last executing test programs: 3.086796118s ago: executing program 2 (id=125): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x10, @local}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_dest={0x11, 0x114, 0x2, {0x1, 0x402}}], 0x18, 0x20044804}, 0x0) 2.892482315s ago: executing program 0 (id=127): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000540)={@val={0x1c, 0x800}, @val={0x1, 0x3, 0x0, 0x9, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x3f, 0x68, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x1c}, {"ef370000000000000000000000000000008de0261314f1"}}}}}, 0x4d) 2.685431291s ago: executing program 2 (id=128): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x400}) ioctl$UFFDIO_CONTINUE(r0, 0xc028aa05, &(0x7f0000000380)={{&(0x7f0000032000/0x4000)=nil, 0x4000}}) 2.540881904s ago: executing program 0 (id=130): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.465531341s ago: executing program 2 (id=131): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000019640)={0x2c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_WOL_MODES={0x4}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x15}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 2.041343936s ago: executing program 2 (id=132): r0 = epoll_create(0x9) r1 = timerfd_create(0x0, 0x80800) epoll_ctl$EPOLL_CTL_ADD(r0, 0x300, r1, &(0x7f0000000040)={0x32000000}) 1.970509344s ago: executing program 3 (id=133): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a98000000060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d657461000000001400028008000240000000020800034000000004cbbdaeb00a0001006c696d69740000001c0002800c00014000000000000000640c00024000000000000000010900010073797a30000000000900020073797a32"], 0xc0}}, 0x0) 1.735189189s ago: executing program 2 (id=134): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000030c0)=ANY=[@ANYBLOB="28000000120001000000000000000000100000000c003500000000000000000008001d"], 0x28}], 0x1}, 0x0) 1.68041672s ago: executing program 3 (id=135): sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000000d0601080000000000000000070000020500050007eb00000500010007000000050005000300000004"], 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060065580000971b0280540211"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 1.504309848s ago: executing program 2 (id=136): r0 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000040)={0x20, 0x3, 0x2, "a065"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.459104275s ago: executing program 1 (id=137): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$int_in(r0, 0x5452, &(0x7f0000000140)=0x2f) close(r0) 1.395067572s ago: executing program 3 (id=138): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000003640)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="201500000084b0"], 0x20, 0x4c004}], 0x1, 0x10) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000040)=""/44, &(0x7f0000000080)=0x2c) 1.241877062s ago: executing program 1 (id=139): r0 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) ioctl$USBDEVFS_FORBID_SUSPEND(r0, 0x5521) 1.220575284s ago: executing program 3 (id=140): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000000)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000002c0)={0x0, @bt={0x2d0, 0x191, 0x1, 0x0, 0xdd9f83, 0x1, 0x2f, 0xf3, 0x2, 0x9, 0x722, 0x6, 0x7, 0x82, 0x27, 0x38, {0x0, 0x6fd8e84b}, 0x3, 0xed}}) 1.017626209s ago: executing program 0 (id=141): r0 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00') getdents64(r0, &(0x7f0000000000)=""/35, 0x23) getdents(r0, 0xffffffffffffffff, 0x5a) 1.012070752s ago: executing program 3 (id=142): r0 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_S_MODE(r0, 0x40046109, &(0x7f0000000080)=0xf0) close(r0) 924.542084ms ago: executing program 1 (id=143): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) 676.520044ms ago: executing program 3 (id=144): r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000201c1b091c00000000000109022d00010000600009040080020300000009210804000122050009058103200009080709050203"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, &(0x7f0000000000)={0x40, 0x10, 0x24, {0x24, 0x21, "851656422e62c2cd9a9015609a26128585504c6285c5c6bfc63933ddaae93d7a522e"}}, &(0x7f0000000140)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, &(0x7f0000000080)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x4, 0xa6, 0x7, "20f824c2", "33021ad9"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2d, 0x18, 0x8, 0x1c, 0xc7, 0x0, 0x6}}}, &(0x7f0000000940)={0x84, &(0x7f0000000480)={0x40, 0x10, 0x62, "14f4adfd00d29ca8c4576d7a527ac0522e84e457f610e7da842eeb51092cb8d58b39d8bbb6a701edb19df6606753cd2c5dd18b0584b07c6bb1ed76481ebdde78ebc5c4a941a201bd55c68efe121ce38b72c05d6cbd26b0a5eeaac6f3b1d568eca3d7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 649.961736ms ago: executing program 0 (id=145): r0 = socket$nl_rdma(0x10, 0x3, 0x14) openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x48900, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000001714"], 0x38}, 0x1, 0x0, 0x0, 0xc080}, 0x20000010) 478.693962ms ago: executing program 1 (id=146): r0 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000c08d) shutdown(r0, 0x1) 348.744929ms ago: executing program 1 (id=147): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x6}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x8}]}, 0x2c}}, 0x20000010) 299.733989ms ago: executing program 0 (id=148): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), r0) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000e9fffffbdbdf2534"], 0x34}, 0x1, 0x0, 0x0, 0x24000091}, 0x812) 202.43391ms ago: executing program 1 (id=149): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_overlay={0x7, 0x2, 0x4, 0x1, 0x1, {0x77359400}, {0x4, 0x1, 0xb4, 0xff, 0x0, 0x4e, "f2b6ee03"}, 0x7, 0x3, {0x0}, 0x1}) 0s ago: executing program 0 (id=150): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x4001, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2a, 0x4, 0x0, {0x1, 0x7fff, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.13' (ED25519) to the list of known hosts. [ 98.934166][ T5805] cgroup: Unknown subsys name 'net' [ 99.048298][ T5805] cgroup: Unknown subsys name 'cpuset' [ 99.059874][ T5805] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 101.103376][ T5805] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 103.005632][ T10] cfg80211: failed to load regulatory.db [ 103.590873][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.601413][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.611259][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.622283][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.637502][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 103.677199][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 103.690554][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 103.707038][ T5823] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 103.716775][ T5823] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 103.727781][ T5823] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 103.736625][ T5823] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 103.748942][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 103.760075][ T5823] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 103.791753][ T5818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 103.803773][ T5823] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 103.825513][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 103.841621][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 103.854724][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 103.871718][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 103.880879][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 104.611638][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 104.660380][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 104.788079][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 104.929930][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 105.044833][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.055271][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.065263][ T5821] bridge_slave_0: entered allmulticast mode [ 105.076978][ T5821] bridge_slave_0: entered promiscuous mode [ 105.141457][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.150152][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.160836][ T5821] bridge_slave_1: entered allmulticast mode [ 105.170159][ T5821] bridge_slave_1: entered promiscuous mode [ 105.194680][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.203205][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.211402][ T5817] bridge_slave_0: entered allmulticast mode [ 105.220316][ T5817] bridge_slave_0: entered promiscuous mode [ 105.272672][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.281285][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.290210][ T5817] bridge_slave_1: entered allmulticast mode [ 105.302234][ T5817] bridge_slave_1: entered promiscuous mode [ 105.343034][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.352390][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.361595][ T5827] bridge_slave_0: entered allmulticast mode [ 105.372716][ T5827] bridge_slave_0: entered promiscuous mode [ 105.430129][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.450575][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.464102][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.474057][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.486053][ T5827] bridge_slave_1: entered allmulticast mode [ 105.498414][ T5827] bridge_slave_1: entered promiscuous mode [ 105.526901][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.535877][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.544534][ T5820] bridge_slave_0: entered allmulticast mode [ 105.553836][ T5820] bridge_slave_0: entered promiscuous mode [ 105.608247][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.623226][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.633589][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.643105][ T5820] bridge_slave_1: entered allmulticast mode [ 105.652832][ T5820] bridge_slave_1: entered promiscuous mode [ 105.715377][ T5824] Bluetooth: hci0: command tx timeout [ 105.737890][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.769767][ T5821] team0: Port device team_slave_0 added [ 105.783164][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.795019][ T5824] Bluetooth: hci1: command tx timeout [ 105.827086][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.844865][ T5821] team0: Port device team_slave_1 added [ 105.858526][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.875919][ T5824] Bluetooth: hci2: command tx timeout [ 105.921510][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.953960][ T5824] Bluetooth: hci3: command tx timeout [ 105.973294][ T5817] team0: Port device team_slave_0 added [ 106.022957][ T5827] team0: Port device team_slave_0 added [ 106.035732][ T5817] team0: Port device team_slave_1 added [ 106.060633][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.070218][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.107205][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.125339][ T5827] team0: Port device team_slave_1 added [ 106.152432][ T5820] team0: Port device team_slave_0 added [ 106.166100][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.176764][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.215478][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.269342][ T5820] team0: Port device team_slave_1 added [ 106.332796][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.343899][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.380064][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.427899][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.437921][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.473169][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.491132][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.501141][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.538387][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.554278][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.562436][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.596240][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.613244][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.622526][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.663372][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.681519][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.689512][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 106.726397][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.836565][ T5821] hsr_slave_0: entered promiscuous mode [ 106.846077][ T5821] hsr_slave_1: entered promiscuous mode [ 106.998364][ T5820] hsr_slave_0: entered promiscuous mode [ 107.008435][ T5820] hsr_slave_1: entered promiscuous mode [ 107.017743][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 107.024951][ T5820] Cannot create hsr debugfs directory [ 107.042269][ T5827] hsr_slave_0: entered promiscuous mode [ 107.051327][ T5827] hsr_slave_1: entered promiscuous mode [ 107.059999][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 107.067752][ T5827] Cannot create hsr debugfs directory [ 107.084992][ T5817] hsr_slave_0: entered promiscuous mode [ 107.094024][ T5817] hsr_slave_1: entered promiscuous mode [ 107.103031][ T5817] debugfs: 'hsr0' already exists in 'hsr' [ 107.109578][ T5817] Cannot create hsr debugfs directory [ 107.794607][ T5824] Bluetooth: hci0: command tx timeout [ 107.873605][ T5824] Bluetooth: hci1: command tx timeout [ 107.933138][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.953798][ T5824] Bluetooth: hci2: command tx timeout [ 107.962152][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.978975][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.994734][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.043895][ T5824] Bluetooth: hci3: command tx timeout [ 108.138781][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.160120][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.177958][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.200716][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.349810][ T5820] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 108.380313][ T5820] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 108.403055][ T5820] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 108.418751][ T5820] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.643177][ T5817] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 108.659375][ T5817] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 108.675056][ T5817] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 108.700464][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.712228][ T5817] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 108.816035][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.876838][ T3432] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.887280][ T3432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.919320][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.941998][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.953034][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.094724][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.165380][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.179795][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.189780][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.242733][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.255025][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.326632][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.365739][ T1114] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.375524][ T1114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.450667][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.461823][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.568035][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.765298][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.842168][ T721] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.851914][ T721] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.885606][ T5824] Bluetooth: hci0: command tx timeout [ 109.916993][ T721] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.926139][ T721] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.964176][ T5824] Bluetooth: hci1: command tx timeout [ 110.035621][ T5824] Bluetooth: hci2: command tx timeout [ 110.107584][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.126158][ T5824] Bluetooth: hci3: command tx timeout [ 110.418906][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.498902][ T5821] veth0_vlan: entered promiscuous mode [ 110.582104][ T5821] veth1_vlan: entered promiscuous mode [ 110.650279][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.748567][ T5827] veth0_vlan: entered promiscuous mode [ 110.802529][ T5827] veth1_vlan: entered promiscuous mode [ 110.846939][ T5821] veth0_macvtap: entered promiscuous mode [ 110.884461][ T5821] veth1_macvtap: entered promiscuous mode [ 110.902721][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.009712][ T5820] veth0_vlan: entered promiscuous mode [ 111.046144][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.070280][ T5827] veth0_macvtap: entered promiscuous mode [ 111.096064][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.118906][ T5827] veth1_macvtap: entered promiscuous mode [ 111.150457][ T5820] veth1_vlan: entered promiscuous mode [ 111.203262][ T3432] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.219599][ T3432] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.236128][ T3432] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.281296][ T3432] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.315469][ T5817] veth0_vlan: entered promiscuous mode [ 111.353189][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.410186][ T5817] veth1_vlan: entered promiscuous mode [ 111.439100][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.491886][ T5820] veth0_macvtap: entered promiscuous mode [ 111.545089][ T59] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.558427][ T59] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.581006][ T5820] veth1_macvtap: entered promiscuous mode [ 111.602117][ T59] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.616006][ T59] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.693198][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.714650][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.850882][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.867732][ T5817] veth0_macvtap: entered promiscuous mode [ 111.903231][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.916064][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.934696][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.946216][ T5817] veth1_macvtap: entered promiscuous mode [ 111.963914][ T5824] Bluetooth: hci0: command tx timeout [ 111.973914][ T721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.003595][ T721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.034300][ T5824] Bluetooth: hci1: command tx timeout [ 112.055659][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.091012][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.104525][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.118744][ T5824] Bluetooth: hci2: command tx timeout [ 112.141124][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 112.160883][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.161244][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.195004][ T5824] Bluetooth: hci3: command tx timeout [ 112.269868][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.283213][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.293785][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.345065][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.391229][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.418572][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.499494][ T721] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.782198][ T5913] netlink: 'syz.2.3': attribute type 21 has an invalid length. [ 112.798305][ T5913] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3'. [ 112.867930][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.900760][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.111143][ T3432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.141680][ T5919] program syz.0.8 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 113.157021][ T3432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.312778][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.353500][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.415569][ T721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.455847][ T721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.979396][ T5935] tipc: Started in network mode [ 113.993202][ T5935] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 114.027414][ T5935] tipc: Enabled bearer , priority 10 [ 114.862843][ T5886] kernel write not supported for file /input/event2 (pid: 5886 comm: kworker/1:5) [ 115.074401][ T5823] Bluetooth: hci3: command 0x2016 tx timeout [ 115.165425][ T5886] tipc: Node number set to 10136234 [ 116.050628][ T5998] ALSA: mixer_oss: invalid OSS volume '' [ 116.245479][ T6004] warning: `syz.0.43' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 116.289838][ T6006] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 117.096762][ T6027] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.54'. [ 117.161191][ T5823] Bluetooth: hci3: command 0x2016 tx timeout [ 117.161438][ T6026] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.54'. [ 118.474293][ T6056] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 118.979321][ T6070] binder: 6069:6070 ioctl c00c620f 200000000180 returned -22 [ 119.504258][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 119.680846][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 119.693559][ T9] usb 2-1: config 0 has no interface number 0 [ 119.709241][ T9] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 119.725959][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.739254][ T9] usb 2-1: Product: syz [ 119.746107][ T9] usb 2-1: Manufacturer: syz [ 119.752973][ T9] usb 2-1: SerialNumber: syz [ 119.783604][ T9] usb 2-1: config 0 descriptor?? [ 120.027535][ T9] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 120.075651][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 120.091922][ T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 120.105850][ T9] usb 2-1: media controller created [ 120.174818][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 120.294284][ T6091] IPVS: sync thread started: state = MASTER, mcast_ifn = wg2, syncid = 0, id = 0 [ 120.405224][ C0] workqueue function usb_giveback_urb_bh changed kcov_mode from 1073741824 to 0 [ 120.543305][ C0] workqueue function usb_giveback_urb_bh changed kcov_mode from 1073741824 to 0 [ 120.557732][ T9] usb 2-1: USB disconnect, device number 2 [ 120.987236][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.0.92'. [ 122.483579][ T5907] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.659311][ T5907] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 122.683069][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.715975][ T5907] usb 4-1: config 0 descriptor?? [ 122.741546][ T5907] gspca_main: spca508-2.14.0 probing 8086:0110 [ 122.949659][ T5907] gspca_spca508: reg_read err -32 [ 123.055096][ T6164] netlink: 8 bytes leftover after parsing attributes in process `syz.1.117'. [ 123.182634][ C0] workqueue function usb_giveback_urb_bh changed kcov_mode from 1073741824 to 0 [ 123.195683][ T5907] gspca_spca508: reg_read err -71 [ 123.209689][ T5907] gspca_spca508: reg_read err -71 [ 123.224491][ T5907] gspca_spca508: reg_read err -71 [ 123.239250][ T5907] gspca_spca508: reg write: error -71 [ 123.247992][ T5907] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 123.286596][ T5907] usb 4-1: USB disconnect, device number 2 [ 123.523985][ T5886] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 123.709661][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.770955][ T5886] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.844266][ T5886] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 123.899359][ T5886] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.978816][ T5886] usb 2-1: config 0 descriptor?? [ 124.491759][ T5886] pyra 0003:1E7D:2CF6.0001: item fetching failed at offset 5/7 [ 124.543653][ T5886] pyra 0003:1E7D:2CF6.0001: parse failed [ 124.573810][ T5886] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -22 [ 124.696658][ T5884] usb 2-1: USB disconnect, device number 3 [ 124.842438][ C1] workqueue function usb_giveback_urb_bh changed kcov_mode from 1073741824 to 0 [ 125.292683][ T6216] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 125.703637][ T5907] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 125.916353][ T5907] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 125.973725][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.012415][ T5907] usb 3-1: Product: syz [ 126.041287][ T5907] usb 3-1: Manufacturer: syz [ 126.070875][ T5907] usb 3-1: SerialNumber: syz [ 126.387194][ T6245] netlink: 40 bytes leftover after parsing attributes in process `syz.0.145'. [ 126.554890][ T5886] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 126.694901][ T6253] netlink: 32 bytes leftover after parsing attributes in process `syz.0.148'. [ 126.744141][ T5886] usb 4-1: Using ep0 maxpacket: 32 [ 126.769784][ T5886] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 126.781926][ T5907] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO [ 126.782190][ T5907] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO [ 126.786410][ T5907] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 126.854855][ T5886] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0 [ 126.899417][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0 [ 126.914930][ T5907] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 126.940818][ T5886] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00 [ 126.964544][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.976724][ T5907] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 127.008389][ T5886] usb 4-1: config 0 descriptor?? [ 127.043580][ T5907] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 127.084810][ T6259] ================================================================== [ 127.095140][ T6259] BUG: KASAN: use-after-free in fuse_copy_do+0x193/0x380 [ 127.104463][ T6259] Write of size 2 at addr ffff8880680fdfff by task syz.0.150/6259 [ 127.114743][ T6259] [ 127.117253][ T6259] CPU: 0 UID: 0 PID: 6259 Comm: syz.0.150 Tainted: G L syzkaller #0 PREEMPT(full) [ 127.117290][ T6259] Tainted: [L]=SOFTLOCKUP [ 127.117299][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 127.117323][ T6259] Call Trace: [ 127.117337][ T6259] [ 127.117347][ T6259] dump_stack_lvl+0xe8/0x150 [ 127.117381][ T6259] print_report+0xba/0x230 [ 127.117410][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.117442][ T6259] kasan_report+0x117/0x150 [ 127.117474][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.117509][ T6259] kasan_check_range+0x264/0x2c0 [ 127.117541][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.117572][ T6259] __asan_memcpy+0x40/0x70 [ 127.117598][ T6259] fuse_copy_do+0x193/0x380 [ 127.117633][ T6259] fuse_copy_folio+0xefc/0x1b00 [ 127.117664][ T6259] ? __folio_batch_add_and_move+0x78b/0xc50 [ 127.117697][ T6259] ? filemap_add_folio+0x356/0x530 [ 127.117734][ T6259] fuse_dev_do_write+0x2b9d/0x4060 [ 127.117781][ T6259] ? __pfx_fuse_dev_do_write+0x10/0x10 [ 127.117819][ T6259] ? aa_file_perm+0x192/0x15e0 [ 127.117920][ T6259] ? aa_file_perm+0x50e/0x15e0 [ 127.117954][ T6259] ? aa_file_perm+0x192/0x15e0 [ 127.117990][ T6259] ? __pfx___futex_wait+0x10/0x10 [ 127.118014][ T6259] ? __pfx_aa_file_perm+0x10/0x10 [ 127.118044][ T6259] ? __pfx_futex_wake_mark+0x10/0x10 [ 127.118074][ T6259] fuse_dev_write+0x177/0x220 [ 127.118104][ T6259] ? __pfx_fuse_dev_write+0x10/0x10 [ 127.118137][ T6259] ? bpf_lsm_file_permission+0x9/0x20 [ 127.118169][ T6259] ? security_file_permission+0x75/0x260 [ 127.118199][ T6259] vfs_write+0x61d/0xb90 [ 127.118235][ T6259] ? __pfx_vfs_write+0x10/0x10 [ 127.118270][ T6259] ? __fget_files+0x2a/0x420 [ 127.118300][ T6259] ksys_write+0x150/0x270 [ 127.118331][ T6259] ? __pfx_ksys_write+0x10/0x10 [ 127.118368][ T6259] do_syscall_64+0x14d/0xf80 [ 127.118399][ T6259] ? trace_irq_disable+0x3b/0x150 [ 127.118421][ T6259] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.118445][ T6259] ? clear_bhb_loop+0x40/0x90 [ 127.118471][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.118494][ T6259] RIP: 0033:0x7f020499c799 [ 127.118536][ T6259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.118558][ T6259] RSP: 002b:00007f02057bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 127.118589][ T6259] RAX: ffffffffffffffda RBX: 00007f0204c15fa0 RCX: 00007f020499c799 [ 127.118607][ T6259] RDX: 000000000000002a RSI: 0000200000000080 RDI: 0000000000000003 [ 127.118622][ T6259] RBP: 00007f0204a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 127.118637][ T6259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 127.118651][ T6259] R13: 00007f0204c16038 R14: 00007f0204c15fa0 R15: 00007ffef11aa578 [ 127.118679][ T6259] [ 127.118688][ T6259] [ 127.468753][ T6259] The buggy address belongs to the physical page: [ 127.476407][ T6259] page: refcount:3 mapcount:0 mapping:ffff88805b4d4f20 index:0x7 pfn:0x680fd [ 127.485531][ T6259] memcg:ffff888025a5e500 [ 127.490089][ T6259] aops:empty_aops ino:1 dentry name(?):"/" [ 127.496523][ T6259] flags: 0xfff00000000005(locked|referenced|node=0|zone=1|lastcpupid=0x7ff) [ 127.506502][ T6259] raw: 00fff00000000005 0000000000000000 dead000000000122 ffff88805b4d4f20 [ 127.515315][ T6259] raw: 0000000000000007 0000000000000000 00000003ffffffff ffff888025a5e500 [ 127.524302][ T6259] page dumped because: kasan: bad access detected [ 127.531117][ T6259] page_owner tracks the page as allocated [ 127.536960][ T6259] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 6259, tgid 6258 (syz.0.150), ts 127078047313, free_ts 127070331275 [ 127.557277][ T6259] post_alloc_hook+0x231/0x280 [ 127.562274][ T6259] get_page_from_freelist+0x23a1/0x2440 [ 127.569020][ T6259] __alloc_frozen_pages_noprof+0x18d/0x380 [ 127.575073][ T6259] alloc_pages_mpol+0x232/0x4a0 [ 127.580082][ T6259] alloc_pages_noprof+0xa8/0x190 [ 127.587080][ T6259] folio_alloc_noprof+0x1e/0x30 [ 127.593067][ T6259] filemap_alloc_folio_noprof+0x111/0x470 [ 127.598949][ T6259] __filemap_get_folio_mpol+0x3fc/0xb00 [ 127.606055][ T6259] fuse_dev_do_write+0x298b/0x4060 [ 127.611448][ T6259] fuse_dev_write+0x177/0x220 [ 127.617222][ T6259] vfs_write+0x61d/0xb90 [ 127.622000][ T6259] ksys_write+0x150/0x270 [ 127.626790][ T6259] do_syscall_64+0x14d/0xf80 [ 127.633060][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.640767][ T6259] page last free pid 6254 tgid 6254 stack trace: [ 127.649356][ T6259] free_unref_folios+0xd71/0x1530 [ 127.656290][ T6259] folios_put_refs+0x9ff/0xb40 [ 127.661656][ T6259] free_pages_and_swap_cache+0x537/0x5b0 [ 127.667983][ T6259] tlb_flush_mmu+0x6d3/0xa30 [ 127.673698][ T6259] unmap_page_range+0x3cc8/0x4930 [ 127.679680][ T6259] unmap_vmas+0x48f/0x6a0 [ 127.685604][ T6259] exit_mmap+0x280/0xa10 [ 127.690248][ T6259] __mmput+0x118/0x430 [ 127.694732][ T6259] exit_mm+0x18e/0x250 [ 127.698852][ T6259] do_exit+0x8b9/0x2580 [ 127.703224][ T6259] do_group_exit+0x21b/0x2d0 [ 127.708003][ T6259] __x64_sys_exit_group+0x3f/0x40 [ 127.713067][ T6259] x64_sys_call+0x221a/0x2240 [ 127.718683][ T6259] do_syscall_64+0x14d/0xf80 [ 127.723504][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.729620][ T6259] [ 127.733146][ T6259] Memory state around the buggy address: [ 127.740128][ T6259] ffff8880680fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.749995][ T6259] ffff8880680fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.759948][ T6259] >ffff8880680fe000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 127.770696][ T6259] ^ [ 127.779614][ T6259] ffff8880680fe080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 127.792827][ T6259] ffff8880680fe100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 127.801553][ T6259] ================================================================== [ 127.825555][ T6259] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 127.837703][ T6259] CPU: 1 UID: 0 PID: 6259 Comm: syz.0.150 Tainted: G L syzkaller #0 PREEMPT(full) [ 127.854518][ T6259] Tainted: [L]=SOFTLOCKUP [ 127.860425][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 127.872871][ T6259] Call Trace: [ 127.876820][ T6259] [ 127.879831][ T6259] vpanic+0x56c/0xa60 [ 127.884252][ T6259] ? __pfx_vpanic+0x10/0x10 [ 127.888832][ T6259] ? __pfx___schedule+0x10/0x10 [ 127.894701][ T6259] panic+0xc5/0xd0 [ 127.900185][ T6259] ? __pfx_panic+0x10/0x10 [ 127.905937][ T6259] ? preempt_schedule_thunk+0x16/0x30 [ 127.912198][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.917235][ T6259] check_panic_on_warn+0x89/0xb0 [ 127.922325][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.927059][ T6259] end_report+0x73/0x180 [ 127.931431][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.936268][ T6259] kasan_report+0x128/0x150 [ 127.940909][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.945633][ T6259] kasan_check_range+0x264/0x2c0 [ 127.950700][ T6259] ? fuse_copy_do+0x193/0x380 [ 127.955523][ T6259] __asan_memcpy+0x40/0x70 [ 127.959989][ T6259] fuse_copy_do+0x193/0x380 [ 127.964560][ T6259] fuse_copy_folio+0xefc/0x1b00 [ 127.969486][ T6259] ? __folio_batch_add_and_move+0x78b/0xc50 [ 127.975830][ T6259] ? filemap_add_folio+0x356/0x530 [ 127.981717][ T6259] fuse_dev_do_write+0x2b9d/0x4060 [ 127.987952][ T6259] ? __pfx_fuse_dev_do_write+0x10/0x10 [ 127.993488][ T6259] ? aa_file_perm+0x192/0x15e0 [ 127.998347][ T6259] ? aa_file_perm+0x50e/0x15e0 [ 128.004900][ T6259] ? aa_file_perm+0x192/0x15e0 [ 128.010020][ T6259] ? __pfx___futex_wait+0x10/0x10 [ 128.016494][ T6259] ? __pfx_aa_file_perm+0x10/0x10 [ 128.021943][ T6259] ? __pfx_futex_wake_mark+0x10/0x10 [ 128.028124][ T6259] fuse_dev_write+0x177/0x220 [ 128.035121][ T6259] ? __pfx_fuse_dev_write+0x10/0x10 [ 128.041955][ T6259] ? bpf_lsm_file_permission+0x9/0x20 [ 128.048345][ T6259] ? security_file_permission+0x75/0x260 [ 128.054455][ T6259] vfs_write+0x61d/0xb90 [ 128.059757][ T6259] ? __pfx_vfs_write+0x10/0x10 [ 128.065168][ T6259] ? __fget_files+0x2a/0x420 [ 128.070007][ T6259] ksys_write+0x150/0x270 [ 128.074837][ T6259] ? __pfx_ksys_write+0x10/0x10 [ 128.079841][ T6259] do_syscall_64+0x14d/0xf80 [ 128.086655][ T6259] ? trace_irq_disable+0x3b/0x150 [ 128.091900][ T6259] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.099667][ T6259] ? clear_bhb_loop+0x40/0x90 [ 128.106147][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.114414][ T6259] RIP: 0033:0x7f020499c799 [ 128.119326][ T6259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.146869][ T6259] RSP: 002b:00007f02057bc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 128.157592][ T6259] RAX: ffffffffffffffda RBX: 00007f0204c15fa0 RCX: 00007f020499c799 [ 128.167555][ T6259] RDX: 000000000000002a RSI: 0000200000000080 RDI: 0000000000000003 [ 128.175677][ T6259] RBP: 00007f0204a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 128.183955][ T6259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.192586][ T6259] R13: 00007f0204c16038 R14: 00007f0204c15fa0 R15: 00007ffef11aa578 [ 128.200620][ T6259] [ 128.204383][ T6259] Kernel Offset: disabled [ 128.208923][ T6259] Rebooting in 86400 seconds..