last executing test programs: 4.578466414s ago: executing program 3 (id=32): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa8100000086dd60b79a5600442900fe8000000000000000000000000000aaff45"], 0x82) 4.273828363s ago: executing program 3 (id=35): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) pwritev(r0, &(0x7f0000000680)=[{&(0x7f0000000040)="3bbcd412fbddcefac4827866b9e29d6c90c4f63eb755b28666da77ee704b4a2f5a8a14ae7f1fa640e1784a4739fa0166d1203b1e4620e09b58343af3deda", 0x3e}], 0x1, 0x7603, 0x2c) 4.186995798s ago: executing program 3 (id=37): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 3.330235993s ago: executing program 0 (id=44): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioprio_set$pid(0x2, 0x0, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) chdir(&(0x7f0000000440)='./bus\x00') r0 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r0, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xaa, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x11}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0x7f03) 3.259038732s ago: executing program 3 (id=45): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) pwritev(r0, &(0x7f0000000680)=[{&(0x7f0000000040)="3bbcd412fbddcefac4827866b9e29d6c90c4f63eb755b28666da77ee704b4a2f5a8a14ae7f1fa640e1784a4739fa0166d1203b1e4620e09b58343af3deda", 0x3e}], 0x1, 0x7603, 0x2c) 3.183509694s ago: executing program 3 (id=46): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[@ANYBLOB="400f01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000440)=ANY=[], 0x0, 0x0}) 2.620171713s ago: executing program 2 (id=53): unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x400000000000009, 0x7ffc, 0x80000001, 0x800000010000, 0x4, 0x4002004c2, 0x0, 0x654, 0x0, 0x3ffffc, 0xfffffffffffffffd, 0x7fffffff, 0x20000000009, 0xffff, 0xfffffffffffffff7], 0x100000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.45106311s ago: executing program 0 (id=54): syz_usb_connect(0x2, 0x9a2, 0x0, 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) pwritev(r0, &(0x7f0000000680)=[{&(0x7f0000000040)="3bbcd412fbddcefac4827866b9e29d6c90c4f63eb755b28666da77ee704b4a2f5a8a14ae7f1fa640e1784a4739fa0166d1203b1e4620e09b58343af3deda", 0x3e}], 0x1, 0x7603, 0x2c) 1.767119583s ago: executing program 0 (id=55): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) write$cgroup_devices(r1, 0x0, 0x9) 1.718005698s ago: executing program 1 (id=56): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000240)) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4087, &(0x7f0000001040)=0xff7) 1.62644683s ago: executing program 1 (id=57): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40841, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa8100000086dd60b79a5600442900fe8000000000000000000000000000aaff45"], 0x82) 1.526870581s ago: executing program 2 (id=58): ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4048aecb, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(0xffffffffffffffff, &(0x7f0000000240)={@val={0x0, 0x800}, @val={0x3, 0x0, 0x0, 0x40, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x66, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @broadcast}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x4, 0xfff8, 0x66, 0x7, 0x0, 0x84, 0x4, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x3e) 1.370641397s ago: executing program 1 (id=59): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xe0000000, 0x5e4b0422, 0x3, 0xffff, 0x5, 0x9, 0x0, 0x0, 0x80, 0x80000001}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r1, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x78, 0x0, 0x80, {0xc, 0x0, 0x0, {0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0xffffffff, 0xfffffffe, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x1, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) writev(r2, &(0x7f0000000200)=[{&(0x7f00000003c0)='n', 0xfdef}], 0x1) dup3(r1, r2, 0x6700000000000000) close_range(r0, 0xffffffffffffffff, 0x0) 1.246228848s ago: executing program 2 (id=60): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0xc000, 0x1) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 1.148245334s ago: executing program 2 (id=61): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 954.59719ms ago: executing program 2 (id=62): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0xfffffffc) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x4008014) 853.657166ms ago: executing program 2 (id=63): socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000040)=0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) 776.093606ms ago: executing program 0 (id=64): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a3100000000e8010000030a01020000000000000000010000000900030073797a3200000000280004800800024000000000080001400000000514000300626174616476300000000000000000000900010073797a31000000000900010073797a31000000"], 0x25c}}, 0x0) 697.704514ms ago: executing program 0 (id=65): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, &(0x7f0000000240)) getsockopt$bt_hci(r0, 0x84, 0x80, &(0x7f0000000000)=""/4087, &(0x7f0000001040)=0xff7) 594.978787ms ago: executing program 0 (id=66): unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00') openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x400000000000009, 0x7ffc, 0x80000001, 0x800000010000, 0x4, 0x4002004c2, 0x0, 0x654, 0x0, 0x3ffffc, 0xfffffffffffffffd, 0x7fffffff, 0x20000000009, 0xffff, 0xfffffffffffffff7], 0x100000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 518.839349ms ago: executing program 1 (id=67): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r0, 0x29, 0xc8, 0x0, 0xc000000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0x2}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000ffffffffffffaaaaaaaaaaaa8100000086dd60b79a5600442900fe8000000000000000000000000000aaff45"], 0x82) 309.525385ms ago: executing program 1 (id=68): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x0, 0x800}, @val={0x3, 0x0, 0x0, 0x40, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x66, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @broadcast}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x5, 0x4, 0x1, 0x4, 0xfff8, 0x66, 0x7, 0x0, 0x84, 0x4, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x3e) 76.955797ms ago: executing program 1 (id=69): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x1) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0xc000, 0x1) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 0s ago: executing program 3 (id=70): syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$SMC_PNETID_DEL(r0, 0x0, 0x4000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.85' (ED25519) to the list of known hosts. [ 85.218471][ T5849] cgroup: Unknown subsys name 'net' [ 85.310775][ T5849] cgroup: Unknown subsys name 'cpuset' [ 85.320199][ T5849] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.969535][ T5849] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 91.194362][ T5873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.202644][ T5867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 91.224095][ T5867] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 91.231877][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.239228][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 91.240340][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.253772][ T5867] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.260967][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.262020][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.276436][ T5867] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.280201][ T5876] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.285325][ T5867] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.298427][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.299564][ T5876] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.314225][ T5876] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.314380][ T5865] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.331077][ T5876] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.344411][ T5865] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.351687][ T5181] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.361049][ T5181] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.830299][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 91.917004][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 92.065045][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.072341][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.081312][ T5860] bridge_slave_0: entered allmulticast mode [ 92.088681][ T5860] bridge_slave_0: entered promiscuous mode [ 92.101473][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.109365][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.116657][ T5860] bridge_slave_1: entered allmulticast mode [ 92.124316][ T5860] bridge_slave_1: entered promiscuous mode [ 92.148653][ T43] cfg80211: failed to load regulatory.db [ 92.181366][ T5859] chnl_net:caif_netlink_parms(): no params data found [ 92.217192][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.271422][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.347754][ T5860] team0: Port device team_slave_0 added [ 92.355150][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.362347][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.370377][ T5862] bridge_slave_0: entered allmulticast mode [ 92.378549][ T5862] bridge_slave_0: entered promiscuous mode [ 92.392858][ T5860] team0: Port device team_slave_1 added [ 92.405132][ T5861] chnl_net:caif_netlink_parms(): no params data found [ 92.417350][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.424696][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.431860][ T5862] bridge_slave_1: entered allmulticast mode [ 92.440047][ T5862] bridge_slave_1: entered promiscuous mode [ 92.529981][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.569675][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.577071][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.603074][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.618841][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.625904][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.652703][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.680778][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.690185][ T5859] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.697736][ T5859] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.705012][ T5859] bridge_slave_0: entered allmulticast mode [ 92.712416][ T5859] bridge_slave_0: entered promiscuous mode [ 92.747965][ T5859] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.755395][ T5859] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.762537][ T5859] bridge_slave_1: entered allmulticast mode [ 92.770588][ T5859] bridge_slave_1: entered promiscuous mode [ 92.844657][ T5859] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.879099][ T5862] team0: Port device team_slave_0 added [ 92.888662][ T5859] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.931440][ T5860] hsr_slave_0: entered promiscuous mode [ 92.938010][ T5860] hsr_slave_1: entered promiscuous mode [ 92.958441][ T5862] team0: Port device team_slave_1 added [ 92.996387][ T5859] team0: Port device team_slave_0 added [ 93.034357][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.041335][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.068161][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.081000][ T5859] team0: Port device team_slave_1 added [ 93.087140][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.094802][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.101971][ T5861] bridge_slave_0: entered allmulticast mode [ 93.109361][ T5861] bridge_slave_0: entered promiscuous mode [ 93.130089][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.137195][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.163224][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.187563][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.195094][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.202235][ T5861] bridge_slave_1: entered allmulticast mode [ 93.210064][ T5861] bridge_slave_1: entered promiscuous mode [ 93.301608][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.309302][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.336401][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.348238][ T5869] Bluetooth: hci3: command tx timeout [ 93.351168][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.360786][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.361149][ T5181] Bluetooth: hci0: command tx timeout [ 93.387351][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.406615][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.423605][ T5181] Bluetooth: hci2: command tx timeout [ 93.433409][ T5181] Bluetooth: hci1: command tx timeout [ 93.434297][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.549095][ T5859] hsr_slave_0: entered promiscuous mode [ 93.555612][ T5859] hsr_slave_1: entered promiscuous mode [ 93.561704][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 93.567602][ T5859] Cannot create hsr debugfs directory [ 93.592157][ T5861] team0: Port device team_slave_0 added [ 93.603727][ T5862] hsr_slave_0: entered promiscuous mode [ 93.610146][ T5862] hsr_slave_1: entered promiscuous mode [ 93.616682][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 93.622427][ T5862] Cannot create hsr debugfs directory [ 93.642399][ T5861] team0: Port device team_slave_1 added [ 93.747248][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.754374][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.780453][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.818665][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.825750][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.851756][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.009591][ T5861] hsr_slave_0: entered promiscuous mode [ 94.016969][ T5861] hsr_slave_1: entered promiscuous mode [ 94.023043][ T5861] debugfs: 'hsr0' already exists in 'hsr' [ 94.028929][ T5861] Cannot create hsr debugfs directory [ 94.151792][ T5860] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.165960][ T5860] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.195597][ T5860] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.221282][ T5860] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.328373][ T5859] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.339327][ T5859] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.376396][ T5859] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.391337][ T5859] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.458941][ T5862] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.482370][ T5862] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.492740][ T5862] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.506806][ T5862] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.622700][ T5861] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.646785][ T5861] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.657257][ T5861] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.678050][ T5861] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.699885][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.781494][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.809140][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.816628][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.840891][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.855247][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.862395][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.930708][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.942896][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.978553][ T4213] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.985701][ T4213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.022562][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.029721][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.052271][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.069591][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.076760][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.128693][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.135881][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.207756][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.313053][ T5861] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.347984][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.355292][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.407520][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.414746][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.428057][ T5869] Bluetooth: hci3: command tx timeout [ 95.435129][ T5181] Bluetooth: hci0: command tx timeout [ 95.503550][ T5181] Bluetooth: hci1: command tx timeout [ 95.509020][ T5181] Bluetooth: hci2: command tx timeout [ 95.718930][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.809913][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.826049][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.898667][ T5860] veth0_vlan: entered promiscuous mode [ 95.930961][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.941757][ T5860] veth1_vlan: entered promiscuous mode [ 95.976937][ T5859] veth0_vlan: entered promiscuous mode [ 95.989700][ T5862] veth0_vlan: entered promiscuous mode [ 96.035935][ T5859] veth1_vlan: entered promiscuous mode [ 96.068769][ T5862] veth1_vlan: entered promiscuous mode [ 96.077090][ T5861] veth0_vlan: entered promiscuous mode [ 96.087363][ T5860] veth0_macvtap: entered promiscuous mode [ 96.110089][ T5860] veth1_macvtap: entered promiscuous mode [ 96.134961][ T5861] veth1_vlan: entered promiscuous mode [ 96.162439][ T5862] veth0_macvtap: entered promiscuous mode [ 96.191181][ T5859] veth0_macvtap: entered promiscuous mode [ 96.201380][ T5862] veth1_macvtap: entered promiscuous mode [ 96.215520][ T5859] veth1_macvtap: entered promiscuous mode [ 96.229985][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.265342][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.277840][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.294462][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.323926][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.337305][ T5861] veth0_macvtap: entered promiscuous mode [ 96.348530][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.364718][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.377789][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.405654][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.415252][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.425356][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.434958][ T5861] veth1_macvtap: entered promiscuous mode [ 96.452107][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.465270][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.488442][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.533056][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.570256][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.580583][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.619271][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.630320][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.631267][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.647689][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.687782][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.698437][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.707546][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.744143][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.781854][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.795781][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.811611][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.821408][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.835486][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.861484][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.873540][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.882372][ T201] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.895671][ T201] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.984115][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.003350][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.048445][ T201] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.059603][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.085121][ T201] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.151004][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.181034][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.507313][ T5869] Bluetooth: hci3: command tx timeout [ 97.512833][ T5181] Bluetooth: hci0: command tx timeout [ 97.583569][ T5181] Bluetooth: hci2: command tx timeout [ 97.589042][ T5869] Bluetooth: hci1: command tx timeout [ 97.783696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 97.855296][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.974464][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.135017][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.156075][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.203743][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.265244][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.316887][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.326229][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.597971][ T5985] syz.3.15 uses obsolete (PF_INET,SOCK_PACKET) [ 99.017643][ T5999] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.301534][ T5976] infiniband syz1: set active [ 99.310113][ T5976] infiniband syz1: added syz_tun [ 99.329416][ T5976] syz1: qp#16 rxe_init_rq: Unable to allocate recv queue [ 99.338934][ T5976] syz1: rxe_create_qp: returned err = -12 [ 99.347576][ T5976] infiniband syz1: Couldn't create ib_mad QP1 [ 99.355526][ T5976] infiniband syz1: Couldn't open port 1 [ 99.403014][ T5976] RDS/IB: syz1: added [ 99.410983][ T5976] smc: adding ib device syz1 with port count 1 [ 99.419142][ T5976] smc: ib device syz1 port 1 has no pnetid [ 99.422688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 99.583637][ T5181] Bluetooth: hci0: command tx timeout [ 99.589143][ T5869] Bluetooth: hci3: command tx timeout [ 99.663489][ T5869] Bluetooth: hci2: command tx timeout [ 99.669034][ T5181] Bluetooth: hci1: command tx timeout [ 100.736512][ T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.907242][ T43] usb 2-1: unable to get BOS descriptor or descriptor too short [ 100.920079][ T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.931857][ T43] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 100.945755][ T43] usb 2-1: config 1 interface 1 has no altsetting 0 [ 100.956872][ T43] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 100.969040][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.977650][ T43] usb 2-1: Product: syz [ 100.982121][ T43] usb 2-1: Manufacturer: syz [ 100.987345][ T43] usb 2-1: SerialNumber: syz [ 101.224209][ T43] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 101.232880][ T43] usb 2-1: found format II with max.bitrate = 2418, frame size=7 [ 101.245510][ T43] usb 2-1: 2:1: All rates were zero [ 101.322433][ T43] usb 2-1: USB disconnect, device number 2 [ 101.994311][ T6072] fuse: Unknown parameter '0x0000000000000005' [ 102.083407][ T981] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 102.210029][ T6062] overlayfs: missing 'workdir' [ 102.254127][ T981] usb 4-1: Using ep0 maxpacket: 16 [ 102.268339][ T981] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 102.295001][ T981] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 102.325875][ T981] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 102.345932][ T981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.366654][ T981] usb 4-1: Product: syz [ 102.370870][ T981] usb 4-1: Manufacturer: syz [ 102.383034][ T981] usb 4-1: SerialNumber: syz [ 102.416371][ T981] usb 4-1: config 0 descriptor?? [ 102.436189][ T981] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 102.453398][ T981] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 103.039673][ T981] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 103.047072][ T981] em28xx 4-1:0.0: Config register raw data: 0x00 [ 103.851860][ T6112] tipc: Started in network mode [ 103.857111][ T6112] tipc: Node identity 3641cb19a188, cluster identity 4711 [ 103.865093][ T6112] tipc: Enabled bearer , priority 0 [ 103.873371][ T6112] syzkaller0: entered promiscuous mode [ 103.879008][ T6112] syzkaller0: entered allmulticast mode [ 103.891716][ T6112] tipc: Resetting bearer [ 103.899910][ T6111] tipc: Resetting bearer [ 103.911762][ T6111] tipc: Disabling bearer [ 104.215617][ T6119] netlink: 392 bytes leftover after parsing attributes in process `syz.0.64'. [ 104.719989][ T6134] syzkaller1: entered promiscuous mode [ 104.725806][ T6134] syzkaller1: entered allmulticast mode [ 104.931331][ T43] usb 4-1: USB disconnect, device number 2 [ 104.948483][ T43] em28xx 4-1:0.0: Disconnecting em28xx [ 104.975067][ T43] ================================================================== [ 104.983194][ T43] BUG: KASAN: slab-use-after-free in media_devnode_unregister+0xe2/0xf0 [ 104.991583][ T43] Read of size 4 at addr ffff88802f4ef4f0 by task kworker/1:1/43 [ 104.999346][ T43] [ 105.001721][ T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 105.001754][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.001775][ T43] Workqueue: usb_hub_wq hub_event [ 105.001827][ T43] Call Trace: [ 105.001840][ T43] [ 105.001852][ T43] dump_stack_lvl+0x189/0x250 [ 105.001895][ T43] ? rcu_is_watching+0x15/0xb0 [ 105.001927][ T43] ? __kasan_check_byte+0x12/0x40 [ 105.001958][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.001996][ T43] ? rcu_is_watching+0x15/0xb0 [ 105.002031][ T43] ? lock_release+0x4b/0x3e0 [ 105.002063][ T43] ? __virt_addr_valid+0x1c8/0x5c0 [ 105.002102][ T43] ? __virt_addr_valid+0x4a5/0x5c0 [ 105.002144][ T43] print_report+0xca/0x240 [ 105.002173][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 105.002207][ T43] kasan_report+0x118/0x150 [ 105.002238][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 105.002277][ T43] media_devnode_unregister+0xe2/0xf0 [ 105.002305][ T43] media_device_unregister+0x37c/0x400 [ 105.002331][ T43] ? em28xx_audio_fini+0x59/0x1b0 [ 105.002358][ T43] em28xx_release_resources+0xac/0x240 [ 105.002390][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 105.002421][ T43] usb_unbind_interface+0x26e/0x910 [ 105.002449][ T43] ? __pfx_usb_unbind_interface+0x10/0x10 [ 105.002474][ T43] device_release_driver_internal+0x4d6/0x800 [ 105.002505][ T43] bus_remove_device+0x34d/0x410 [ 105.002541][ T43] device_del+0x511/0x8e0 [ 105.002568][ T43] ? __pfx_device_del+0x10/0x10 [ 105.002590][ T43] ? kobject_put+0x446/0x480 [ 105.002625][ T43] usb_disable_device+0x3e9/0x8a0 [ 105.002651][ T43] usb_disconnect+0x330/0x950 [ 105.002686][ T43] hub_event+0x1cf5/0x4a20 [ 105.002721][ T43] ? do_raw_spin_lock+0x121/0x290 [ 105.002752][ T43] ? register_lock_class+0x51/0x320 [ 105.002781][ T43] ? __pfx_hub_event+0x10/0x10 [ 105.002808][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 105.002836][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.002862][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 105.002886][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 105.002911][ T43] process_scheduled_works+0xae1/0x17b0 [ 105.002951][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 105.002985][ T43] worker_thread+0x8a0/0xda0 [ 105.003023][ T43] kthread+0x711/0x8a0 [ 105.003054][ T43] ? __pfx_worker_thread+0x10/0x10 [ 105.003078][ T43] ? __pfx_kthread+0x10/0x10 [ 105.003107][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 105.003132][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.003159][ T43] ? __pfx_kthread+0x10/0x10 [ 105.003188][ T43] ret_from_fork+0x47c/0x820 [ 105.003214][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 105.003241][ T43] ? __switch_to_asm+0x39/0x70 [ 105.003272][ T43] ? __switch_to_asm+0x33/0x70 [ 105.003292][ T43] ? __pfx_kthread+0x10/0x10 [ 105.003322][ T43] ret_from_fork_asm+0x1a/0x30 [ 105.003353][ T43] [ 105.003360][ T43] [ 105.285479][ T43] Allocated by task 981: [ 105.289748][ T43] kasan_save_track+0x3e/0x80 [ 105.294446][ T43] __kasan_kmalloc+0x93/0xb0 [ 105.299037][ T43] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 105.304404][ T43] __media_device_register+0x58/0x280 [ 105.309785][ T43] em28xx_usb_probe+0x1764/0x2a20 [ 105.314819][ T43] usb_probe_interface+0x665/0xc30 [ 105.319933][ T43] really_probe+0x26a/0x9e0 [ 105.324443][ T43] __driver_probe_device+0x18c/0x2f0 [ 105.329730][ T43] driver_probe_device+0x4f/0x430 [ 105.334758][ T43] __device_attach_driver+0x2ce/0x530 [ 105.340139][ T43] bus_for_each_drv+0x251/0x2e0 [ 105.344998][ T43] __device_attach+0x2b8/0x400 [ 105.349770][ T43] bus_probe_device+0x185/0x260 [ 105.354628][ T43] device_add+0x7b6/0xb50 [ 105.358955][ T43] usb_set_configuration+0x1a87/0x20e0 [ 105.364420][ T43] usb_generic_driver_probe+0x8d/0x150 [ 105.369891][ T43] usb_probe_device+0x1c1/0x390 [ 105.374748][ T43] really_probe+0x26a/0x9e0 [ 105.379261][ T43] __driver_probe_device+0x18c/0x2f0 [ 105.384568][ T43] driver_probe_device+0x4f/0x430 [ 105.389640][ T43] __device_attach_driver+0x2ce/0x530 [ 105.395029][ T43] bus_for_each_drv+0x251/0x2e0 [ 105.399903][ T43] __device_attach+0x2b8/0x400 [ 105.404680][ T43] bus_probe_device+0x185/0x260 [ 105.409547][ T43] device_add+0x7b6/0xb50 [ 105.413879][ T43] usb_new_device+0xa39/0x16f0 [ 105.418652][ T43] hub_event+0x2958/0x4a20 [ 105.423072][ T43] process_scheduled_works+0xae1/0x17b0 [ 105.428625][ T43] worker_thread+0x8a0/0xda0 [ 105.433224][ T43] kthread+0x711/0x8a0 [ 105.437316][ T43] ret_from_fork+0x47c/0x820 [ 105.441906][ T43] ret_from_fork_asm+0x1a/0x30 [ 105.446675][ T43] [ 105.449002][ T43] Freed by task 43: [ 105.452801][ T43] kasan_save_track+0x3e/0x80 [ 105.457480][ T43] __kasan_save_free_info+0x46/0x50 [ 105.462682][ T43] __kasan_slab_free+0x5b/0x80 [ 105.467448][ T43] kfree+0x199/0x6d0 [ 105.471361][ T43] media_devnode_release+0x61/0xa0 [ 105.476478][ T43] device_release+0x9c/0x1c0 [ 105.481080][ T43] kobject_put+0x228/0x480 [ 105.485505][ T43] media_devnode_unregister+0x6d/0xf0 [ 105.490886][ T43] media_device_unregister+0x37c/0x400 [ 105.496347][ T43] em28xx_release_resources+0xac/0x240 [ 105.501812][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 105.507099][ T43] usb_unbind_interface+0x26e/0x910 [ 105.512302][ T43] device_release_driver_internal+0x4d6/0x800 [ 105.518371][ T43] bus_remove_device+0x34d/0x410 [ 105.523406][ T43] device_del+0x511/0x8e0 [ 105.527735][ T43] usb_disable_device+0x3e9/0x8a0 [ 105.532760][ T43] usb_disconnect+0x330/0x950 [ 105.537445][ T43] hub_event+0x1cf5/0x4a20 [ 105.541861][ T43] process_scheduled_works+0xae1/0x17b0 [ 105.547410][ T43] worker_thread+0x8a0/0xda0 [ 105.552012][ T43] kthread+0x711/0x8a0 [ 105.556088][ T43] ret_from_fork+0x47c/0x820 [ 105.560696][ T43] ret_from_fork_asm+0x1a/0x30 [ 105.565461][ T43] [ 105.567786][ T43] The buggy address belongs to the object at ffff88802f4ef000 [ 105.567786][ T43] which belongs to the cache kmalloc-2k of size 2048 [ 105.581842][ T43] The buggy address is located 1264 bytes inside of [ 105.581842][ T43] freed 2048-byte region [ffff88802f4ef000, ffff88802f4ef800) [ 105.595812][ T43] [ 105.598151][ T43] The buggy address belongs to the physical page: [ 105.604571][ T43] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f4e8 [ 105.613327][ T43] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 105.621820][ T43] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 105.629822][ T43] page_type: f5(slab) [ 105.633810][ T43] raw: 00fff00000000040 ffff88801a842000 0000000000000000 0000000000000001 [ 105.642391][ T43] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 105.650976][ T43] head: 00fff00000000040 ffff88801a842000 0000000000000000 0000000000000001 [ 105.659638][ T43] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 105.668307][ T43] head: 00fff00000000003 ffffea0000bd3a01 00000000ffffffff 00000000ffffffff [ 105.676975][ T43] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 105.685639][ T43] page dumped because: kasan: bad access detected [ 105.692065][ T43] page_owner tracks the page as allocated [ 105.697770][ T43] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5862, tgid 5862 (syz-executor), ts 92965128460, free_ts 72439114582 [ 105.719124][ T43] post_alloc_hook+0x240/0x2a0 [ 105.723891][ T43] get_page_from_freelist+0x21e4/0x22c0 [ 105.729451][ T43] __alloc_frozen_pages_noprof+0x181/0x370 [ 105.735257][ T43] alloc_pages_mpol+0x232/0x4a0 [ 105.740112][ T43] allocate_slab+0x8a/0x330 [ 105.744620][ T43] ___slab_alloc+0xbd1/0x13f0 [ 105.749316][ T43] __slab_alloc+0x55/0xa0 [ 105.753648][ T43] __kmalloc_cache_noprof+0x411/0x6f0 [ 105.759016][ T43] rtnl_newlink+0xed/0x1c70 [ 105.763523][ T43] rtnetlink_rcv_msg+0x7cc/0xb70 [ 105.768463][ T43] netlink_rcv_skb+0x205/0x470 [ 105.773233][ T43] netlink_unicast+0x82c/0x9e0 [ 105.778007][ T43] netlink_sendmsg+0x805/0xb30 [ 105.782775][ T43] __sock_sendmsg+0x21c/0x270 [ 105.787447][ T43] __sys_sendto+0x3bd/0x520 [ 105.791952][ T43] __x64_sys_sendto+0xde/0x100 [ 105.796713][ T43] page last free pid 5745 tgid 5745 stack trace: [ 105.803029][ T43] __free_frozen_pages+0xbc4/0xd30 [ 105.808138][ T43] __put_partials+0x146/0x170 [ 105.812816][ T43] put_cpu_partial+0x17c/0x250 [ 105.817590][ T43] __slab_free+0x2b9/0x390 [ 105.822011][ T43] qlist_free_all+0x97/0x140 [ 105.826605][ T43] kasan_quarantine_reduce+0x148/0x160 [ 105.832068][ T43] __kasan_slab_alloc+0x22/0x80 [ 105.836917][ T43] kmem_cache_alloc_noprof+0x367/0x6e0 [ 105.842472][ T43] __anon_vma_prepare+0xcb/0x4a0 [ 105.847413][ T43] __handle_mm_fault+0x4aff/0x5400 [ 105.852525][ T43] handle_mm_fault+0x40a/0x8e0 [ 105.857288][ T43] do_user_addr_fault+0xa81/0x1390 [ 105.862401][ T43] exc_page_fault+0x82/0x100 [ 105.867003][ T43] asm_exc_page_fault+0x26/0x30 [ 105.871878][ T43] [ 105.874201][ T43] Memory state around the buggy address: [ 105.879832][ T43] ffff88802f4ef380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.887894][ T43] ffff88802f4ef400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.895955][ T43] >ffff88802f4ef480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.904011][ T43] ^ [ 105.911721][ T43] ffff88802f4ef500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.919781][ T43] ffff88802f4ef580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.927832][ T43] ================================================================== [ 106.007644][ T6138] Zero length message leads to an empty skb [ 106.021098][ T43] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 106.028319][ T43] CPU: 1 UID: 0 PID: 43 Comm: kworker/1:1 Not tainted syzkaller #0 PREEMPT(full) [ 106.037521][ T43] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 106.047586][ T43] Workqueue: usb_hub_wq hub_event [ 106.052619][ T43] Call Trace: [ 106.055897][ T43] [ 106.058830][ T43] dump_stack_lvl+0x99/0x250 [ 106.063435][ T43] ? __asan_memcpy+0x40/0x70 [ 106.068059][ T43] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.073293][ T43] ? __pfx__printk+0x10/0x10 [ 106.077924][ T43] vpanic+0x237/0x6d0 [ 106.081931][ T43] ? __pfx_vpanic+0x10/0x10 [ 106.086453][ T43] ? preempt_schedule+0xae/0xc0 [ 106.091321][ T43] ? __pfx_preempt_schedule+0x10/0x10 [ 106.096718][ T43] panic+0xb9/0xc0 [ 106.100468][ T43] ? __pfx_panic+0x10/0x10 [ 106.104889][ T43] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 106.110796][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 106.116365][ T43] check_panic_on_warn+0x89/0xb0 [ 106.121339][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 106.126906][ T43] end_report+0x78/0x160 [ 106.131162][ T43] kasan_report+0x129/0x150 [ 106.135665][ T43] ? media_devnode_unregister+0xe2/0xf0 [ 106.141219][ T43] media_devnode_unregister+0xe2/0xf0 [ 106.146590][ T43] media_device_unregister+0x37c/0x400 [ 106.152058][ T43] ? em28xx_audio_fini+0x59/0x1b0 [ 106.157084][ T43] em28xx_release_resources+0xac/0x240 [ 106.162550][ T43] em28xx_usb_disconnect+0x19f/0x2f0 [ 106.167844][ T43] usb_unbind_interface+0x26e/0x910 [ 106.173069][ T43] ? __pfx_usb_unbind_interface+0x10/0x10 [ 106.178785][ T43] device_release_driver_internal+0x4d6/0x800 [ 106.184857][ T43] bus_remove_device+0x34d/0x410 [ 106.189822][ T43] device_del+0x511/0x8e0 [ 106.194156][ T43] ? __pfx_device_del+0x10/0x10 [ 106.199000][ T43] ? kobject_put+0x446/0x480 [ 106.203593][ T43] usb_disable_device+0x3e9/0x8a0 [ 106.208613][ T43] usb_disconnect+0x330/0x950 [ 106.213302][ T43] hub_event+0x1cf5/0x4a20 [ 106.217726][ T43] ? do_raw_spin_lock+0x121/0x290 [ 106.222754][ T43] ? register_lock_class+0x51/0x320 [ 106.227958][ T43] ? __pfx_hub_event+0x10/0x10 [ 106.232720][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 106.238449][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.243643][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 106.249362][ T43] ? process_scheduled_works+0x9ef/0x17b0 [ 106.255088][ T43] process_scheduled_works+0xae1/0x17b0 [ 106.260665][ T43] ? __pfx_process_scheduled_works+0x10/0x10 [ 106.266653][ T43] worker_thread+0x8a0/0xda0 [ 106.271264][ T43] kthread+0x711/0x8a0 [ 106.275365][ T43] ? __pfx_worker_thread+0x10/0x10 [ 106.280485][ T43] ? __pfx_kthread+0x10/0x10 [ 106.285091][ T43] ? _raw_spin_unlock_irq+0x23/0x50 [ 106.290324][ T43] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.295529][ T43] ? __pfx_kthread+0x10/0x10 [ 106.300133][ T43] ret_from_fork+0x47c/0x820 [ 106.304726][ T43] ? __pfx_ret_from_fork+0x10/0x10 [ 106.309853][ T43] ? __switch_to_asm+0x39/0x70 [ 106.314624][ T43] ? __switch_to_asm+0x33/0x70 [ 106.319409][ T43] ? __pfx_kthread+0x10/0x10 [ 106.324019][ T43] ret_from_fork_asm+0x1a/0x30 [ 106.328804][ T43] [ 106.332192][ T43] Kernel Offset: disabled [ 106.336515][ T43] Rebooting in 86400 seconds..