][ T958] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.926282][ T5224] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 114.989193][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.996420][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.014308][ T5224] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 115.028841][ T5224] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 115.047757][ T5224] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 115.080823][ T5225] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.220565][ T5227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.233915][ T55] Bluetooth: hci2: command tx timeout [ 115.239407][ T5231] Bluetooth: hci4: command tx timeout [ 115.290553][ T5225] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.314429][ T5231] Bluetooth: hci1: command tx timeout [ 115.323581][ T55] Bluetooth: hci5: command tx timeout [ 115.324769][ T5242] Bluetooth: hci3: command tx timeout [ 115.329008][ T5231] Bluetooth: hci0: command tx timeout [ 115.410184][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.417503][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.451258][ T5228] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.509131][ T958] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.516344][ T958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.570682][ T5227] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.690072][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.697399][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.814998][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.822686][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.960269][ T5225] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 115.989500][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.231838][ T5226] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.270153][ T5229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.297079][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.304467][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.326916][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.334211][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.387085][ T5224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 116.430947][ T5228] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.485826][ T5229] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.577884][ T2986] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.585179][ T2986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.674722][ T5224] 8021q: adding VLAN 0 to HW filter on device team0 [ 116.692221][ T2986] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.699521][ T2986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.766150][ T1097] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.773482][ T1097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.856323][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.863619][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.960404][ T5225] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.998356][ T5228] veth0_vlan: entered promiscuous mode [ 117.127288][ T5228] veth1_vlan: entered promiscuous mode [ 117.251217][ T5227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.629555][ T5228] veth0_macvtap: entered promiscuous mode [ 117.658667][ T5225] veth0_vlan: entered promiscuous mode [ 117.762809][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.785893][ T5228] veth1_macvtap: entered promiscuous mode [ 117.823274][ T5225] veth1_vlan: entered promiscuous mode [ 117.917484][ T5227] veth0_vlan: entered promiscuous mode [ 118.076876][ T5227] veth1_vlan: entered promiscuous mode [ 118.120665][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.206121][ T5225] veth0_macvtap: entered promiscuous mode [ 118.250194][ T5224] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.291803][ T5228] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.376405][ T5228] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.385518][ T5228] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.394914][ T5228] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.407101][ T5228] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.420534][ T5225] veth1_macvtap: entered promiscuous mode [ 118.488648][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.602641][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.643174][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.658983][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.728412][ T5225] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.761276][ T5225] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.775135][ T5225] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.791685][ T5227] veth0_macvtap: entered promiscuous mode [ 118.923383][ T5225] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.932143][ T5225] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.953143][ T5225] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.961889][ T5225] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.990317][ T5227] veth1_macvtap: entered promiscuous mode [ 119.110572][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.163097][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.249928][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.264849][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.275262][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 119.286997][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.299897][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.349784][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.360445][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.378295][ T5227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.388884][ T5227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.402613][ T5227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.482631][ T5224] veth0_vlan: entered promiscuous mode [ 119.499664][ T5226] veth0_vlan: entered promiscuous mode [ 119.515598][ T5227] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.525795][ T5227] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.535290][ T5227] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.544599][ T5227] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.563522][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.571537][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.647264][ T5224] veth1_vlan: entered promiscuous mode [ 119.710820][ T5226] veth1_vlan: entered promiscuous mode [ 119.842363][ T2986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.851836][ T2986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.094520][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.126133][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.206176][ T5336] input: syz0 as /devices/virtual/input/input5 [ 120.268194][ T5224] veth0_macvtap: entered promiscuous mode [ 120.377946][ T5229] veth0_vlan: entered promiscuous mode [ 120.402728][ T5224] veth1_macvtap: entered promiscuous mode [ 120.432082][ T5226] veth0_macvtap: entered promiscuous mode [ 120.438451][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.453191][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.605100][ T5229] veth1_vlan: entered promiscuous mode [ 120.657700][ T5226] veth1_macvtap: entered promiscuous mode [ 120.725038][ T5341] loop0: detected capacity change from 0 to 64 [ 120.839685][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.871554][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.895091][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.921104][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.931059][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 120.943256][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 120.960246][ T5224] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 120.990640][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.018484][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.066795][ T5229] veth0_macvtap: entered promiscuous mode [ 121.111294][ T5229] veth1_macvtap: entered promiscuous mode [ 121.172133][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.212987][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.222816][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.289931][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.324640][ T5224] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 121.345715][ T5224] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 121.396150][ T5224] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 121.520299][ T5345] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 121.552019][ T5345] xt_CT: You must specify a L4 protocol and not use inversions on it [ 121.787075][ T5224] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.003570][ T5224] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.099604][ T5293] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 122.176287][ T5224] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.293048][ T5224] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.336399][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.360118][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.370580][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.401155][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.433353][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.458775][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.481168][ T5293] usb 4-1: config 0 has an invalid interface number: 189 but max is 0 [ 122.512629][ T5293] usb 4-1: config 0 has no interface number 0 [ 122.514046][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.528205][ T5293] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 122.533086][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.551635][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.563431][ T5293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.587921][ T5293] usb 4-1: Product: syz [ 122.592216][ T5293] usb 4-1: Manufacturer: syz [ 122.602524][ T5293] usb 4-1: SerialNumber: syz [ 122.641798][ T5293] usb 4-1: config 0 descriptor?? [ 122.668437][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.691417][ T5293] ums-alauda 4-1:0.189: USB Mass Storage device detected [ 122.700999][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.722577][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.742040][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.753683][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.780088][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.792664][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.803279][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.816411][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.827582][ T5355] Zero length message leads to an empty skb [ 122.830771][ T5226] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.842467][ T5226] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.855619][ T5226] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.864494][ T5226] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.306567][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.347501][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.372013][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.417910][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.461868][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.505408][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.544432][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.586411][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.597494][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 123.618541][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.632424][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 123.715749][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.735687][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.746339][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.759275][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.769233][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.781896][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.816779][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.852935][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 123.862769][ T5229] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 123.956017][ T5293] usb 4-1: USB disconnect, device number 2 [ 123.962981][ T5229] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.105492][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 124.198439][ T5229] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.222932][ T5229] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.231675][ T5229] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.278099][ T5229] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.708227][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.762947][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.909056][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.964986][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.104499][ T958] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.171785][ T958] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.355015][ T5376] loop3: detected capacity change from 0 to 1024 [ 126.464829][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.490988][ T2986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 126.508585][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.544534][ T2986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.568643][ T5376] ================================================================== [ 126.576795][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 126.584443][ T5376] Read of size 2 at addr ffff88805ffe3218 by task syz.3.17/5376 [ 126.592076][ T5376] [ 126.594400][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Not tainted 6.11.0-rc5-syzkaller #0 [ 126.603173][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 126.613244][ T5376] Call Trace: [ 126.616546][ T5376] [ 126.619497][ T5376] dump_stack_lvl+0x116/0x1f0 [ 126.624225][ T5376] print_report+0xc3/0x620 [ 126.628700][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 126.634382][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 126.640064][ T5376] ? __phys_addr+0xc6/0x150 [ 126.644612][ T5376] kasan_report+0xd9/0x110 [ 126.649054][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 126.652331][ T5377] loop0: detected capacity change from 0 to 1024 [ 126.653992][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 126.654046][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 126.654100][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 126.654162][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 126.654213][ T5376] ? putname+0x12e/0x170 [ 126.684833][ T5376] ? kasan_save_stack+0x42/0x60 [ 126.689721][ T5376] ? kasan_save_stack+0x33/0x60 [ 126.694611][ T5376] ? kasan_save_track+0x14/0x30 [ 126.699499][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 126.704296][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 126.709835][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 126.715504][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 126.720118][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 126.725783][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 126.731289][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 126.736787][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 126.742279][ T5376] vfs_listxattr+0xba/0x140 [ 126.746828][ T5376] listxattr+0x69/0x190 [ 126.751032][ T5376] path_listxattr+0xc0/0x160 [ 126.755681][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 126.760936][ T5376] do_syscall_64+0xcd/0x250 [ 126.765491][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.771411][ T5376] RIP: 0033:0x7fcbfc979e79 [ 126.775846][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.795490][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 126.803927][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 126.811914][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 126.819902][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 126.827893][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.835885][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 126.844070][ T5376] [ 126.847100][ T5376] [ 126.849427][ T5376] Allocated by task 5376: [ 126.853757][ T5376] kasan_save_stack+0x33/0x60 [ 126.858469][ T5376] kasan_save_track+0x14/0x30 [ 126.863180][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 126.867798][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 126.872683][ T5376] hfsplus_find_init+0x95/0x1f0 [ 126.877554][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 126.882525][ T5376] vfs_listxattr+0xba/0x140 [ 126.887070][ T5376] listxattr+0x69/0x190 [ 126.891265][ T5376] path_listxattr+0xc0/0x160 [ 126.895897][ T5376] do_syscall_64+0xcd/0x250 [ 126.900440][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.906355][ T5376] [ 126.908683][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 126.908683][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 126.922751][ T5376] The buggy address is located 0 bytes to the right of [ 126.922751][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 126.937265][ T5376] [ 126.939592][ T5376] The buggy address belongs to the physical page: [ 126.946004][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 126.954780][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 126.963296][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 126.970852][ T5376] page_type: 0xfdffffff(slab) [ 126.975550][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 126.984158][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 126.992764][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 127.001455][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 127.010152][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 127.018842][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 127.027523][ T5376] page dumped because: kasan: bad access detected [ 127.033938][ T5376] page_owner tracks the page as allocated [ 127.039653][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 127.060357][ T5376] post_alloc_hook+0x2d1/0x350 [ 127.065156][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 127.070740][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 127.076067][ T5376] alloc_slab_page+0x4e/0xf0 [ 127.080681][ T5376] new_slab+0x84/0x260 [ 127.084781][ T5376] ___slab_alloc+0xdac/0x1870 [ 127.089492][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 127.094905][ T5376] __kmalloc_noprof+0x367/0x400 [ 127.099789][ T5376] ___neigh_create+0x152b/0x2ac0 [ 127.104746][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 127.109982][ T5376] ip6_finish_output+0x3f9/0x1300 [ 127.115047][ T5376] ip6_output+0x1f8/0x540 [ 127.119412][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 127.124217][ T5376] ndisc_send_ns+0xc7/0x150 [ 127.128760][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 127.133822][ T5376] process_one_work+0x9c8/0x1b40 [ 127.138806][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 127.145139][ T5376] free_unref_page+0x64a/0xe40 [ 127.149935][ T5376] __put_partials+0x14c/0x170 [ 127.154639][ T5376] qlist_free_all+0x4e/0x140 [ 127.159262][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 127.164752][ T5376] __kasan_slab_alloc+0x69/0x90 [ 127.169636][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 127.175564][ T5376] __alloc_skb+0x2b1/0x380 [ 127.180019][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 127.185424][ T5376] netlink_sendmsg+0x689/0xd70 [ 127.190224][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 127.195018][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 127.199735][ T5376] __sys_sendmsg+0x117/0x1f0 [ 127.204367][ T5376] do_syscall_64+0xcd/0x250 [ 127.208908][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.214823][ T5376] [ 127.217149][ T5376] Memory state around the buggy address: [ 127.222784][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.230858][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.238936][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.247002][ T5376] ^ [ 127.251856][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.259938][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 127.268014][ T5376] ================================================================== [ 127.314695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 127.333766][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 127.414070][ T5376] Disabling lock debugging due to kernel taint [ 127.501509][ T5376] ================================================================== [ 127.509590][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 127.517260][ T5376] Read of size 2 at addr ffff88805ffe321a by task syz.3.17/5376 [ 127.524913][ T5376] [ 127.527253][ T5376] CPU: 1 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 127.537533][ T5376] Tainted: [B]=BAD_PAGE [ 127.541704][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 127.551780][ T5376] Call Trace: [ 127.555076][ T5376] [ 127.558020][ T5376] dump_stack_lvl+0x116/0x1f0 [ 127.562738][ T5376] print_report+0xc3/0x620 [ 127.567209][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 127.572886][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 127.578564][ T5376] ? __phys_addr+0xc6/0x150 [ 127.583149][ T5376] kasan_report+0xd9/0x110 [ 127.587620][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 127.592599][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 127.597581][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 127.602389][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 127.607378][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 127.612882][ T5376] ? putname+0x12e/0x170 [ 127.617186][ T5376] ? kasan_save_stack+0x42/0x60 [ 127.622087][ T5376] ? kasan_save_stack+0x33/0x60 [ 127.626990][ T5376] ? kasan_save_track+0x14/0x30 [ 127.631889][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 127.634469][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.636678][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 127.650006][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 127.654210][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 127.655664][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 127.667735][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 127.673412][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 127.678925][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 127.684426][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 127.689918][ T5376] vfs_listxattr+0xba/0x140 [ 127.694470][ T5376] listxattr+0x69/0x190 [ 127.698676][ T5376] path_listxattr+0xc0/0x160 [ 127.703329][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 127.708578][ T5376] do_syscall_64+0xcd/0x250 [ 127.713131][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.719050][ T5376] RIP: 0033:0x7fcbfc979e79 [ 127.723480][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.743111][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 127.751550][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 127.759538][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 127.767521][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 127.775511][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.783499][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 127.791496][ T5376] [ 127.794522][ T5376] [ 127.796847][ T5376] Allocated by task 5376: [ 127.801182][ T5376] kasan_save_stack+0x33/0x60 [ 127.805908][ T5376] kasan_save_track+0x14/0x30 [ 127.810615][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 127.815238][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 127.820120][ T5376] hfsplus_find_init+0x95/0x1f0 [ 127.824989][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 127.829948][ T5376] vfs_listxattr+0xba/0x140 [ 127.834487][ T5376] listxattr+0x69/0x190 [ 127.838678][ T5376] path_listxattr+0xc0/0x160 [ 127.843307][ T5376] do_syscall_64+0xcd/0x250 [ 127.847848][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.853759][ T5376] [ 127.856083][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 127.856083][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 127.870159][ T5376] The buggy address is located 2 bytes to the right of [ 127.870159][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 127.884668][ T5376] [ 127.886990][ T5376] The buggy address belongs to the physical page: [ 127.893403][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 127.902186][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 127.910706][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 127.918265][ T5376] page_type: 0xfdffffff(slab) [ 127.922959][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 127.931566][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 127.940167][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 127.948855][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 127.957549][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 127.966237][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 127.974911][ T5376] page dumped because: kasan: bad access detected [ 127.981408][ T5376] page_owner tracks the page as allocated [ 127.987206][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 128.007910][ T5376] post_alloc_hook+0x2d1/0x350 [ 128.012706][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 128.018298][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 128.023621][ T5376] alloc_slab_page+0x4e/0xf0 [ 128.028232][ T5376] new_slab+0x84/0x260 [ 128.032325][ T5376] ___slab_alloc+0xdac/0x1870 [ 128.037032][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 128.042436][ T5376] __kmalloc_noprof+0x367/0x400 [ 128.047320][ T5376] ___neigh_create+0x152b/0x2ac0 [ 128.052275][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 128.057511][ T5376] ip6_finish_output+0x3f9/0x1300 [ 128.062571][ T5376] ip6_output+0x1f8/0x540 [ 128.066935][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 128.071735][ T5376] ndisc_send_ns+0xc7/0x150 [ 128.076275][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 128.081331][ T5376] process_one_work+0x9c8/0x1b40 [ 128.086311][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 128.092638][ T5376] free_unref_page+0x64a/0xe40 [ 128.097435][ T5376] __put_partials+0x14c/0x170 [ 128.102143][ T5376] qlist_free_all+0x4e/0x140 [ 128.106764][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 128.112265][ T5376] __kasan_slab_alloc+0x69/0x90 [ 128.117155][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 128.123084][ T5376] __alloc_skb+0x2b1/0x380 [ 128.127542][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 128.132943][ T5376] netlink_sendmsg+0x689/0xd70 [ 128.137740][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 128.142528][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 128.147245][ T5376] __sys_sendmsg+0x117/0x1f0 [ 128.151876][ T5376] do_syscall_64+0xcd/0x250 [ 128.156416][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.162328][ T5376] [ 128.164657][ T5376] Memory state around the buggy address: [ 128.170288][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.178358][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.186429][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.194499][ T5376] ^ [ 128.199353][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.207424][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.215493][ T5376] ================================================================== [ 128.260418][ T5377] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 128.262786][ T5376] ================================================================== [ 128.280563][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 128.288234][ T5376] Read of size 2 at addr ffff88805ffe321c by task syz.3.17/5376 [ 128.295895][ T5376] [ 128.298236][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 128.308520][ T5376] Tainted: [B]=BAD_PAGE [ 128.312684][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 128.322761][ T5376] Call Trace: [ 128.326062][ T5376] [ 128.329012][ T5376] dump_stack_lvl+0x116/0x1f0 [ 128.333731][ T5376] print_report+0xc3/0x620 [ 128.338202][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.343885][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.349559][ T5376] ? __phys_addr+0xc6/0x150 [ 128.354101][ T5376] kasan_report+0xd9/0x110 [ 128.358543][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 128.363492][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 128.368440][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 128.373218][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 128.378173][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 128.383645][ T5376] ? putname+0x12e/0x170 [ 128.387909][ T5376] ? kasan_save_stack+0x42/0x60 [ 128.392773][ T5376] ? kasan_save_stack+0x33/0x60 [ 128.397640][ T5376] ? kasan_save_track+0x14/0x30 [ 128.402517][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 128.407327][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 128.412881][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.418558][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 128.423358][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.429022][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 128.434521][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 128.440019][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 128.445509][ T5376] vfs_listxattr+0xba/0x140 [ 128.450061][ T5376] listxattr+0x69/0x190 [ 128.454262][ T5376] path_listxattr+0xc0/0x160 [ 128.458903][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 128.464155][ T5376] do_syscall_64+0xcd/0x250 [ 128.468702][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.474618][ T5376] RIP: 0033:0x7fcbfc979e79 [ 128.479053][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.498682][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 128.507119][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 128.515108][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 128.523100][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 128.531098][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.539091][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 128.547100][ T5376] [ 128.550137][ T5376] [ 128.552466][ T5376] Allocated by task 5376: [ 128.556798][ T5376] kasan_save_stack+0x33/0x60 [ 128.561514][ T5376] kasan_save_track+0x14/0x30 [ 128.566226][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 128.570879][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 128.575763][ T5376] hfsplus_find_init+0x95/0x1f0 [ 128.580631][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 128.585598][ T5376] vfs_listxattr+0xba/0x140 [ 128.590141][ T5376] listxattr+0x69/0x190 [ 128.594508][ T5376] path_listxattr+0xc0/0x160 [ 128.599144][ T5376] do_syscall_64+0xcd/0x250 [ 128.603685][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.609599][ T5376] [ 128.611924][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 128.611924][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 128.625991][ T5376] The buggy address is located 4 bytes to the right of [ 128.625991][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 128.640502][ T5376] [ 128.642827][ T5376] The buggy address belongs to the physical page: [ 128.649240][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 128.658021][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 128.666534][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 128.674092][ T5376] page_type: 0xfdffffff(slab) [ 128.678793][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 128.687400][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 128.696006][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 128.704697][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 128.713390][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 128.722086][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 128.730767][ T5376] page dumped because: kasan: bad access detected [ 128.737181][ T5376] page_owner tracks the page as allocated [ 128.742902][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 128.763607][ T5376] post_alloc_hook+0x2d1/0x350 [ 128.768406][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 128.773990][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 128.779314][ T5376] alloc_slab_page+0x4e/0xf0 [ 128.783923][ T5376] new_slab+0x84/0x260 [ 128.788020][ T5376] ___slab_alloc+0xdac/0x1870 [ 128.792725][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 128.798140][ T5376] __kmalloc_noprof+0x367/0x400 [ 128.803024][ T5376] ___neigh_create+0x152b/0x2ac0 [ 128.807981][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 128.813222][ T5376] ip6_finish_output+0x3f9/0x1300 [ 128.818284][ T5376] ip6_output+0x1f8/0x540 [ 128.822827][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 128.827639][ T5376] ndisc_send_ns+0xc7/0x150 [ 128.832183][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 128.837245][ T5376] process_one_work+0x9c8/0x1b40 [ 128.842227][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 128.848558][ T5376] free_unref_page+0x64a/0xe40 [ 128.853357][ T5376] __put_partials+0x14c/0x170 [ 128.858061][ T5376] qlist_free_all+0x4e/0x140 [ 128.862681][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 128.868175][ T5376] __kasan_slab_alloc+0x69/0x90 [ 128.873064][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 128.878997][ T5376] __alloc_skb+0x2b1/0x380 [ 128.883451][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 128.888851][ T5376] netlink_sendmsg+0x689/0xd70 [ 128.893640][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 128.898431][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 128.903152][ T5376] __sys_sendmsg+0x117/0x1f0 [ 128.907782][ T5376] do_syscall_64+0xcd/0x250 [ 128.912322][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.918238][ T5376] [ 128.920562][ T5376] Memory state around the buggy address: [ 128.926204][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.934284][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 128.942358][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.950429][ T5376] ^ [ 128.955284][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.963359][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 128.971426][ T5376] ================================================================== [ 129.118393][ T5376] ================================================================== [ 129.126484][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 129.134174][ T5376] Read of size 2 at addr ffff88805ffe321e by task syz.3.17/5376 [ 129.141839][ T5376] [ 129.144166][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 129.154424][ T5376] Tainted: [B]=BAD_PAGE [ 129.158574][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 129.168637][ T5376] Call Trace: [ 129.171933][ T5376] [ 129.174895][ T5376] dump_stack_lvl+0x116/0x1f0 [ 129.179637][ T5376] print_report+0xc3/0x620 [ 129.184088][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 129.189743][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 129.195393][ T5376] ? __phys_addr+0xc6/0x150 [ 129.199916][ T5376] kasan_report+0xd9/0x110 [ 129.204358][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 129.209313][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 129.214267][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 129.219065][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 129.224045][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 129.229545][ T5376] ? putname+0x12e/0x170 [ 129.233838][ T5376] ? kasan_save_stack+0x42/0x60 [ 129.238733][ T5376] ? kasan_save_stack+0x33/0x60 [ 129.243622][ T5376] ? kasan_save_track+0x14/0x30 [ 129.248521][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 129.253323][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 129.258865][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 129.264530][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 129.269151][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 129.274815][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 129.280316][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 129.285817][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 129.291312][ T5376] vfs_listxattr+0xba/0x140 [ 129.295862][ T5376] listxattr+0x69/0x190 [ 129.300064][ T5376] path_listxattr+0xc0/0x160 [ 129.304705][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 129.309957][ T5376] do_syscall_64+0xcd/0x250 [ 129.314508][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.320426][ T5376] RIP: 0033:0x7fcbfc979e79 [ 129.324857][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.344490][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 129.352930][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 129.360918][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 129.368904][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 129.376891][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 129.384880][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 129.392880][ T5376] [ 129.395913][ T5376] [ 129.398238][ T5376] Allocated by task 5376: [ 129.402570][ T5376] kasan_save_stack+0x33/0x60 [ 129.407282][ T5376] kasan_save_track+0x14/0x30 [ 129.411994][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 129.416614][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 129.421497][ T5376] hfsplus_find_init+0x95/0x1f0 [ 129.426364][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 129.431328][ T5376] vfs_listxattr+0xba/0x140 [ 129.435872][ T5376] listxattr+0x69/0x190 [ 129.440069][ T5376] path_listxattr+0xc0/0x160 [ 129.444707][ T5376] do_syscall_64+0xcd/0x250 [ 129.449248][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.455162][ T5376] [ 129.457488][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 129.457488][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 129.471556][ T5376] The buggy address is located 6 bytes to the right of [ 129.471556][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 129.486066][ T5376] [ 129.488396][ T5376] The buggy address belongs to the physical page: [ 129.494810][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 129.503589][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 129.512102][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 129.519667][ T5376] page_type: 0xfdffffff(slab) [ 129.524361][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 129.532970][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 129.541575][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 129.550267][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 129.558959][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 129.567654][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 129.576334][ T5376] page dumped because: kasan: bad access detected [ 129.582749][ T5376] page_owner tracks the page as allocated [ 129.588463][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 129.609167][ T5376] post_alloc_hook+0x2d1/0x350 [ 129.613968][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 129.619551][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 129.624881][ T5376] alloc_slab_page+0x4e/0xf0 [ 129.629492][ T5376] new_slab+0x84/0x260 [ 129.633597][ T5376] ___slab_alloc+0xdac/0x1870 [ 129.638314][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 129.643722][ T5376] __kmalloc_noprof+0x367/0x400 [ 129.648608][ T5376] ___neigh_create+0x152b/0x2ac0 [ 129.653573][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 129.658820][ T5376] ip6_finish_output+0x3f9/0x1300 [ 129.664132][ T5376] ip6_output+0x1f8/0x540 [ 129.668732][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 129.673536][ T5376] ndisc_send_ns+0xc7/0x150 [ 129.678078][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 129.683140][ T5376] process_one_work+0x9c8/0x1b40 [ 129.688120][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 129.694458][ T5376] free_unref_page+0x64a/0xe40 [ 129.699255][ T5376] __put_partials+0x14c/0x170 [ 129.703959][ T5376] qlist_free_all+0x4e/0x140 [ 129.708579][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 129.714071][ T5376] __kasan_slab_alloc+0x69/0x90 [ 129.718955][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 129.724889][ T5376] __alloc_skb+0x2b1/0x380 [ 129.729347][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 129.734746][ T5376] netlink_sendmsg+0x689/0xd70 [ 129.739542][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 129.744337][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 129.749060][ T5376] __sys_sendmsg+0x117/0x1f0 [ 129.753697][ T5376] do_syscall_64+0xcd/0x250 [ 129.758256][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.764297][ T5376] [ 129.766628][ T5376] Memory state around the buggy address: [ 129.772263][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 129.780382][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 129.788454][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 129.796523][ T5376] ^ [ 129.801375][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 129.809451][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 129.817528][ T5376] ================================================================== [ 129.832218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #248!!! [ 129.843615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.854993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c0!!! [ 129.865671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.954382][ T5376] ================================================================== [ 129.962467][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 129.970147][ T5376] Read of size 2 at addr ffff88805ffe3220 by task syz.3.17/5376 [ 129.977801][ T5376] [ 129.980152][ T5376] CPU: 1 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 129.990440][ T5376] Tainted: [B]=BAD_PAGE [ 129.994600][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 130.004676][ T5376] Call Trace: [ 130.007974][ T5376] [ 130.010923][ T5376] dump_stack_lvl+0x116/0x1f0 [ 130.015641][ T5376] print_report+0xc3/0x620 [ 130.020111][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.025790][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.031469][ T5376] ? __phys_addr+0xc6/0x150 [ 130.036020][ T5376] kasan_report+0xd9/0x110 [ 130.040491][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 130.045469][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 130.050451][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 130.055264][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 130.060252][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 130.065755][ T5376] ? putname+0x12e/0x170 [ 130.070048][ T5376] ? kasan_save_stack+0x42/0x60 [ 130.074948][ T5376] ? kasan_save_stack+0x33/0x60 [ 130.079845][ T5376] ? kasan_save_track+0x14/0x30 [ 130.084741][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 130.089518][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 130.095028][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.100672][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 130.105278][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.110955][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 130.116468][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 130.121983][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 130.127486][ T5376] vfs_listxattr+0xba/0x140 [ 130.132049][ T5376] listxattr+0x69/0x190 [ 130.136253][ T5376] path_listxattr+0xc0/0x160 [ 130.140889][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 130.146143][ T5376] do_syscall_64+0xcd/0x250 [ 130.150688][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.156605][ T5376] RIP: 0033:0x7fcbfc979e79 [ 130.161041][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.180671][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 130.189106][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 130.197095][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 130.205089][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 130.213084][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.221078][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 130.229079][ T5376] [ 130.232103][ T5376] [ 130.234428][ T5376] Allocated by task 5376: [ 130.238757][ T5376] kasan_save_stack+0x33/0x60 [ 130.243462][ T5376] kasan_save_track+0x14/0x30 [ 130.248168][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 130.252785][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 130.257673][ T5376] hfsplus_find_init+0x95/0x1f0 [ 130.262559][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 130.267522][ T5376] vfs_listxattr+0xba/0x140 [ 130.272063][ T5376] listxattr+0x69/0x190 [ 130.276259][ T5376] path_listxattr+0xc0/0x160 [ 130.280890][ T5376] do_syscall_64+0xcd/0x250 [ 130.285428][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.291338][ T5376] [ 130.293662][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 130.293662][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 130.307729][ T5376] The buggy address is located 8 bytes to the right of [ 130.307729][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 130.322237][ T5376] [ 130.324562][ T5376] The buggy address belongs to the physical page: [ 130.330968][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 130.339739][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 130.348249][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 130.355804][ T5376] page_type: 0xfdffffff(slab) [ 130.360501][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 130.369112][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 130.377718][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 130.386409][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 130.395100][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 130.403792][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 130.412467][ T5376] page dumped because: kasan: bad access detected [ 130.418879][ T5376] page_owner tracks the page as allocated [ 130.424590][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 130.445286][ T5376] post_alloc_hook+0x2d1/0x350 [ 130.450081][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 130.455669][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 130.460992][ T5376] alloc_slab_page+0x4e/0xf0 [ 130.465601][ T5376] new_slab+0x84/0x260 [ 130.469718][ T5376] ___slab_alloc+0xdac/0x1870 [ 130.474425][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 130.479827][ T5376] __kmalloc_noprof+0x367/0x400 [ 130.484710][ T5376] ___neigh_create+0x152b/0x2ac0 [ 130.489664][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 130.494902][ T5376] ip6_finish_output+0x3f9/0x1300 [ 130.499961][ T5376] ip6_output+0x1f8/0x540 [ 130.504324][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 130.509130][ T5376] ndisc_send_ns+0xc7/0x150 [ 130.513670][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 130.518727][ T5376] process_one_work+0x9c8/0x1b40 [ 130.523707][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 130.530037][ T5376] free_unref_page+0x64a/0xe40 [ 130.534832][ T5376] __put_partials+0x14c/0x170 [ 130.539535][ T5376] qlist_free_all+0x4e/0x140 [ 130.544155][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 130.549642][ T5376] __kasan_slab_alloc+0x69/0x90 [ 130.554527][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 130.560454][ T5376] __alloc_skb+0x2b1/0x380 [ 130.564911][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 130.570322][ T5376] netlink_sendmsg+0x689/0xd70 [ 130.575116][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 130.579910][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 130.584625][ T5376] __sys_sendmsg+0x117/0x1f0 [ 130.589255][ T5376] do_syscall_64+0xcd/0x250 [ 130.593797][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.599706][ T5376] [ 130.602029][ T5376] Memory state around the buggy address: [ 130.607664][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 130.615738][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 130.624070][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 130.632139][ T5376] ^ [ 130.637253][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 130.645325][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 130.653390][ T5376] ================================================================== [ 130.781992][ T5376] ================================================================== [ 130.790088][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 130.797751][ T5376] Read of size 2 at addr ffff88805ffe3222 by task syz.3.17/5376 [ 130.805384][ T5376] [ 130.807707][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 130.817960][ T5376] Tainted: [B]=BAD_PAGE [ 130.822108][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 130.832164][ T5376] Call Trace: [ 130.835444][ T5376] [ 130.838373][ T5376] dump_stack_lvl+0x116/0x1f0 [ 130.843074][ T5376] print_report+0xc3/0x620 [ 130.847524][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.853172][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.858825][ T5376] ? __phys_addr+0xc6/0x150 [ 130.863358][ T5376] kasan_report+0xd9/0x110 [ 130.867827][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 130.872807][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 130.877811][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 130.882593][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 130.887567][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 130.893055][ T5376] ? putname+0x12e/0x170 [ 130.897348][ T5376] ? kasan_save_stack+0x42/0x60 [ 130.902217][ T5376] ? kasan_save_stack+0x33/0x60 [ 130.907087][ T5376] ? kasan_save_track+0x14/0x30 [ 130.911958][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 130.916796][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 130.922356][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.928013][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 130.932617][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 130.938269][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 130.943750][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 130.949235][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 130.954712][ T5376] vfs_listxattr+0xba/0x140 [ 130.959244][ T5376] listxattr+0x69/0x190 [ 130.963428][ T5376] path_listxattr+0xc0/0x160 [ 130.968047][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 130.973293][ T5376] do_syscall_64+0xcd/0x250 [ 130.977858][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.983784][ T5376] RIP: 0033:0x7fcbfc979e79 [ 130.988229][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.007861][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 131.016289][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 131.024265][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 131.032249][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 131.040228][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.048203][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 131.056187][ T5376] [ 131.059203][ T5376] [ 131.061519][ T5376] Allocated by task 5376: [ 131.065841][ T5376] kasan_save_stack+0x33/0x60 [ 131.070537][ T5376] kasan_save_track+0x14/0x30 [ 131.075235][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 131.079864][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 131.084747][ T5376] hfsplus_find_init+0x95/0x1f0 [ 131.089619][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 131.094567][ T5376] vfs_listxattr+0xba/0x140 [ 131.099092][ T5376] listxattr+0x69/0x190 [ 131.103270][ T5376] path_listxattr+0xc0/0x160 [ 131.107885][ T5376] do_syscall_64+0xcd/0x250 [ 131.112412][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.118310][ T5376] [ 131.120628][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 131.120628][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 131.134690][ T5376] The buggy address is located 10 bytes to the right of [ 131.134690][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 131.149280][ T5376] [ 131.151597][ T5376] The buggy address belongs to the physical page: [ 131.157999][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 131.166760][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 131.175260][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 131.182805][ T5376] page_type: 0xfdffffff(slab) [ 131.187486][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 131.196078][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 131.204669][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 131.213345][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 131.222022][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 131.230699][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 131.239382][ T5376] page dumped because: kasan: bad access detected [ 131.245786][ T5376] page_owner tracks the page as allocated [ 131.251491][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 131.272170][ T5376] post_alloc_hook+0x2d1/0x350 [ 131.276952][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 131.282544][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 131.287861][ T5376] alloc_slab_page+0x4e/0xf0 [ 131.292469][ T5376] new_slab+0x84/0x260 [ 131.296552][ T5376] ___slab_alloc+0xdac/0x1870 [ 131.301258][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 131.306677][ T5376] __kmalloc_noprof+0x367/0x400 [ 131.311546][ T5376] ___neigh_create+0x152b/0x2ac0 [ 131.316491][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 131.321711][ T5376] ip6_finish_output+0x3f9/0x1300 [ 131.326757][ T5376] ip6_output+0x1f8/0x540 [ 131.331112][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 131.335903][ T5376] ndisc_send_ns+0xc7/0x150 [ 131.340428][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 131.345472][ T5376] process_one_work+0x9c8/0x1b40 [ 131.350433][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 131.356755][ T5376] free_unref_page+0x64a/0xe40 [ 131.361536][ T5376] __put_partials+0x14c/0x170 [ 131.366233][ T5376] qlist_free_all+0x4e/0x140 [ 131.370854][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 131.376334][ T5376] __kasan_slab_alloc+0x69/0x90 [ 131.381202][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 131.387117][ T5376] __alloc_skb+0x2b1/0x380 [ 131.391557][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 131.396943][ T5376] netlink_sendmsg+0x689/0xd70 [ 131.401720][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 131.406497][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 131.411204][ T5376] __sys_sendmsg+0x117/0x1f0 [ 131.415816][ T5376] do_syscall_64+0xcd/0x250 [ 131.420353][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.426254][ T5376] [ 131.428572][ T5376] Memory state around the buggy address: [ 131.434217][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 131.442278][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 131.450442][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.458498][ T5376] ^ [ 131.463605][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.471666][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 131.479721][ T5376] ================================================================== [ 131.562574][ T5225] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.605361][ T5376] ================================================================== [ 131.613457][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 131.621137][ T5376] Read of size 2 at addr ffff88805ffe3224 by task syz.3.17/5376 [ 131.628796][ T5376] [ 131.631139][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 131.641433][ T5376] Tainted: [B]=BAD_PAGE [ 131.645600][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 131.655679][ T5376] Call Trace: [ 131.659071][ T5376] [ 131.662024][ T5376] dump_stack_lvl+0x116/0x1f0 [ 131.666748][ T5376] print_report+0xc3/0x620 [ 131.671221][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 131.676904][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 131.682585][ T5376] ? __phys_addr+0xc6/0x150 [ 131.687135][ T5376] kasan_report+0xd9/0x110 [ 131.691614][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 131.696593][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 131.701588][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 131.706399][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 131.711391][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 131.716901][ T5376] ? putname+0x12e/0x170 [ 131.721197][ T5376] ? kasan_save_stack+0x42/0x60 [ 131.726101][ T5376] ? kasan_save_stack+0x33/0x60 [ 131.731001][ T5376] ? kasan_save_track+0x14/0x30 [ 131.735904][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 131.740715][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 131.746272][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 131.751948][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 131.756578][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 131.762259][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 131.767770][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 131.773285][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 131.778789][ T5376] vfs_listxattr+0xba/0x140 [ 131.783359][ T5376] listxattr+0x69/0x190 [ 131.787578][ T5376] path_listxattr+0xc0/0x160 [ 131.792234][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 131.797507][ T5376] do_syscall_64+0xcd/0x250 [ 131.802078][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.808007][ T5376] RIP: 0033:0x7fcbfc979e79 [ 131.812447][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.832097][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 131.840546][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 131.848545][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 131.856541][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 131.864537][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 131.872534][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 131.880549][ T5376] [ 131.883587][ T5376] [ 131.885920][ T5376] Allocated by task 5376: [ 131.890259][ T5376] kasan_save_stack+0x33/0x60 [ 131.894980][ T5376] kasan_save_track+0x14/0x30 [ 131.899701][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 131.904331][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 131.909229][ T5376] hfsplus_find_init+0x95/0x1f0 [ 131.914111][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 131.919086][ T5376] vfs_listxattr+0xba/0x140 [ 131.923644][ T5376] listxattr+0x69/0x190 [ 131.927848][ T5376] path_listxattr+0xc0/0x160 [ 131.932498][ T5376] do_syscall_64+0xcd/0x250 [ 131.937057][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.942983][ T5376] [ 131.945319][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 131.945319][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 131.959396][ T5376] The buggy address is located 12 bytes to the right of [ 131.959396][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 131.974007][ T5376] [ 131.976345][ T5376] The buggy address belongs to the physical page: [ 131.982767][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 131.991555][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 132.000081][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 132.007648][ T5376] page_type: 0xfdffffff(slab) [ 132.012355][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 132.020971][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 132.029587][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 132.038288][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 132.046990][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 132.055681][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 132.064360][ T5376] page dumped because: kasan: bad access detected [ 132.070782][ T5376] page_owner tracks the page as allocated [ 132.076502][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 132.097204][ T5376] post_alloc_hook+0x2d1/0x350 [ 132.102004][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 132.107589][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 132.112915][ T5376] alloc_slab_page+0x4e/0xf0 [ 132.117530][ T5376] new_slab+0x84/0x260 [ 132.121625][ T5376] ___slab_alloc+0xdac/0x1870 [ 132.126332][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 132.131738][ T5376] __kmalloc_noprof+0x367/0x400 [ 132.136622][ T5376] ___neigh_create+0x152b/0x2ac0 [ 132.141577][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 132.146813][ T5376] ip6_finish_output+0x3f9/0x1300 [ 132.151885][ T5376] ip6_output+0x1f8/0x540 [ 132.156249][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 132.161052][ T5376] ndisc_send_ns+0xc7/0x150 [ 132.165592][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 132.170736][ T5376] process_one_work+0x9c8/0x1b40 [ 132.175716][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 132.182044][ T5376] free_unref_page+0x64a/0xe40 [ 132.186842][ T5376] __put_partials+0x14c/0x170 [ 132.191549][ T5376] qlist_free_all+0x4e/0x140 [ 132.196170][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 132.201661][ T5376] __kasan_slab_alloc+0x69/0x90 [ 132.206548][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 132.212475][ T5376] __alloc_skb+0x2b1/0x380 [ 132.216929][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 132.222331][ T5376] netlink_sendmsg+0x689/0xd70 [ 132.227120][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 132.231910][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 132.236713][ T5376] __sys_sendmsg+0x117/0x1f0 [ 132.241344][ T5376] do_syscall_64+0xcd/0x250 [ 132.245887][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.251800][ T5376] [ 132.254127][ T5376] Memory state around the buggy address: [ 132.259762][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 132.267837][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 132.275918][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.283986][ T5376] ^ [ 132.289102][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.297173][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 132.305244][ T5376] ================================================================== [ 132.384559][ T5376] ================================================================== [ 132.392646][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 132.400316][ T5376] Read of size 2 at addr ffff88805ffe3226 by task syz.3.17/5376 [ 132.407971][ T5376] [ 132.410314][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 132.420596][ T5376] Tainted: [B]=BAD_PAGE [ 132.424766][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 132.434843][ T5376] Call Trace: [ 132.438144][ T5376] [ 132.441096][ T5376] dump_stack_lvl+0x116/0x1f0 [ 132.445818][ T5376] print_report+0xc3/0x620 [ 132.450293][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 132.455976][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 132.461647][ T5376] ? __phys_addr+0xc6/0x150 [ 132.466175][ T5376] kasan_report+0xd9/0x110 [ 132.470633][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 132.475596][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 132.480562][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 132.485361][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 132.490337][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 132.495826][ T5376] ? putname+0x12e/0x170 [ 132.500114][ T5376] ? kasan_save_stack+0x42/0x60 [ 132.504999][ T5376] ? kasan_save_stack+0x33/0x60 [ 132.509893][ T5376] ? kasan_save_track+0x14/0x30 [ 132.514787][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 132.519584][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 132.525123][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 132.530784][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 132.535397][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 132.541065][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 132.546562][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 132.552063][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 132.557555][ T5376] vfs_listxattr+0xba/0x140 [ 132.562108][ T5376] listxattr+0x69/0x190 [ 132.566308][ T5376] path_listxattr+0xc0/0x160 [ 132.570943][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 132.576192][ T5376] do_syscall_64+0xcd/0x250 [ 132.580742][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.586659][ T5376] RIP: 0033:0x7fcbfc979e79 [ 132.591090][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.610721][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 132.619160][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 132.627150][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 132.635138][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 132.643130][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 132.651178][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 132.659181][ T5376] [ 132.662206][ T5376] [ 132.664531][ T5376] Allocated by task 5376: [ 132.668861][ T5376] kasan_save_stack+0x33/0x60 [ 132.673576][ T5376] kasan_save_track+0x14/0x30 [ 132.678294][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 132.682917][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 132.687809][ T5376] hfsplus_find_init+0x95/0x1f0 [ 132.692678][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 132.697640][ T5376] vfs_listxattr+0xba/0x140 [ 132.702180][ T5376] listxattr+0x69/0x190 [ 132.706371][ T5376] path_listxattr+0xc0/0x160 [ 132.711000][ T5376] do_syscall_64+0xcd/0x250 [ 132.715542][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.721456][ T5376] [ 132.723788][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 132.723788][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 132.737863][ T5376] The buggy address is located 14 bytes to the right of [ 132.737863][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 132.752466][ T5376] [ 132.754792][ T5376] The buggy address belongs to the physical page: [ 132.761203][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 132.769977][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 132.778495][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 132.786057][ T5376] page_type: 0xfdffffff(slab) [ 132.790748][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 132.799351][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 132.807957][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 132.816654][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 132.825354][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 132.834057][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 132.842736][ T5376] page dumped because: kasan: bad access detected [ 132.849150][ T5376] page_owner tracks the page as allocated [ 132.854866][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 132.875568][ T5376] post_alloc_hook+0x2d1/0x350 [ 132.880364][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 132.885948][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 132.891273][ T5376] alloc_slab_page+0x4e/0xf0 [ 132.895886][ T5376] new_slab+0x84/0x260 [ 132.899983][ T5376] ___slab_alloc+0xdac/0x1870 [ 132.904688][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 132.910097][ T5376] __kmalloc_noprof+0x367/0x400 [ 132.914981][ T5376] ___neigh_create+0x152b/0x2ac0 [ 132.919940][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 132.925189][ T5376] ip6_finish_output+0x3f9/0x1300 [ 132.930253][ T5376] ip6_output+0x1f8/0x540 [ 132.934618][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 132.939420][ T5376] ndisc_send_ns+0xc7/0x150 [ 132.943963][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 132.949020][ T5376] process_one_work+0x9c8/0x1b40 [ 132.954000][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 132.960332][ T5376] free_unref_page+0x64a/0xe40 [ 132.965130][ T5376] __put_partials+0x14c/0x170 [ 132.969832][ T5376] qlist_free_all+0x4e/0x140 [ 132.974453][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 132.979941][ T5376] __kasan_slab_alloc+0x69/0x90 [ 132.984825][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 132.990756][ T5376] __alloc_skb+0x2b1/0x380 [ 132.995214][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 133.000613][ T5376] netlink_sendmsg+0x689/0xd70 [ 133.005404][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 133.010193][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 133.014913][ T5376] __sys_sendmsg+0x117/0x1f0 [ 133.019550][ T5376] do_syscall_64+0xcd/0x250 [ 133.024092][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.030007][ T5376] [ 133.032331][ T5376] Memory state around the buggy address: [ 133.037963][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 133.046037][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 133.054109][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.062175][ T5376] ^ [ 133.067288][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.075361][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.083428][ T5376] ================================================================== [ 133.165445][ T5376] ================================================================== [ 133.173530][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 133.181198][ T5376] Read of size 2 at addr ffff88805ffe3228 by task syz.3.17/5376 [ 133.188850][ T5376] [ 133.191199][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 133.201485][ T5376] Tainted: [B]=BAD_PAGE [ 133.205654][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 133.215730][ T5376] Call Trace: [ 133.219025][ T5376] [ 133.221976][ T5376] dump_stack_lvl+0x116/0x1f0 [ 133.226698][ T5376] print_report+0xc3/0x620 [ 133.231169][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 133.236848][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 133.242527][ T5376] ? __phys_addr+0xc6/0x150 [ 133.247065][ T5376] kasan_report+0xd9/0x110 [ 133.251523][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 133.256486][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 133.261451][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 133.266249][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 133.271227][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 133.276716][ T5376] ? putname+0x12e/0x170 [ 133.280997][ T5376] ? kasan_save_stack+0x42/0x60 [ 133.285891][ T5376] ? kasan_save_stack+0x33/0x60 [ 133.290775][ T5376] ? kasan_save_track+0x14/0x30 [ 133.295660][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 133.300454][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 133.305991][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 133.311652][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 133.316267][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 133.321930][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 133.327428][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 133.332932][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 133.338433][ T5376] vfs_listxattr+0xba/0x140 [ 133.342985][ T5376] listxattr+0x69/0x190 [ 133.347239][ T5376] path_listxattr+0xc0/0x160 [ 133.351879][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 133.357138][ T5376] do_syscall_64+0xcd/0x250 [ 133.361697][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.367619][ T5376] RIP: 0033:0x7fcbfc979e79 [ 133.372053][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.391683][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 133.400208][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 133.408198][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 133.416183][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 133.424248][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.432238][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 133.440245][ T5376] [ 133.443270][ T5376] [ 133.445594][ T5376] Allocated by task 5376: [ 133.449923][ T5376] kasan_save_stack+0x33/0x60 [ 133.454634][ T5376] kasan_save_track+0x14/0x30 [ 133.459426][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 133.464044][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 133.468929][ T5376] hfsplus_find_init+0x95/0x1f0 [ 133.473798][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 133.478761][ T5376] vfs_listxattr+0xba/0x140 [ 133.483309][ T5376] listxattr+0x69/0x190 [ 133.487503][ T5376] path_listxattr+0xc0/0x160 [ 133.492132][ T5376] do_syscall_64+0xcd/0x250 [ 133.496672][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.502584][ T5376] [ 133.504910][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 133.504910][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 133.518975][ T5376] The buggy address is located 16 bytes to the right of [ 133.518975][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 133.533573][ T5376] [ 133.535905][ T5376] The buggy address belongs to the physical page: [ 133.542318][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 133.551184][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 133.559699][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 133.567258][ T5376] page_type: 0xfdffffff(slab) [ 133.571953][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 133.580555][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 133.589158][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 133.597846][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 133.606539][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 133.615231][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 133.623909][ T5376] page dumped because: kasan: bad access detected [ 133.630322][ T5376] page_owner tracks the page as allocated [ 133.636041][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 133.656753][ T5376] post_alloc_hook+0x2d1/0x350 [ 133.661549][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 133.667137][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 133.672577][ T5376] alloc_slab_page+0x4e/0xf0 [ 133.677190][ T5376] new_slab+0x84/0x260 [ 133.681290][ T5376] ___slab_alloc+0xdac/0x1870 [ 133.685998][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 133.691402][ T5376] __kmalloc_noprof+0x367/0x400 [ 133.696287][ T5376] ___neigh_create+0x152b/0x2ac0 [ 133.701244][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 133.706483][ T5376] ip6_finish_output+0x3f9/0x1300 [ 133.711544][ T5376] ip6_output+0x1f8/0x540 [ 133.715918][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 133.720719][ T5376] ndisc_send_ns+0xc7/0x150 [ 133.725263][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 133.730320][ T5376] process_one_work+0x9c8/0x1b40 [ 133.735307][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 133.741641][ T5376] free_unref_page+0x64a/0xe40 [ 133.746451][ T5376] __put_partials+0x14c/0x170 [ 133.751163][ T5376] qlist_free_all+0x4e/0x140 [ 133.755781][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 133.761271][ T5376] __kasan_slab_alloc+0x69/0x90 [ 133.766159][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 133.772090][ T5376] __alloc_skb+0x2b1/0x380 [ 133.776548][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 133.781948][ T5376] netlink_sendmsg+0x689/0xd70 [ 133.786738][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 133.791528][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 133.796246][ T5376] __sys_sendmsg+0x117/0x1f0 [ 133.800876][ T5376] do_syscall_64+0xcd/0x250 [ 133.805419][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.811335][ T5376] [ 133.813660][ T5376] Memory state around the buggy address: [ 133.819293][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 133.827368][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 133.835443][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.843516][ T5376] ^ [ 133.848898][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.856973][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 133.865043][ T5376] ================================================================== [ 133.935576][ T5376] ================================================================== [ 133.943662][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 133.951331][ T5376] Read of size 2 at addr ffff88805ffe322a by task syz.3.17/5376 [ 133.958986][ T5376] [ 133.961329][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 133.971611][ T5376] Tainted: [B]=BAD_PAGE [ 133.975776][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 133.985852][ T5376] Call Trace: [ 133.989158][ T5376] [ 133.992108][ T5376] dump_stack_lvl+0x116/0x1f0 [ 133.996832][ T5376] print_report+0xc3/0x620 [ 134.001301][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.006981][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.012661][ T5376] ? __phys_addr+0xc6/0x150 [ 134.017213][ T5376] kasan_report+0xd9/0x110 [ 134.021683][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 134.026634][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 134.031591][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 134.036375][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 134.041335][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 134.046822][ T5376] ? putname+0x12e/0x170 [ 134.051115][ T5376] ? kasan_save_stack+0x42/0x60 [ 134.055988][ T5376] ? kasan_save_stack+0x33/0x60 [ 134.060859][ T5376] ? kasan_save_track+0x14/0x30 [ 134.065732][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 134.070512][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 134.076028][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.081693][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 134.086294][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.091944][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 134.097426][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 134.102917][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 134.108425][ T5376] vfs_listxattr+0xba/0x140 [ 134.112990][ T5376] listxattr+0x69/0x190 [ 134.117208][ T5376] path_listxattr+0xc0/0x160 [ 134.121858][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 134.127091][ T5376] do_syscall_64+0xcd/0x250 [ 134.131649][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.137553][ T5376] RIP: 0033:0x7fcbfc979e79 [ 134.141973][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.161589][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 134.170010][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 134.177993][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 134.185971][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 134.193953][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.201942][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 134.209928][ T5376] [ 134.212955][ T5376] [ 134.215291][ T5376] Allocated by task 5376: [ 134.219630][ T5376] kasan_save_stack+0x33/0x60 [ 134.224343][ T5376] kasan_save_track+0x14/0x30 [ 134.229036][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 134.233648][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 134.238541][ T5376] hfsplus_find_init+0x95/0x1f0 [ 134.243406][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 134.248375][ T5376] vfs_listxattr+0xba/0x140 [ 134.252910][ T5376] listxattr+0x69/0x190 [ 134.257112][ T5376] path_listxattr+0xc0/0x160 [ 134.261728][ T5376] do_syscall_64+0xcd/0x250 [ 134.266256][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.272158][ T5376] [ 134.274483][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 134.274483][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 134.288555][ T5376] The buggy address is located 18 bytes to the right of [ 134.288555][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 134.303153][ T5376] [ 134.305480][ T5376] The buggy address belongs to the physical page: [ 134.311881][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 134.320644][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 134.329157][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 134.336718][ T5376] page_type: 0xfdffffff(slab) [ 134.341401][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 134.349990][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 134.358580][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 134.367260][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 134.375940][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 134.384617][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 134.393292][ T5376] page dumped because: kasan: bad access detected [ 134.399710][ T5376] page_owner tracks the page as allocated [ 134.405417][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 134.426097][ T5376] post_alloc_hook+0x2d1/0x350 [ 134.430899][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 134.436476][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 134.441806][ T5376] alloc_slab_page+0x4e/0xf0 [ 134.446418][ T5376] new_slab+0x84/0x260 [ 134.450502][ T5376] ___slab_alloc+0xdac/0x1870 [ 134.455202][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 134.460615][ T5376] __kmalloc_noprof+0x367/0x400 [ 134.465484][ T5376] ___neigh_create+0x152b/0x2ac0 [ 134.470431][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 134.475659][ T5376] ip6_finish_output+0x3f9/0x1300 [ 134.480731][ T5376] ip6_output+0x1f8/0x540 [ 134.485083][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 134.489897][ T5376] ndisc_send_ns+0xc7/0x150 [ 134.494429][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 134.499493][ T5376] process_one_work+0x9c8/0x1b40 [ 134.504456][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 134.510778][ T5376] free_unref_page+0x64a/0xe40 [ 134.515568][ T5376] __put_partials+0x14c/0x170 [ 134.520279][ T5376] qlist_free_all+0x4e/0x140 [ 134.524897][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 134.530374][ T5376] __kasan_slab_alloc+0x69/0x90 [ 134.535250][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 134.541184][ T5376] __alloc_skb+0x2b1/0x380 [ 134.545630][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 134.551037][ T5376] netlink_sendmsg+0x689/0xd70 [ 134.555813][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 134.560597][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 134.565322][ T5376] __sys_sendmsg+0x117/0x1f0 [ 134.569938][ T5376] do_syscall_64+0xcd/0x250 [ 134.574470][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.580395][ T5376] [ 134.582714][ T5376] Memory state around the buggy address: [ 134.588348][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 134.596431][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 134.604495][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 134.612552][ T5376] ^ [ 134.617916][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 134.625978][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 134.634058][ T5376] ================================================================== [ 134.684181][ T5376] ================================================================== [ 134.692290][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 134.699932][ T5376] Read of size 2 at addr ffff88805ffe322c by task syz.3.17/5376 [ 134.707590][ T5376] [ 134.709919][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 134.720181][ T5376] Tainted: [B]=BAD_PAGE [ 134.724345][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 134.734410][ T5376] Call Trace: [ 134.737700][ T5376] [ 134.740634][ T5376] dump_stack_lvl+0x116/0x1f0 [ 134.745326][ T5376] print_report+0xc3/0x620 [ 134.749765][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.755428][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.761105][ T5376] ? __phys_addr+0xc6/0x150 [ 134.765662][ T5376] kasan_report+0xd9/0x110 [ 134.770128][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 134.775087][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 134.780066][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 134.784867][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 134.789849][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 134.795341][ T5376] ? putname+0x12e/0x170 [ 134.799624][ T5376] ? kasan_save_stack+0x42/0x60 [ 134.804507][ T5376] ? kasan_save_stack+0x33/0x60 [ 134.809389][ T5376] ? kasan_save_track+0x14/0x30 [ 134.814275][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 134.819071][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 134.824608][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.830270][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 134.834888][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 134.840550][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 134.846048][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 134.851547][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 134.857036][ T5376] vfs_listxattr+0xba/0x140 [ 134.861584][ T5376] listxattr+0x69/0x190 [ 134.865789][ T5376] path_listxattr+0xc0/0x160 [ 134.870432][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 134.875685][ T5376] do_syscall_64+0xcd/0x250 [ 134.880235][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.886155][ T5376] RIP: 0033:0x7fcbfc979e79 [ 134.890586][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.910219][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 134.918657][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 134.926646][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 134.934633][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 134.942618][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 134.950604][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 134.958603][ T5376] [ 134.961628][ T5376] [ 134.963953][ T5376] Allocated by task 5376: [ 134.968289][ T5376] kasan_save_stack+0x33/0x60 [ 134.973010][ T5376] kasan_save_track+0x14/0x30 [ 134.977729][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 134.982349][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 134.987233][ T5376] hfsplus_find_init+0x95/0x1f0 [ 134.992099][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 134.997063][ T5376] vfs_listxattr+0xba/0x140 [ 135.001609][ T5376] listxattr+0x69/0x190 [ 135.005802][ T5376] path_listxattr+0xc0/0x160 [ 135.010435][ T5376] do_syscall_64+0xcd/0x250 [ 135.014976][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.020891][ T5376] [ 135.023216][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 135.023216][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 135.037281][ T5376] The buggy address is located 20 bytes to the right of [ 135.037281][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 135.051878][ T5376] [ 135.054206][ T5376] The buggy address belongs to the physical page: [ 135.060616][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 135.069392][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 135.077918][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 135.085477][ T5376] page_type: 0xfdffffff(slab) [ 135.090173][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 135.098778][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 135.107384][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 135.116076][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 135.124766][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 135.133455][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 135.142130][ T5376] page dumped because: kasan: bad access detected [ 135.148544][ T5376] page_owner tracks the page as allocated [ 135.154260][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 135.174960][ T5376] post_alloc_hook+0x2d1/0x350 [ 135.179765][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 135.185352][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 135.190674][ T5376] alloc_slab_page+0x4e/0xf0 [ 135.195285][ T5376] new_slab+0x84/0x260 [ 135.199385][ T5376] ___slab_alloc+0xdac/0x1870 [ 135.204093][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 135.209498][ T5376] __kmalloc_noprof+0x367/0x400 [ 135.214380][ T5376] ___neigh_create+0x152b/0x2ac0 [ 135.219341][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 135.224576][ T5376] ip6_finish_output+0x3f9/0x1300 [ 135.229637][ T5376] ip6_output+0x1f8/0x540 [ 135.234002][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 135.238803][ T5376] ndisc_send_ns+0xc7/0x150 [ 135.243351][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 135.248409][ T5376] process_one_work+0x9c8/0x1b40 [ 135.253395][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 135.259724][ T5376] free_unref_page+0x64a/0xe40 [ 135.264520][ T5376] __put_partials+0x14c/0x170 [ 135.269227][ T5376] qlist_free_all+0x4e/0x140 [ 135.273846][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 135.279344][ T5376] __kasan_slab_alloc+0x69/0x90 [ 135.284231][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 135.290161][ T5376] __alloc_skb+0x2b1/0x380 [ 135.294618][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 135.300016][ T5376] netlink_sendmsg+0x689/0xd70 [ 135.304805][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 135.309594][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 135.314316][ T5376] __sys_sendmsg+0x117/0x1f0 [ 135.318949][ T5376] do_syscall_64+0xcd/0x250 [ 135.323493][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.329407][ T5376] [ 135.331733][ T5376] Memory state around the buggy address: [ 135.337365][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.345438][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 135.353510][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.361577][ T5376] ^ [ 135.366949][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.375109][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 135.383182][ T5376] ================================================================== [ 135.417128][ T5376] ================================================================== [ 135.425209][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 135.432879][ T5376] Read of size 2 at addr ffff88805ffe322e by task syz.3.17/5376 [ 135.440532][ T5376] [ 135.442858][ T5376] CPU: 0 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 135.453147][ T5376] Tainted: [B]=BAD_PAGE [ 135.457328][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 135.467384][ T5376] Call Trace: [ 135.470659][ T5376] [ 135.473597][ T5376] dump_stack_lvl+0x116/0x1f0 [ 135.478310][ T5376] print_report+0xc3/0x620 [ 135.482750][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.488399][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.494049][ T5376] ? __phys_addr+0xc6/0x150 [ 135.498567][ T5376] kasan_report+0xd9/0x110 [ 135.503011][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 135.507981][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 135.512943][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 135.517745][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 135.522703][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 135.528181][ T5376] ? putname+0x12e/0x170 [ 135.532445][ T5376] ? kasan_save_stack+0x42/0x60 [ 135.537315][ T5376] ? kasan_save_stack+0x33/0x60 [ 135.542180][ T5376] ? kasan_save_track+0x14/0x30 [ 135.547048][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 135.551825][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 135.557355][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.563013][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 135.567632][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 135.573288][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 135.578788][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 135.584276][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 135.589772][ T5376] vfs_listxattr+0xba/0x140 [ 135.594393][ T5376] listxattr+0x69/0x190 [ 135.598572][ T5376] path_listxattr+0xc0/0x160 [ 135.603194][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 135.608448][ T5376] do_syscall_64+0xcd/0x250 [ 135.612987][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.618909][ T5376] RIP: 0033:0x7fcbfc979e79 [ 135.623333][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.642977][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 135.651422][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 135.659421][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 135.667395][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 135.675371][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 135.683356][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 135.691357][ T5376] [ 135.694380][ T5376] [ 135.696694][ T5376] Allocated by task 5376: [ 135.701010][ T5376] kasan_save_stack+0x33/0x60 [ 135.705702][ T5376] kasan_save_track+0x14/0x30 [ 135.710392][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 135.715005][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 135.719902][ T5376] hfsplus_find_init+0x95/0x1f0 [ 135.724764][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 135.729709][ T5376] vfs_listxattr+0xba/0x140 [ 135.734252][ T5376] listxattr+0x69/0x190 [ 135.738428][ T5376] path_listxattr+0xc0/0x160 [ 135.743046][ T5376] do_syscall_64+0xcd/0x250 [ 135.747599][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.753524][ T5376] [ 135.755851][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 135.755851][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 135.769909][ T5376] The buggy address is located 22 bytes to the right of [ 135.769909][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 135.784585][ T5376] [ 135.786919][ T5376] The buggy address belongs to the physical page: [ 135.793342][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 135.802125][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 135.810623][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 135.818169][ T5376] page_type: 0xfdffffff(slab) [ 135.822846][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 135.831443][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 135.840033][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 135.848709][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 135.857398][ T5376] head: 00fff00000000003 ffffea00017ff801 ffffffffffffffff 0000000000000000 [ 135.866090][ T5376] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 135.874776][ T5376] page dumped because: kasan: bad access detected [ 135.881192][ T5376] page_owner tracks the page as allocated [ 135.886900][ T5376] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 958, tgid 958 (kworker/u8:5), ts 126521113075, free_ts 126480172201 [ 135.907579][ T5376] post_alloc_hook+0x2d1/0x350 [ 135.912358][ T5376] get_page_from_freelist+0x1351/0x2e50 [ 135.917923][ T5376] __alloc_pages_noprof+0x22b/0x2460 [ 135.923237][ T5376] alloc_slab_page+0x4e/0xf0 [ 135.927848][ T5376] new_slab+0x84/0x260 [ 135.931931][ T5376] ___slab_alloc+0xdac/0x1870 [ 135.936620][ T5376] __slab_alloc.constprop.0+0x56/0xb0 [ 135.942004][ T5376] __kmalloc_noprof+0x367/0x400 [ 135.946872][ T5376] ___neigh_create+0x152b/0x2ac0 [ 135.951817][ T5376] ip6_finish_output2+0x11b3/0x1a50 [ 135.957037][ T5376] ip6_finish_output+0x3f9/0x1300 [ 135.962079][ T5376] ip6_output+0x1f8/0x540 [ 135.966435][ T5376] ndisc_send_skb+0xa2d/0x1c30 [ 135.971241][ T5376] ndisc_send_ns+0xc7/0x150 [ 135.975769][ T5376] addrconf_dad_work+0xc80/0x14d0 [ 135.980811][ T5376] process_one_work+0x9c8/0x1b40 [ 135.985771][ T5376] page last free pid 4675 tgid 4675 stack trace: [ 135.992098][ T5376] free_unref_page+0x64a/0xe40 [ 135.996906][ T5376] __put_partials+0x14c/0x170 [ 136.001593][ T5376] qlist_free_all+0x4e/0x140 [ 136.006194][ T5376] kasan_quarantine_reduce+0x192/0x1e0 [ 136.011665][ T5376] __kasan_slab_alloc+0x69/0x90 [ 136.016534][ T5376] kmem_cache_alloc_node_noprof+0x153/0x310 [ 136.022442][ T5376] __alloc_skb+0x2b1/0x380 [ 136.026877][ T5376] netlink_alloc_large_skb+0x69/0x130 [ 136.032261][ T5376] netlink_sendmsg+0x689/0xd70 [ 136.037044][ T5376] ____sys_sendmsg+0xab8/0xc90 [ 136.041849][ T5376] ___sys_sendmsg+0x135/0x1e0 [ 136.046551][ T5376] __sys_sendmsg+0x117/0x1f0 [ 136.051162][ T5376] do_syscall_64+0xcd/0x250 [ 136.055684][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.061580][ T5376] [ 136.063907][ T5376] Memory state around the buggy address: [ 136.069539][ T5376] ffff88805ffe3100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.077606][ T5376] ffff88805ffe3180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 136.085675][ T5376] >ffff88805ffe3200: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 136.093752][ T5376] ^ [ 136.099128][ T5376] ffff88805ffe3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 136.107193][ T5376] ffff88805ffe3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 136.115258][ T5376] ================================================================== [ 136.126658][ T5376] ================================================================== [ 136.134744][ T5376] BUG: KASAN: slab-out-of-bounds in hfsplus_uni2asc+0x910/0xa20 [ 136.142411][ T5376] Read of size 2 at addr ffff88805ffe3230 by task syz.3.17/5376 [ 136.150068][ T5376] [ 136.152411][ T5376] CPU: 1 UID: 0 PID: 5376 Comm: syz.3.17 Tainted: G B 6.11.0-rc5-syzkaller #0 [ 136.162695][ T5376] Tainted: [B]=BAD_PAGE [ 136.166856][ T5376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 136.176929][ T5376] Call Trace: [ 136.180206][ T5376] [ 136.183141][ T5376] dump_stack_lvl+0x116/0x1f0 [ 136.187833][ T5376] print_report+0xc3/0x620 [ 136.192273][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.197933][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.203605][ T5376] ? __phys_addr+0xc6/0x150 [ 136.208127][ T5376] kasan_report+0xd9/0x110 [ 136.212570][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 136.217518][ T5376] ? hfsplus_uni2asc+0x910/0xa20 [ 136.222482][ T5376] hfsplus_uni2asc+0x910/0xa20 [ 136.227264][ T5376] hfsplus_listxattr+0x6e6/0xe10 [ 136.232225][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 136.237702][ T5376] ? putname+0x12e/0x170 [ 136.241968][ T5376] ? kasan_save_stack+0x42/0x60 [ 136.246854][ T5376] ? kasan_save_stack+0x33/0x60 [ 136.251724][ T5376] ? kasan_save_track+0x14/0x30 [ 136.256592][ T5376] ? __kasan_kmalloc+0xaa/0xb0 [ 136.261376][ T5376] ? __kmalloc_node_noprof+0x211/0x430 [ 136.266889][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.272536][ T5376] ? trace_kmalloc+0x2d/0xe0 [ 136.277147][ T5376] ? srso_alias_return_thunk+0x5/0xfbef5 [ 136.282814][ T5376] ? __kmalloc_node_noprof+0x22f/0x430 [ 136.288302][ T5376] ? __kvmalloc_node_noprof+0x9d/0x1a0 [ 136.293785][ T5376] ? __pfx_hfsplus_listxattr+0x10/0x10 [ 136.299268][ T5376] vfs_listxattr+0xba/0x140 [ 136.303824][ T5376] listxattr+0x69/0x190 [ 136.308008][ T5376] path_listxattr+0xc0/0x160 [ 136.312625][ T5376] ? __pfx_path_listxattr+0x10/0x10 [ 136.317863][ T5376] do_syscall_64+0xcd/0x250 [ 136.322482][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.328386][ T5376] RIP: 0033:0x7fcbfc979e79 [ 136.332807][ T5376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.352424][ T5376] RSP: 002b:00007fcbfd7a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2 [ 136.360843][ T5376] RAX: ffffffffffffffda RBX: 00007fcbfcb15f80 RCX: 00007fcbfc979e79 [ 136.368817][ T5376] RDX: 0000000000000300 RSI: 0000000000000000 RDI: 0000000020000340 [ 136.376791][ T5376] RBP: 00007fcbfc9e793e R08: 0000000000000000 R09: 0000000000000000 [ 136.384765][ T5376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.392737][ T5376] R13: 0000000000000000 R14: 00007fcbfcb15f80 R15: 00007ffe79715548 [ 136.400739][ T5376] [ 136.403772][ T5376] [ 136.406102][ T5376] Allocated by task 5376: [ 136.410434][ T5376] kasan_save_stack+0x33/0x60 [ 136.415162][ T5376] kasan_save_track+0x14/0x30 [ 136.419852][ T5376] __kasan_kmalloc+0xaa/0xb0 [ 136.424465][ T5376] __kmalloc_noprof+0x1e8/0x400 [ 136.429619][ T5376] hfsplus_find_init+0x95/0x1f0 [ 136.434492][ T5376] hfsplus_listxattr+0x46d/0xe10 [ 136.439440][ T5376] vfs_listxattr+0xba/0x140 [ 136.443963][ T5376] listxattr+0x69/0x190 [ 136.448144][ T5376] path_listxattr+0xc0/0x160 [ 136.452756][ T5376] do_syscall_64+0xcd/0x250 [ 136.457278][ T5376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.463179][ T5376] [ 136.465496][ T5376] The buggy address belongs to the object at ffff88805ffe3000 [ 136.465496][ T5376] which belongs to the cache kmalloc-1k of size 1024 [ 136.479558][ T5376] The buggy address is located 24 bytes to the right of [ 136.479558][ T5376] allocated 536-byte region [ffff88805ffe3000, ffff88805ffe3218) [ 136.494155][ T5376] [ 136.496472][ T5376] The buggy address belongs to the physical page: [ 136.502883][ T5376] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ffe0 [ 136.511663][ T5376] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 136.520164][ T5376] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 136.527708][ T5376] page_type: 0xfdffffff(slab) [ 136.532391][ T5376] raw: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 136.540980][ T5376] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 136.549571][ T5376] head: 00fff00000000040 ffff888015841dc0 dead000000000122 0000000000000000 [ 136.558257][ T5376] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000