last executing test programs:

12.401525759s ago: executing program 3 (id=8341):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000940)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ac, 0x265, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000340)=""/4096, 0x1000)

10.429397962s ago: executing program 0 (id=8348):
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b)
r1 = syz_io_uring_setup(0xe58, &(0x7f00000000c0)={0x0, 0x0, 0x2}, &(0x7f0000000140), &(0x7f0000000240))
io_uring_enter(r1, 0x0, 0x0, 0xe, 0x0, 0x0)
io_uring_enter(r1, 0x0, 0x0, 0x7, 0x0, 0x0)

10.052609159s ago: executing program 5 (id=8349):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80070f, &(0x7f0000000a40)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@bsdgroups}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@errors_remount}, {@bsdgroups}, {@oldalloc}, {@oldalloc}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c")
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)={0xb8, 0x0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}]}, @IPVS_CMD_ATTR_SERVICE={0x7c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x21}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x9}}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@local}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8}]}, 0xb8}, 0x1, 0x0, 0x0, 0x821}, 0x4040800)
socket$nl_route(0x10, 0x3, 0x0)
memfd_create(&(0x7f0000000340)='\x13vkoxnet0\x00\xc4\xeb1\xa4\x17\xd5\xf2|\xad\xc8\xde\xc2\xfe\xfad\xf9\xfa\xd2 >\xb85\x1b\f\xc4\xb9\x14^\x88\xd7F0\x99\xb5B\xed\xaa\x92[\x14\xc0\x1a\x8a\x96\x0f\xa8U\xae\xbc\xa4^\x95\xc3\xc5d\x8a\x91\xaa\xfe\x98\xb8\xc7\xc5\xbeRDT`\f/,l\b\xa3\xa6\xbd\x05\xa7 K\x153\x02\x12\xc8Y\xa8\xabB\x18\xc3\b\xe7\x0ei\x98\x1e \x04\xf4\xb7\xd51\xc6\x8c\xc5\xd9.8\x1b\xec/}\xd3M\xef\xc6.\xe8\xf5>.\x9f|\xa4\vF\n\x11I&\x1e\xbd\x06\xa2\xed\x01H\x12~\x9f\x0e\xb0\xf1Y\xda\xc4i\xf8\xae\x1eC\x9bs\xf8E\xee?\xd5;\x80O\x80z\xb9\xc5\x02>\x006\xacgU\xd2\xa8l\x86\xb8\xa0\x96c\xf0\xc2\xe8a\x00\x00\x8fU\xb0\xad\x1e\xf4\x87iU:\xc0\x9c*\xf7&\xb2\xc7\xecpu{3\xd5\x11\xee\xc30=\x8ey\"\xb0\x85)\xd0\xb4\xd7@\xc7\xb6\xc61\xd7z\x02\x8cSq\xe5\x13\x8e\x158\x95\xad\x92\x8aJJ\x9d\x88D]\xc4\xcd\xa3\xe3\xc4\xbc\xd0\x83\x01\xff', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000500)={'fscrypt:', @desc1}, 0x0, 0x0, 0xfffffffffffffffd)
syz_mount_image$fuse(0x0, &(0x7f0000000440)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0, 0x0)
renameat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', r6, &(0x7f0000000140)='./file1\x00')
socket$nl_generic(0x10, 0x3, 0x10)

9.249631307s ago: executing program 4 (id=8352):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000004c0)='tlb_flush\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5}, 0x48)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

9.163934335s ago: executing program 0 (id=8353):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))

8.345279106s ago: executing program 3 (id=8354):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab4402850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='9p_protocol_dump\x00', r0}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000180)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
chdir(&(0x7f0000000040)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000006340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0)

8.34483856s ago: executing program 5 (id=8355):
syz_init_net_socket$llc(0x1a, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

8.159886607s ago: executing program 4 (id=8356):
socket$inet_sctp(0x2, 0x0, 0x84)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_sctp(0x2, 0x0, 0x84)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040), 0x10, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c854)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f00000000c0)={0x0, 0x0})
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000300)={0x2, 0x0, [{}]})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000000, 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

7.877910106s ago: executing program 0 (id=8357):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
connect$llc(r1, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000040)={&(0x7f0000000540)={0x260, r2, 0x100, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MNTR_FLAGS={0x2c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "3fad2c79c647e430c2598342e684eeb571ae38e066467eef"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c96f00bd9053fff6b9fd4d2ebd2e563890181ab52ae164e7"}], @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "b2ff383a5dc0ffea98f34b1305f465daaf7e5f02f333218d"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "25b007e2228d499dfa4c9159aa1950f875de419bb77f579f"}], @NL80211_ATTR_4ADDR={0x5}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "86ee273988305cbc66646d4a4666d53481865aa4bb2c7fb0"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "593cd6f03e665286cc2e9244b03f545a619bb8032fd0bf52"}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "242450624deacf6473e7f542f0b69724c9555ca262a354a4"}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "70699af63f78f086f6041fd6d6c06260fa0283ade3f27e19"}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "613e396aa0df95d5f8c4a85c44a64d21794e63e3d938fdf2"}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "899ff1edf7b30cdcb80fcfe1f13b58057983e1bb003284c1"}, @NL80211_ATTR_MNTR_FLAGS={0x14, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "0622a9d42c5a2d5bc66a558f57ecafb8252ba46a7087274d"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x24, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x10, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}], @NL80211_ATTR_MESH_ID={0xa}]}, 0x260}, 0x1, 0x0, 0x0, 0x8080}, 0x40084)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x5c, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xa4a2}]}, 0x5c}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$caif_seqpacket(0x25, 0x5, 0x0)
getpid()
sendmsg$unix(r8, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@rights={{0x14, 0x1, 0x1, [r7]}}, @rights={{0x14, 0x1, 0x1, [r9]}}], 0x30}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0xb}, {}]}, @void, @void, @void, @void, @void, @void}, 0x30)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
socket$pppl2tp(0x18, 0x1, 0x1)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x0, 0x0, @default, @val={0x1, 0x2, [{}, {}]}, @void}, 0x22)

7.624025998s ago: executing program 3 (id=8358):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, 0x0, 0xba9c0976e48d8feb}, 0x14}}, 0x0)

7.052159598s ago: executing program 5 (id=8360):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))

6.857321011s ago: executing program 1 (id=8361):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000006800010000000000000000000a00190000000000100008800c00038008000100", @ANYRES32, @ANYBLOB="08000500", @ANYRES32, @ANYBLOB="08001000fd"], 0x40}}, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000580)=0x3f, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000840)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func, @var]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x3d}, 0x20)
socket$packet(0x11, 0x3, 0x300)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000380)=0x80000001)
mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x20, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r8, 0x0, 0x11203}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x7}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f00000005c0)={'batadv0\x00', <r9=>0x0})
setsockopt$MRT6_DEL_MIF(r4, 0x29, 0xcb, &(0x7f0000000980)={0x0, 0x1, 0x0, r9, 0x8}, 0xc)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r10, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x14}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r10)
sendmsg$TIPC_NL_NAME_TABLE_GET(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000540), r11)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63c}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call, @map_val, @ringbuf_output, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @snprintf]}, 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

6.839554112s ago: executing program 2 (id=8362):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x2, &(0x7f0000000040)={'gre0\x00', 0x0})

6.713003704s ago: executing program 5 (id=8363):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
pwritev(r0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0)

6.65652787s ago: executing program 4 (id=8364):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000300)=""/154, 0x9a)

6.569450061s ago: executing program 2 (id=8365):
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r0 = syz_io_uring_setup(0xe58, &(0x7f00000000c0)={0x0, 0x0, 0x2}, &(0x7f0000000140), &(0x7f0000000240))
io_uring_enter(r0, 0x0, 0x0, 0xe, 0x0, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x7, 0x0, 0x0)

6.397081028s ago: executing program 4 (id=8366):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000940)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ac, 0x265, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000000340)=""/4096, 0x1000)

6.342776151s ago: executing program 5 (id=8367):
mlockall(0x1)
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_user\x00', 0x275a, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
unlinkat(0xffffffffffffffff, 0x0, 0x0)

6.241375275s ago: executing program 2 (id=8368):
io_uring_setup(0x1fc3, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$binfmt_script(r0, 0x0, 0x0)

6.219963643s ago: executing program 0 (id=8369):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))

5.876591526s ago: executing program 0 (id=8370):
mlockall(0x1)
syz_open_procfs$userns(0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events.local\x00', 0x275a, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0)

5.785183338s ago: executing program 1 (id=8371):
socket$nl_route(0x10, 0x3, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
munlockall()
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ipvlan0\x00'})
setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={@local, @local, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000240)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty}, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000010009500"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x90)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r3, 0xc1205531, &(0x7f0000000040)=""/112)
open(0x0, 0x294182, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$packet(0x11, 0x0, 0x300)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x1000}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d29863301b0b811f69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff1eec72b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a14c16837394d2b3673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fb9bec59ae347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbde0f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de14275bf4a53e95235ae13768ab3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd33570000000000000000251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c4c314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829be1827f9df303160df18597efba46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406200b3b1c321cc158dbe17123eace3000000000000000000000000000000000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b675639a26c76840cce40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c0705caae54024cf8ade6396ff44482284f415e5769d9ae8688a8d5516690aae9ce1c785262734723519b042a161e6efabf263a46ba92254a51ff6502470f3038cf6d8d991931cfd82ea97e1b596133e7754908d912d"], &(0x7f0000000340)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r5, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff290000003b0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c)
poll(&(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x4000004)
semop(0x0, 0x0, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f0000001700)="d80000001e0081064e81f782db44b9040a02080006007c09e8fe78190a0015c00200142603600e120800080024000000a80009001100014003000000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef40900d1001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)

5.048829166s ago: executing program 3 (id=8372):
syz_init_net_socket$llc(0x1a, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

4.059824797s ago: executing program 3 (id=8373):
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000006c0), 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
mlockall(0x1)
timerfd_create(0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
shmctl$SHM_STAT(0x0, 0xd, 0x0)

3.181302088s ago: executing program 5 (id=8374):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x5, &(0x7f0000000400)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xb, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x9, 0x0, &(0x7f0000000100)={0x0, 0x10}}, 0x4000040)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0xfe9, 0x41ce, 0x8001})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)

3.152587921s ago: executing program 4 (id=8375):
mlockall(0x1)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0xffffffffffffff66, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001240), 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$TIOCGICOUNT(r0, 0x545d, 0x0)
mlockall(0x0)

3.082996179s ago: executing program 1 (id=8376):
socket$inet_sctp(0x2, 0x0, 0x84)
pipe2$watch_queue(&(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_sctp(0x2, 0x0, 0x84)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040), 0x10, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x400c854)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f00000000c0)={0x0, 0x0})
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000300)={0x2, 0x0, [{}]})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
sendto$inet(r3, 0x0, 0x0, 0x20000000, 0x0, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)

2.453548739s ago: executing program 0 (id=8377):
mlockall(0x1)
write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x29, 0x0, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040), 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000), 0x4)

1.829841476s ago: executing program 2 (id=8378):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000300)=""/154, 0x9a)

1.556264768s ago: executing program 2 (id=8379):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140))
pwritev(r0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0)

1.35363522s ago: executing program 1 (id=8380):
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
r0 = syz_io_uring_setup(0xe58, &(0x7f00000000c0)={0x0, 0x0, 0x2}, &(0x7f0000000140), &(0x7f0000000240))
io_uring_enter(r0, 0x0, 0x0, 0xe, 0x0, 0x0)
io_uring_enter(r0, 0x0, 0x0, 0x7, 0x0, 0x0)

1.057459586s ago: executing program 2 (id=8381):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f00000000c0))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
read$nci(r0, 0x0, 0x2)

979.119912ms ago: executing program 1 (id=8382):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socketpair(0x18, 0x0, 0x2, &(0x7f0000000000))

514.118844ms ago: executing program 1 (id=8383):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x1}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000006800010000000000000000000a00190000000000100008800c00038008000100", @ANYRES32, @ANYBLOB="08000500", @ANYRES32, @ANYBLOB="08001000fd"], 0x40}}, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000580)=0x3f, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={&(0x7f0000000840)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@func, @var]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x3d}, 0x20)
socket$packet(0x11, 0x3, 0x300)
ioctl$FS_IOC_SETVERSION(r1, 0x40087602, &(0x7f0000000380)=0x80000001)
mmap(&(0x7f0000abb000/0x1000)=nil, 0x1000, 0x0, 0x102000200032, 0xffffffffffffffff, 0x0)
splice(0xffffffffffffffff, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x20, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r8, 0x0, 0x11203}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x7}, @IFLA_BR_STP_STATE={0x8}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f00000005c0)={'batadv0\x00', <r9=>0x0})
setsockopt$MRT6_DEL_MIF(r4, 0x29, 0xcb, &(0x7f0000000980)={0x0, 0x1, 0x0, r9, 0x8}, 0xc)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r10, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x14}}, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r10)
sendmsg$TIPC_NL_NAME_TABLE_GET(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000540), r11)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), r10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x2c, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63c}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call, @map_val, @ringbuf_output, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @snprintf]}, 0x0}, 0x90)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

305.407453ms ago: executing program 3 (id=8384):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sendmsg$NLBL_MGMT_C_LISTALL(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r1, 0xba9c0976e48d8feb}, 0x14}}, 0x0)

0s ago: executing program 4 (id=8385):
syz_init_net_socket$llc(0x1a, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x31}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet(0x2, 0x0, 0x84)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r1}, 0x38)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

s `syz.1.7712'.
[ 2418.518892][T32715] team0: Port device team_slave_0 added
[ 2418.555454][T32715] team0: Port device team_slave_1 added
[ 2418.751840][  T401] 9pnet_virtio: no channels available for device 9p
[ 2418.926623][T32715] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2418.967914][T32715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2419.059964][T32715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2419.189643][T32715] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2419.226380][T32715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2419.552184][T32715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2420.667987][T32715] hsr_slave_0: entered promiscuous mode
[ 2420.709720][T32715] hsr_slave_1: entered promiscuous mode
[ 2420.742172][T32715] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2420.761971][T32715] Cannot create hsr debugfs directory
[ 2420.769834][T32404] veth0_macvtap: entered promiscuous mode
[ 2421.028494][T28014] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 2421.055847][T32404] veth1_macvtap: entered promiscuous mode
[ 2421.258651][T28014] usb 2-1: Using ep0 maxpacket: 16
[ 2421.299519][T28014] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2421.322796][T28014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2421.342452][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2421.362886][T28014] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2421.520400][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2421.573067][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2421.629226][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2421.668584][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2421.702077][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2421.735068][T28014] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2421.744328][T28014] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2421.749149][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2421.752434][T28014] usb 2-1: Manufacturer: syz
[ 2421.772034][T28014] usb 2-1: config 0 descriptor??
[ 2421.788611][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2421.799307][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2421.810639][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2421.821260][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2421.835543][T32404] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2421.929694][  T429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2422.002242][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2422.026054][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2422.038161][  T429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2422.038834][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2422.071873][  T429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2422.075894][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2422.107396][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2422.119638][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2422.129679][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2422.140464][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2422.153139][T32404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2422.163864][T32404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2422.186987][T32404] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2422.450299][T32404] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2422.478598][T32404] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2422.487418][T32404] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2422.508509][T32404] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2423.081713][T14844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2423.108028][T14844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2423.293968][T32287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2423.327368][T32287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2423.508017][T32715] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2423.561027][T32715] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2423.613166][T32715] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2423.661314][T32715] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2423.879103][ T5083] usb 2-1: USB disconnect, device number 47
[ 2423.889346][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2425.918535][T32715] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2426.254316][   T29] audit: type=1800 audit(2000001490.439:607): pid=483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7736" name="bus" dev="sda1" ino=2116 res=0 errno=0
[ 2426.415033][T32715] 8021q: adding VLAN 0 to HW filter on device team0
[ 2426.458458][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2426.481474][   T29] audit: type=1800 audit(2000001490.599:608): pid=484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.7736" name="bus" dev="sda1" ino=2116 res=0 errno=0
[ 2426.587936][T28014] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2426.595799][T28014] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2426.640559][T28014] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2426.648012][T28014] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2427.094278][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2427.368564][  T495] bridge0: entered allmulticast mode
[ 2427.403756][  T495] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2427.412567][  T495] bridge0: port 2(bridge_slave_1) entered listening state
[ 2427.421095][  T495] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2427.428563][  T495] bridge0: port 1(bridge_slave_0) entered listening state
[ 2427.453572][  T495] bridge0: entered promiscuous mode
[ 2428.079015][ T5158] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 2428.272025][T32715] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2428.299058][ T5158] usb 4-1: Using ep0 maxpacket: 16
[ 2428.315833][ T5158] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2428.345696][ T5158] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2428.385202][ T5158] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2428.421864][ T5158] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2428.444836][ T5158] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2428.491389][ T5158] usb 4-1: Manufacturer: syz
[ 2428.563046][ T5158] usb 4-1: config 0 descriptor??
[ 2429.649002][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2430.584017][T32715] veth0_vlan: entered promiscuous mode
[ 2430.709157][T32715] veth1_vlan: entered promiscuous mode
[ 2430.888349][T29936] usb 4-1: USB disconnect, device number 35
[ 2430.971697][T32715] veth0_macvtap: entered promiscuous mode
[ 2431.024542][T32715] veth1_macvtap: entered promiscuous mode
[ 2431.244953][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.297925][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2431.336614][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.365822][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2431.392372][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.458650][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2431.499415][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.528487][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2431.829026][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.869173][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2431.907713][   T29] audit: type=1804 audit(2000001496.119:609): pid=543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.7754" name="/root/syzkaller.wUdyoI/199/cgroup.controllers" dev="sda1" ino=2109 res=1 errno=0
[ 2431.917064][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2431.998667][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.039931][T32715] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2432.187049][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.248516][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.278507][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.310421][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.350093][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.485300][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.555916][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.608486][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.618364][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.690480][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.737638][T32715] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2432.778390][T32715] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2432.802814][T32715] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2432.839771][  T550] bridge0: entered allmulticast mode
[ 2432.846497][  T553] bridge0: port 3(team0) entered blocking state
[ 2432.853177][  T553] bridge0: port 3(team0) entered listening state
[ 2432.860057][  T553] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2432.867336][  T553] bridge0: port 2(bridge_slave_1) entered listening state
[ 2432.875055][  T553] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2432.882419][  T553] bridge0: port 1(bridge_slave_0) entered listening state
[ 2432.895173][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2432.940411][  T553] bridge0: entered promiscuous mode
[ 2433.320551][T32715] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2433.329478][T32715] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2433.339314][T32715] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2433.348107][T32715] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2433.617468][   T29] audit: type=1804 audit(2000001497.819:610): pid=563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.7760" name="/root/syzkaller.yahtRy/976/file0" dev="sda1" ino=2072 res=1 errno=0
[ 2434.206605][  T565] loop1: detected capacity change from 0 to 2048
[ 2434.346629][  T565] GPT:first_usable_lbas don't match.
[ 2434.388782][  T565] GPT:34 != 290
[ 2434.395403][  T565] GPT: Use GNU Parted to correct GPT errors.
[ 2434.405528][ T3324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2434.423303][   T45] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 2434.431533][  T565]  loop1: p1 p2 p3
[ 2434.441689][ T3324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2434.538156][  T569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7764'.
[ 2434.599664][T14693] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2434.621102][   T45] usb 4-1: Using ep0 maxpacket: 16
[ 2434.643873][T14693] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2434.648587][   T45] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2434.730612][   T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2434.778246][   T45] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2434.851060][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2434.887978][   T45] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2434.941800][   T45] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2434.985181][   T45] usb 4-1: Manufacturer: syz
[ 2435.061159][   T45] usb 4-1: config 0 descriptor??
[ 2435.106861][   T29] audit: type=1804 audit(2000001499.319:611): pid=584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.7767" name="/root/syzkaller.wUdyoI/203/cgroup.controllers" dev="sda1" ino=2115 res=1 errno=0
[ 2435.131794][  T589] loop2: detected capacity change from 0 to 256
[ 2435.913224][  T607] bridge0: entered allmulticast mode
[ 2436.068097][ T5162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2436.079041][  T607] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2436.086392][  T607] bridge0: port 2(bridge_slave_1) entered listening state
[ 2436.094041][  T607] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2436.101415][  T607] bridge0: port 1(bridge_slave_0) entered listening state
[ 2436.128591][  T607] bridge0: entered promiscuous mode
[ 2436.684518][  T620] netlink: 68 bytes leftover after parsing attributes in process `syz.4.7779'.
[ 2436.697106][  T620] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7779'.
[ 2436.699769][ T5162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2437.311764][ T5158] usb 4-1: USB disconnect, device number 36
[ 2437.406145][  T622] loop1: detected capacity change from 0 to 2048
[ 2437.566407][  T622] GPT:first_usable_lbas don't match.
[ 2437.618524][  T622] GPT:34 != 290
[ 2437.622054][  T622] GPT: Use GNU Parted to correct GPT errors.
[ 2437.628252][  T622]  loop1: p1 p2 p3
[ 2437.658367][  T629] netlink: 16 bytes leftover after parsing attributes in process `syz.5.7781'.
[ 2437.868581][ T5162] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 2437.879722][   T29] audit: type=1804 audit(2000001502.089:612): pid=628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.7782" name="/root/syzkaller.qm0pJE/230/file0" dev="sda1" ino=2118 res=1 errno=0
[ 2438.088752][ T5162] usb 5-1: Using ep0 maxpacket: 16
[ 2438.106235][ T5162] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2438.168437][ T5162] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2438.209169][ T5162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2438.241212][ T5162] usb 5-1: config 0 descriptor??
[ 2438.267822][ T5162] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 2438.469582][  T645] loop1: detected capacity change from 0 to 512
[ 2438.505598][   T45] usb 5-1: USB disconnect, device number 34
[ 2438.542689][  T645] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 2439.040360][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2439.094201][  T645] EXT4-fs (loop1): 1 orphan inode deleted
[ 2439.100298][  T645] EXT4-fs (loop1): 1 truncate cleaned up
[ 2439.128159][  T645] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 2439.597997][T28733] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2440.498799][ T5162] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 2440.532394][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2440.793825][ T5162] usb 2-1: Using ep0 maxpacket: 16
[ 2440.812653][ T5162] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2440.866343][ T5162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2440.898138][ T5162] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2440.929713][ T5162] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2440.963816][ T5162] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2440.989330][ T5162] usb 2-1: Manufacturer: syz
[ 2441.029182][ T5162] usb 2-1: config 0 descriptor??
[ 2441.152838][T27776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2441.175012][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2441.195117][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2441.209737][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2441.223017][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2441.232246][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2441.885778][T32299] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2441.954883][  T684] netlink: 160 bytes leftover after parsing attributes in process `syz.2.7800'.
[ 2442.156493][T32299] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.348572][T23818] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[ 2442.419873][T32299] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.453441][    C0] bridge0: port 1(bridge_slave_0) entered learning state
[ 2442.462447][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[ 2442.550914][T23818] usb 6-1: Using ep0 maxpacket: 16
[ 2442.563624][T23818] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2442.602438][T23818] usb 6-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2442.660037][T23818] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2442.706892][T23818] usb 6-1: config 0 descriptor??
[ 2442.741920][T32299] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2442.745117][T23818] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[ 2442.977328][T23818] usb 6-1: USB disconnect, device number 62
[ 2443.089518][   T53] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 2443.104937][   T53] Bluetooth: hci5: Injecting HCI hardware error event
[ 2443.120364][T27826] Bluetooth: hci5: hardware error 0x00
[ 2443.328753][   T53] Bluetooth: hci0: command tx timeout
[ 2443.452001][T28014] usb 2-1: USB disconnect, device number 48
[ 2444.130879][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2444.212850][  T710] tipc: Started in network mode
[ 2444.217859][  T710] tipc: Node identity ac14140f, cluster identity 4711
[ 2444.231667][  T710] tipc: Enabled bearer <udp:syz2>, priority 10
[ 2444.526522][T32299] team0: left allmulticast mode
[ 2444.567941][T32299] team_slave_0: left allmulticast mode
[ 2444.606394][T32299] team_slave_1: left allmulticast mode
[ 2444.639121][T32299] team0: left promiscuous mode
[ 2444.658465][T32299] team_slave_0: left promiscuous mode
[ 2444.673295][T32299] team_slave_1: left promiscuous mode
[ 2444.689450][T32299] bridge0: port 3(team0) entered disabled state
[ 2444.709391][   T29] audit: type=1804 audit(2000001508.919:613): pid=725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.7812" name="/root/syzkaller.ejQfbP/13/cgroup.controllers" dev="sda1" ino=2119 res=1 errno=0
[ 2444.782724][T32299] bridge_slave_1: left allmulticast mode
[ 2444.798641][T32299] bridge_slave_1: left promiscuous mode
[ 2444.839636][T32299] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2444.936954][T32299] bridge_slave_0: left allmulticast mode
[ 2444.971942][T32299] bridge_slave_0: left promiscuous mode
[ 2445.012941][T32299] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2445.111082][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 2445.358822][ T5158] tipc: Node number set to 2886997007
[ 2445.409144][   T53] Bluetooth: hci0: command tx timeout
[ 2445.414869][T27826] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 2445.855572][ T5162] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2446.296754][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2446.862855][  T759] netlink: 'syz.0.7825': attribute type 9 has an invalid length.
[ 2447.489012][T27826] Bluetooth: hci0: command tx timeout
[ 2449.290006][T32299] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2449.369834][T32299] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2449.490422][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2449.502862][T32299] bond0 (unregistering): Released all slaves
[ 2449.579145][T27826] Bluetooth: hci0: command tx timeout
[ 2449.717692][  T681] chnl_net:caif_netlink_parms(): no params data found
[ 2449.828015][T32299] tipc: Disabling bearer <eth:vlan0>
[ 2449.902069][T32299] tipc: Left network mode
[ 2450.749140][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 2451.168880][  T681] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2451.209575][  T681] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2451.238998][  T681] bridge_slave_0: entered allmulticast mode
[ 2451.263398][  T681] bridge_slave_0: entered promiscuous mode
[ 2451.373945][  T681] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2451.409119][    C1] bridge0: port 1(bridge_slave_0) entered learning state
[ 2451.416557][    C1] bridge0: port 2(bridge_slave_1) entered learning state
[ 2451.427577][  T681] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2451.447435][  T681] bridge_slave_1: entered allmulticast mode
[ 2451.469962][  T681] bridge_slave_1: entered promiscuous mode
[ 2451.854418][T32299] hsr_slave_0: left promiscuous mode
[ 2451.863001][  T806] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7838'.
[ 2451.974028][T32299] hsr_slave_1: left promiscuous mode
[ 2452.062612][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2452.311647][T32299] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2452.426426][T32299] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2452.498818][T32299] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2452.559503][T32299] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2452.841789][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 2452.883222][T32299] veth1_macvtap: left promiscuous mode
[ 2452.899606][T32299] veth0_macvtap: left promiscuous mode
[ 2452.905558][T32299] veth1_vlan: left promiscuous mode
[ 2452.955871][T32299] veth0_vlan: left promiscuous mode
[ 2453.448490][  T820] netlink: 'syz.4.7841': attribute type 9 has an invalid length.
[ 2453.986717][  T822] loop2: detected capacity change from 0 to 2048
[ 2454.045177][  T822]  loop2: p1 < > p4
[ 2454.051550][  T822] loop2: p4 size 8388608 extends beyond EOD, truncated
[ 2454.161985][  T822] __loop_clr_fd: partition scan of loop2 failed (rc=-16)
[ 2454.229563][  T823] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 2455.257108][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2455.273188][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2455.906419][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2456.032620][T32299] team0 (unregistering): Port device team_slave_1 removed
[ 2456.223707][T32299] team0 (unregistering): Port device team_slave_0 removed
[ 2457.818855][    C0] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2457.821684][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2457.826140][    C0] bridge0: topology change detected, propagating
[ 2457.844040][    C0] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2457.851311][    C0] bridge0: topology change detected, propagating
[ 2459.336450][  T681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2459.422950][  T681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2459.751616][  T681] team0: Port device team_slave_0 added
[ 2459.846378][  T681] team0: Port device team_slave_1 added
[ 2459.888546][  T883] netlink: 'syz.2.7857': attribute type 9 has an invalid length.
[ 2460.156749][  T681] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2460.194189][  T681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2460.374448][  T681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2460.380506][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2460.561473][  T681] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2460.615303][  T681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2460.748845][  T681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2460.804571][  T904] netlink: 164 bytes leftover after parsing attributes in process `syz.4.7864'.
[ 2461.280025][  T681] hsr_slave_0: entered promiscuous mode
[ 2461.331793][  T681] hsr_slave_1: entered promiscuous mode
[ 2461.380172][  T681] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2461.723316][  T681] Cannot create hsr debugfs directory
[ 2462.511907][ T5162] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 2462.708478][ T5162] usb 2-1: Using ep0 maxpacket: 16
[ 2462.803018][ T5162] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2462.866460][ T5162] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2462.886678][ T5162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2462.932414][ T5162] usb 2-1: config 0 descriptor??
[ 2462.986173][ T5162] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 2463.184505][ T5162] usb 2-1: USB disconnect, device number 49
[ 2463.571911][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2464.030386][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[ 2464.709236][  T959] GUP no longer grows the stack in syz.1.7875 (959): 20006000-2000a000 (20005000)
[ 2464.862169][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2464.884162][  T959] CPU: 0 PID: 959 Comm: syz.1.7875 Not tainted 6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[ 2464.894201][  T959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2464.904291][  T959] Call Trace:
[ 2464.907600][  T959]  <TASK>
[ 2464.910557][  T959]  dump_stack_lvl+0x16c/0x1f0
[ 2464.915292][  T959]  gup_vma_lookup+0x1d2/0x220
[ 2464.920042][  T959]  __get_user_pages+0x25f/0x1490
[ 2464.925052][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2464.930744][  T959]  ? __pfx___get_user_pages+0x10/0x10
[ 2464.936185][  T959]  ? down_read_killable+0xcc/0x380
[ 2464.941445][  T959]  ? __pfx_down_read_killable+0x10/0x10
[ 2464.947068][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2464.952756][  T959]  ? hlock_class+0x4e/0x130
[ 2464.957334][  T959]  __gup_longterm_locked+0x243/0x2790
[ 2464.962805][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2464.968503][  T959]  ? lock_acquire+0x1b1/0x560
[ 2464.973243][  T959]  ? find_held_lock+0x2d/0x110
[ 2464.978122][  T959]  ? __pfx___gup_longterm_locked+0x10/0x10
[ 2464.984007][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2464.989705][  T959]  ? gup_fast_fallback+0x846/0x25d0
[ 2464.994991][  T959]  ? __pfx_lock_release+0x10/0x10
[ 2465.000077][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.005775][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.011467][  T959]  ? const_folio_flags.constprop.0+0x56/0x150
[ 2465.017615][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.023310][  T959]  ? sanity_check_pinned_pages+0x372/0x11f0
[ 2465.029294][  T959]  gup_fast_fallback+0x1545/0x25d0
[ 2465.034529][  T959]  ? __pfx_gup_fast_fallback+0x10/0x10
[ 2465.040070][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.045760][  T959]  ? __pfx___lock_acquire+0x10/0x10
[ 2465.051017][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.056710][  T959]  pin_user_pages_fast+0xa8/0x100
[ 2465.061781][  T959]  ? __pfx_pin_user_pages_fast+0x10/0x10
[ 2465.067435][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.073105][  T959]  ? find_held_lock+0x2d/0x110
[ 2465.077939][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.083632][  T959]  iov_iter_extract_pages+0x388/0x18a0
[ 2465.089180][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.094870][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.100559][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.106248][  T959]  ? __pfx_iov_iter_extract_pages+0x10/0x10
[ 2465.112217][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.117909][  T959]  ? bio_associate_blkg+0x137/0x2a0
[ 2465.123173][  T959]  ? __pfx_lock_release+0x10/0x10
[ 2465.128262][  T959]  bio_iov_iter_get_pages+0x341/0xf10
[ 2465.133721][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.139418][  T959]  ? __pfx_bio_iov_iter_get_pages+0x10/0x10
[ 2465.145396][  T959]  ? __pfx_bio_alloc_bioset+0x10/0x10
[ 2465.150883][  T959]  iomap_dio_bio_iter+0xcf1/0x17b0
[ 2465.156117][  T959]  __iomap_dio_rw+0xd83/0x1c70
[ 2465.161000][  T959]  ? __pfx___iomap_dio_rw+0x10/0x10
[ 2465.166295][  T959]  ? kasan_quarantine_put+0x10a/0x240
[ 2465.171753][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.177449][  T959]  ? lockdep_hardirqs_on+0x7c/0x110
[ 2465.182765][  T959]  ? __pfx_jbd2_journal_stop+0x10/0x10
[ 2465.188313][  T959]  iomap_dio_rw+0x40/0xa0
[ 2465.192730][  T959]  ext4_file_write_iter+0x136b/0x1a40
[ 2465.198213][  T959]  ? __pfx_ext4_file_write_iter+0x10/0x10
[ 2465.204023][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.209731][  T959]  vfs_write+0x6b9/0x1140
[ 2465.214154][  T959]  ? __pfx_ext4_file_write_iter+0x10/0x10
[ 2465.219975][  T959]  ? __pfx_vfs_write+0x10/0x10
[ 2465.224820][  T959]  ? __pfx___mutex_lock+0x10/0x10
[ 2465.229923][  T959]  ? __fget_files+0x256/0x400
[ 2465.234703][  T959]  ksys_write+0x12f/0x260
[ 2465.239119][  T959]  ? __pfx_ksys_write+0x10/0x10
[ 2465.244056][  T959]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2465.249780][  T959]  do_syscall_64+0xcd/0x250
[ 2465.254362][  T959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.260335][  T959] RIP: 0033:0x7fa101575b99
[ 2465.264797][  T959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2465.284478][  T959] RSP: 002b:00007fa100fde048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2465.292969][  T959] RAX: ffffffffffffffda RBX: 00007fa101704078 RCX: 00007fa101575b99
[ 2465.301008][  T959] RDX: 0000000000043400 RSI: 0000000020000200 RDI: 0000000000000008
[ 2465.309047][  T959] RBP: 00007fa1015f677e R08: 0000000000000000 R09: 0000000000000000
[ 2465.317076][  T959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2465.325096][  T959] R13: 000000000000006e R14: 00007fa101704078 R15: 00007ffed8a6c9c8
[ 2465.333154][  T959]  </TASK>
[ 2465.846360][  T681] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2466.128968][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2466.222368][  T681] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2466.294628][  T681] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2466.368581][  T681] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2466.768578][    C1] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2466.775860][    C1] bridge0: topology change detected, propagating
[ 2466.782651][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2466.789898][    C1] bridge0: topology change detected, propagating
[ 2467.236776][  T995] netlink: 'syz.0.7887': attribute type 9 has an invalid length.
[ 2467.409559][T15708] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 2467.638519][T15708] usb 2-1: Using ep0 maxpacket: 16
[ 2467.666884][T15708] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2467.733951][  T681] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2467.748246][T15708] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2467.767720][T15708] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2467.839909][T15708] usb 2-1: config 0 descriptor??
[ 2467.886035][  T681] 8021q: adding VLAN 0 to HW filter on device team0
[ 2467.895077][T15708] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 2467.981033][T15708] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2467.988425][T15708] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2468.073986][T15708] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2468.080830][T28014] usb 2-1: USB disconnect, device number 50
[ 2468.081339][T15708] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2468.139043][T31888] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 2468.348767][T31888] usb 3-1: Using ep0 maxpacket: 8
[ 2468.381842][T31888] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2468.410636][T31888] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2468.430205][T31888] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[ 2468.493791][T31888] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[ 2468.539236][T31888] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 2468.582863][T31888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2468.614198][T31888] hub 3-1:1.0: bad descriptor, ignoring hub
[ 2468.641276][T31888] hub 3-1:1.0: probe with driver hub failed with error -5
[ 2468.693714][T31888] cdc_wdm 3-1:1.0: skipping garbage
[ 2468.715925][T31888] cdc_wdm 3-1:1.0: skipping garbage
[ 2468.784490][T31888] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 2468.827875][T31888] cdc_wdm 3-1:1.0: Unknown control protocol
[ 2468.910933][T31888] usb 3-1: USB disconnect, device number 61
[ 2469.343788][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2469.576053][  T681] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2470.467665][  T681] veth0_vlan: entered promiscuous mode
[ 2470.650098][  T681] veth1_vlan: entered promiscuous mode
[ 2471.134941][  T681] veth0_macvtap: entered promiscuous mode
[ 2471.322858][  T681] veth1_macvtap: entered promiscuous mode
[ 2471.538476][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.561077][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.588571][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.618945][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.672263][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.699211][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.733720][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.782817][ T1028] loop4: detected capacity change from 0 to 32768
[ 2471.798464][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.808371][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.849562][ T1028] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.7894 (1028)
[ 2471.889549][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.902602][T32293] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2471.929072][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2471.962645][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2471.985888][  T681] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2472.016289][ T1028] BTRFS error (device loop4): open_ctree failed
[ 2472.022075][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.044522][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.073520][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.115249][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.151343][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.206714][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.282662][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.315844][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.326070][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.337532][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.376818][  T681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2472.428469][  T681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2472.451735][  T681] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2472.459372][T31888] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 2472.571691][ T1073] loop1: detected capacity change from 0 to 164
[ 2472.585039][  T681] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2472.668539][T31888] usb 3-1: Using ep0 maxpacket: 16
[ 2472.677568][  T681] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2472.692572][T31888] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2472.698919][ T1073] iso9660: Bad value for 'map'
[ 2472.711578][  T681] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2472.720962][  T681] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2472.750416][T31888] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2472.778247][T31888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2472.829033][T31888] usb 3-1: config 0 descriptor??
[ 2472.869605][T31888] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 2472.882566][ T1077] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7908'.
[ 2473.092373][T31888] usb 3-1: USB disconnect, device number 62
[ 2473.195212][ T1077] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2474.300078][ T1077] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2474.450074][T32293] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2474.461811][T23818] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2474.548561][T31888] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[ 2474.978831][T31888] usb 6-1: Using ep0 maxpacket: 8
[ 2475.260542][T31888] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2475.292167][T31888] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 2475.598548][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2475.609686][T31888] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[ 2475.627572][T31888] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[ 2475.629875][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2475.639046][T31888] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 2475.661292][T31888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2475.701790][T31888] hub 6-1:1.0: bad descriptor, ignoring hub
[ 2475.707810][T31888] hub 6-1:1.0: probe with driver hub failed with error -5
[ 2475.715765][T31888] cdc_wdm 6-1:1.0: skipping garbage
[ 2475.731614][ T1091] netlink: 'syz.4.7911': attribute type 9 has an invalid length.
[ 2475.745556][T31888] cdc_wdm 6-1:1.0: skipping garbage
[ 2475.785666][T31888] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 2475.811527][ T1077] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2475.847276][T31888] cdc_wdm 6-1:1.0: Unknown control protocol
[ 2475.979650][T31888] usb 6-1: USB disconnect, device number 63
[ 2476.280539][ T1077] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2476.421345][T32287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2476.485553][T32287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2476.675178][T32287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2476.731055][T32287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2477.017088][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[ 2477.042445][ T1077] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2477.173109][ T1077] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2477.242855][ T1077] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2477.322965][ T1077] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2477.650420][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2477.818015][ T1115] veth0_vlan: entered allmulticast mode
[ 2477.888773][ T1115] tipc: Resetting bearer <eth:vlan0>
[ 2478.277426][ T1119] veth0_vlan: left promiscuous mode
[ 2478.298448][ T1119] veth0_vlan: entered promiscuous mode
[ 2478.728969][T31888] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 2478.932140][T31888] usb 3-1: Using ep0 maxpacket: 16
[ 2478.947543][T31888] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2478.961546][T31888] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2478.972469][T31888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2478.984391][T31888] usb 3-1: config 0 descriptor??
[ 2479.003962][T31888] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 2479.224434][T31888] usb 3-1: USB disconnect, device number 63
[ 2479.495337][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2480.491588][ T1150] loop4: detected capacity change from 0 to 164
[ 2480.504200][ T1150] iso9660: Bad value for 'map'
[ 2480.582194][ T1153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7930'.
[ 2480.635781][ T1153] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2480.871404][ T1153] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2480.922836][ T1160] netlink: 'syz.5.7929': attribute type 9 has an invalid length.
[ 2481.135614][ T1153] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2481.453986][ T1153] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2481.490656][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2482.058821][ T1173] kernel profiling enabled (shift: 5)
[ 2482.371453][T27826] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[ 2482.383542][T27826] Bluetooth: hci6: Injecting HCI hardware error event
[ 2482.394793][T27826] Bluetooth: hci6: hardware error 0x00
[ 2482.439224][T29936] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 2482.689927][T29936] usb 5-1: Using ep0 maxpacket: 16
[ 2482.713437][T29936] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 2482.771479][T29936] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2482.793138][T29936] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2482.855744][T29936] usb 5-1: config 0 descriptor??
[ 2483.416874][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2483.496226][ T1183] veth0_vlan: entered allmulticast mode
[ 2484.340642][ T1170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2484.351186][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2484.364629][ T1170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2484.449184][T27826] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[ 2484.451863][T29936] hid (null): unknown global tag 0xd
[ 2484.505369][T29936] hid (null): report_id 0 is invalid
[ 2484.549414][T29936] hid (null): unknown global tag 0x83
[ 2484.582065][T29936] hid (null): unknown global tag 0xc
[ 2484.641264][T29936] hid-generic 0003:0158:0100.0047: unknown main item tag 0x1
[ 2484.682912][T29936] hid-generic 0003:0158:0100.0047: unexpected long global item
[ 2484.691592][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2484.756044][T29936] hid-generic 0003:0158:0100.0047: probe with driver hid-generic failed with error -22
[ 2484.811878][T29936] usb 5-1: USB disconnect, device number 35
[ 2485.038595][   T29] audit: type=1326 audit(2000001549.249:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1190 comm="syz.1.7940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa101575b99 code=0x7ffc0000
[ 2485.121738][   T29] audit: type=1326 audit(2000001549.279:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1190 comm="syz.1.7940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7fa101575b99 code=0x7ffc0000
[ 2485.235349][   T29] audit: type=1326 audit(2000001549.279:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1190 comm="syz.1.7940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa101575b99 code=0x7ffc0000
[ 2486.492800][ T1153] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2486.501702][T29936] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 2486.509729][   T45] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 2486.552191][ T1153] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2486.582482][ T1153] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2486.606916][ T1153] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2486.698519][T29936] usb 2-1: Using ep0 maxpacket: 32
[ 2486.715691][T29936] usb 2-1: New USB device found, idVendor=0b54, idProduct=62a0, bcdDevice=a0.56
[ 2486.726521][   T45] usb 4-1: Using ep0 maxpacket: 16
[ 2486.758579][T29936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2486.786099][   T45] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2486.799877][T29936] usb 2-1: Product: syz
[ 2486.804262][T29936] usb 2-1: Manufacturer: syz
[ 2486.819618][   T45] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2486.835136][T29936] usb 2-1: SerialNumber: syz
[ 2486.843754][   T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2486.869919][   T45] usb 4-1: config 0 descriptor??
[ 2486.876470][T29936] usb 2-1: config 0 descriptor??
[ 2486.935560][   T45] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2487.038281][ T1223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7951'.
[ 2487.116441][   T45] usb 2-1: USB disconnect, device number 51
[ 2487.145558][T28014] usb 4-1: USB disconnect, device number 37
[ 2487.249696][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2488.485265][ T1235] netlink: 'syz.4.7953': attribute type 9 has an invalid length.
[ 2489.809445][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2490.524521][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2490.820365][   T45] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 2491.329151][   T45] usb 4-1: Using ep0 maxpacket: 16
[ 2491.366290][   T45] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[ 2491.376189][   T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2492.292070][   T45] usb 4-1: Product: syz
[ 2492.296325][   T45] usb 4-1: Manufacturer: syz
[ 2492.309908][   T45] usb 4-1: SerialNumber: syz
[ 2492.339870][   T45] usb 4-1: config 0 descriptor??
[ 2492.366334][   T45] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[ 2492.568704][T23818] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 2492.757989][   T45] gp8psk: usb in 137 operation failed.
[ 2492.776822][   T45] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2492.797067][   T45] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[ 2492.798453][T23818] usb 3-1: Using ep0 maxpacket: 16
[ 2492.817547][   T45] usb 4-1: media controller created
[ 2492.859474][ T1280] loop5: detected capacity change from 0 to 32768
[ 2492.871370][T23818] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2492.902324][ T1280] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.7970 (1280)
[ 2492.905283][T23818] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2492.927774][   T45] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2492.958470][T23818] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2492.976825][ T1280] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 2492.990378][T23818] usb 3-1: config 0 descriptor??
[ 2493.001248][T23818] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 2493.012340][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2493.016795][ T1280] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[ 2493.046552][   T45] gp8psk_fe: Frontend revision 1 attached
[ 2493.058988][ T1280] BTRFS info (device loop5): using free-space-tree
[ 2493.067130][   T45] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[ 2493.104500][   T45] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[ 2493.240246][T23818] usb 3-1: USB disconnect, device number 64
[ 2493.306358][ T1280] BTRFS info (device loop5): rebuilding free space tree
[ 2493.436421][   T29] audit: type=1804 audit(2000001557.649:617): pid=1280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.7970" name="/root/syzkaller.ejQfbP/44/bus/bus" dev="loop5" ino=263 res=1 errno=0
[ 2493.494030][   T45] gp8psk: usb in 138 operation failed.
[ 2493.500391][   T45] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[ 2493.515398][   T45] gp8psk: found Genpix USB device pID = 201 (hex)
[ 2493.564887][   T45] usb 4-1: USB disconnect, device number 38
[ 2493.570168][T32404] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 2493.723007][ T5169] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2493.786146][ T1311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7976'.
[ 2494.416823][   T45] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[ 2495.571277][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2496.713964][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2496.934824][ T1337] netlink: 'syz.1.7985': attribute type 9 has an invalid length.
[ 2498.130133][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2498.133550][   T53] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 2498.150381][   T53] Bluetooth: hci0: Injecting HCI hardware error event
[ 2498.162762][T27826] Bluetooth: hci0: hardware error 0x00
[ 2499.212156][T27776] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2499.245303][T27776] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2499.264246][T27776] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2499.284485][T27776] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2499.301731][T27776] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2499.324814][T27776] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2499.373805][T32282] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2500.070391][T32282] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2500.459497][T27826] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 2500.496087][T32282] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2500.689947][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2501.375986][T32282] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2501.509414][T27826] Bluetooth: hci4: command tx timeout
[ 2502.610831][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2502.634441][ T1379] chnl_net:caif_netlink_parms(): no params data found
[ 2503.038195][T32282] bridge_slave_1: left allmulticast mode
[ 2503.078509][T32282] bridge_slave_1: left promiscuous mode
[ 2503.140004][T32282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2503.267596][T32293] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2503.270756][T32282] bridge_slave_0: left allmulticast mode
[ 2503.279385][T23818] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2503.330726][T32282] bridge_slave_0: left promiscuous mode
[ 2503.336735][T32282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2503.570201][T27826] Bluetooth: hci4: command tx timeout
[ 2504.310209][ T1437] netlink: 'syz.1.8013': attribute type 9 has an invalid length.
[ 2504.555745][ T1418] loop3: detected capacity change from 0 to 32768
[ 2504.615946][ T1418] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.8007 (1418)
[ 2504.790789][ T1418] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2504.831145][ T1418] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[ 2504.852310][T29936] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[ 2504.859897][ T1418] BTRFS info (device loop3): using free-space-tree
[ 2505.097127][T29936] usb 3-1: not running at top speed; connect to a high speed hub
[ 2505.123399][T29936] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 2505.170481][T29936] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 2505.229618][T29936] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2505.293696][T29936] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2505.371654][T29936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2505.381916][T29936] usb 3-1: Product: ᶫ⼃줴ή芾磎頔ힲﰽ挴Ҁ똳碽圦ᨾ䂿䳘卮哃ฅ剹띾ˇᅍ쾘팗⪼雠躼眬紿챙䬎编樨鷸韥玳綴䩪琨㢹鋝ㆡ钯裯蝓㵪ួ讓䷀䘳ꤠ黜㛅滑੿ỉ猣ᓫ严湔먶㈚ᓥƪ㕁鍆惡螆⾀쯄趴ꮢ糢
[ 2505.431836][T29936] usb 3-1: Manufacturer: ࠒ
[ 2505.436672][T29936] usb 3-1: SerialNumber: Ễ㼡蝲偷偏툏௛䩱哮塚䑭ᡮ࣏췛⥱荲퓠晇⃠ጢ詭ܛ됐뼺꼎㰱祈ऻ蝊㐁愴ﻟ豆鹺閳ꂿ몛䖞倝ꉥ
[ 2505.458937][  T681] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2505.649543][T27826] Bluetooth: hci4: command tx timeout
[ 2505.717238][T29936] usb 3-1: 0:2 : does not exist
[ 2505.796278][T29936] usb 3-1: USB disconnect, device number 65
[ 2506.470489][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2506.890546][ T1457] loop5: detected capacity change from 0 to 32768
[ 2506.906270][ T1457] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.8016 (1457)
[ 2506.948565][ T5162] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[ 2506.978668][ T1457] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 2507.029374][ T1457] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[ 2507.037896][ T1457] BTRFS info (device loop5): using free-space-tree
[ 2507.133189][ T1469] loop3: detected capacity change from 0 to 2048
[ 2507.188855][ T5162] usb 3-1: Using ep0 maxpacket: 16
[ 2507.227393][ T1469] GPT:first_usable_lbas don't match.
[ 2507.234114][ T1469] GPT:34 != 290
[ 2507.237869][ T1469] GPT: Use GNU Parted to correct GPT errors.
[ 2507.247169][ T1469]  loop3: p1 p2 p3
[ 2507.255851][ T5162] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2507.277360][ T5162] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2507.290615][ T5162] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2507.300531][ T5162] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2507.315640][ T5162] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2507.332971][ T5162] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2507.343024][ T5162] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2507.356301][ T5162] usb 3-1: Manufacturer: syz
[ 2507.366453][ T5162] usb 3-1: config 0 descriptor??
[ 2507.388155][T32282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2507.504161][ T1457] BTRFS info (device loop5): rebuilding free space tree
[ 2507.516290][T32282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2507.561274][T32282] bond0 (unregistering): Released all slaves
[ 2507.665626][T32282] bond1 (unregistering): Released all slaves
[ 2507.728933][T27826] Bluetooth: hci4: command tx timeout
[ 2507.785305][   T29] audit: type=1804 audit(2000001571.999:618): pid=1457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.8016" name="/root/syzkaller.ejQfbP/53/bus/bus" dev="loop5" ino=263 res=1 errno=0
[ 2508.304300][T32404] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 2508.621938][T32282] tipc: Disabling bearer <eth:vlan0>
[ 2508.644772][T32282] tipc: Left network mode
[ 2508.655984][ T1379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2508.683232][ T1379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2508.741978][ T1379] bridge_slave_0: entered allmulticast mode
[ 2508.763636][ T1379] bridge_slave_0: entered promiscuous mode
[ 2508.833498][ T1379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2508.884300][ T1379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2508.918202][ T1379] bridge_slave_1: entered allmulticast mode
[ 2508.959508][ T1379] bridge_slave_1: entered promiscuous mode
[ 2509.009250][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2509.227722][ T1511] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8025'.
[ 2509.870989][ T5162] rc_core: IR keymap rc-hauppauge not found
[ 2509.880972][ T1520] loop2: detected capacity change from 0 to 8
[ 2509.887255][ T5162] Registered IR keymap rc-empty
[ 2509.904430][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2509.917607][ T1379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2509.970029][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.078916][ T5162] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 2510.179984][ T5162] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input57
[ 2510.225372][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.283176][T32282] hsr_slave_0: left promiscuous mode
[ 2510.328704][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.371213][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.409286][T32282] hsr_slave_1: left promiscuous mode
[ 2510.418925][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.454413][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.487667][T32282] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2510.500533][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.508111][T32282] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2510.528619][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.550094][T32282] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2510.558573][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.588604][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.596722][T32282] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2510.620612][ T5162] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 2510.658123][ T5162] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[ 2510.676669][ T5162] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2510.683024][T32282] batman_adv: batadv0: Removing interface: hsr_slave_0
[ 2510.702467][ T5162] usb 3-1: USB disconnect, device number 66
[ 2510.892342][ T1536] loop4: detected capacity change from 0 to 2048
[ 2510.949453][T32282] veth0_macvtap: left promiscuous mode
[ 2510.959136][T32282] veth1_vlan: left promiscuous mode
[ 2511.008763][ T1540] netlink: 'syz.2.8031': attribute type 9 has an invalid length.
[ 2511.027198][T32282] veth0_vlan: left promiscuous mode
[ 2511.051837][ T1536] GPT:first_usable_lbas don't match.
[ 2511.063092][ T1536] GPT:34 != 290
[ 2511.074355][ T1536] GPT: Use GNU Parted to correct GPT errors.
[ 2511.113779][ T1536]  loop4: p1 p2 p3
[ 2512.219766][T14693] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2512.406499][ T1525] loop5: detected capacity change from 0 to 32768
[ 2512.466917][ T1525] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.8028 (1525)
[ 2512.517408][ T1525] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2512.575378][ T1525] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[ 2512.589026][ T1525] BTRFS info (device loop5): using free-space-tree
[ 2512.871327][T23818] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2513.027122][T32404] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2514.050018][T27776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2514.061456][T27776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2514.085156][T27776] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2514.114886][T27776] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2514.126876][T27776] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 2514.137143][T27776] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2514.551578][ T1590] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8041'.
[ 2514.771585][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2515.125995][T32282] team0 (unregistering): Port device team_slave_1 removed
[ 2515.295580][T32282] team0 (unregistering): Port device team_slave_0 removed
[ 2516.208942][T27776] Bluetooth: hci0: command tx timeout
[ 2516.561056][ T1379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2516.716499][ T1616] loop2: detected capacity change from 0 to 32768
[ 2516.751466][ T1616] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.8051 (1616)
[ 2516.773361][ T1616] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2516.786496][ T1616] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[ 2516.827639][ T1616] BTRFS info (device loop2): using free-space-tree
[ 2517.017586][ T1379] team0: Port device team_slave_0 added
[ 2517.042010][ T1379] team0: Port device team_slave_1 added
[ 2517.171820][ T1635] netlink: 'syz.4.8052': attribute type 9 has an invalid length.
[ 2517.185176][ T1379] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2517.193691][ T1379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2517.262243][ T1379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2517.315532][T24937] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 2517.364081][ T1379] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2517.390735][ T1379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2517.486056][ T1379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2517.982895][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2518.289666][T27776] Bluetooth: hci0: command tx timeout
[ 2518.347268][ T1653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8058'.
[ 2518.440000][ T1379] hsr_slave_0: entered promiscuous mode
[ 2518.509891][ T1379] hsr_slave_1: entered promiscuous mode
[ 2518.563843][ T1379] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2518.588678][ T1379] Cannot create hsr debugfs directory
[ 2519.508260][T32282] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2519.935962][T32282] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2520.305508][ T1672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8064'.
[ 2520.380832][T27776] Bluetooth: hci0: command tx timeout
[ 2520.494372][T32282] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2520.529307][T32293] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2520.893309][T32282] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2521.568026][ T1581] chnl_net:caif_netlink_parms(): no params data found
[ 2521.590888][ T1705] netlink: 'syz.1.8075': attribute type 9 has an invalid length.
[ 2521.810069][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2522.353308][T32282] bridge_slave_1: left allmulticast mode
[ 2522.372605][T32282] bridge_slave_1: left promiscuous mode
[ 2522.380352][T32282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2522.438543][T32282] bridge_slave_0: left allmulticast mode
[ 2522.451113][T27776] Bluetooth: hci0: command tx timeout
[ 2522.451403][T28014] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2522.471840][T32282] bridge_slave_0: left promiscuous mode
[ 2522.489928][T32282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2523.737405][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2525.573908][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2526.469213][ T1743] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8084'.
[ 2526.559850][T32282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2526.591863][T32282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2526.607912][T32282] bond0 (unregistering): Released all slaves
[ 2527.117004][ T1752] netlink: 'syz.1.8088': attribute type 9 has an invalid length.
[ 2527.569601][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2528.898574][T15708] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[ 2529.084377][ T1581] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2529.099488][ T1581] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2529.339098][T15708] usb 6-1: Using ep0 maxpacket: 16
[ 2529.971416][ T1581] bridge_slave_0: entered allmulticast mode
[ 2529.985350][ T1581] bridge_slave_0: entered promiscuous mode
[ 2529.993878][T15708] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2530.004895][ T1581] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2530.028676][ T1581] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2530.028841][T15708] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2530.046457][ T1581] bridge_slave_1: entered allmulticast mode
[ 2530.068823][ T1581] bridge_slave_1: entered promiscuous mode
[ 2530.078197][T15708] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2530.094352][T15708] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2530.116547][T15708] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2530.176506][T15708] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2530.188472][T15708] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2530.214463][T15708] usb 6-1: Manufacturer: syz
[ 2530.232219][T32282] hsr_slave_0: left promiscuous mode
[ 2530.240175][T15708] usb 6-1: config 0 descriptor??
[ 2530.277153][T32282] hsr_slave_1: left promiscuous mode
[ 2530.329265][T32282] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2530.336943][T32282] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2530.361898][T32282] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2530.381677][T32282] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2530.511851][T32282] veth1_macvtap: left promiscuous mode
[ 2530.547570][T32282] veth0_macvtap: left promiscuous mode
[ 2530.574976][T32282] veth1_vlan: left promiscuous mode
[ 2530.599277][T32282] veth0_vlan: left promiscuous mode
[ 2531.943507][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2532.049341][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2532.478715][T15708] rc_core: IR keymap rc-hauppauge not found
[ 2532.508786][T15708] Registered IR keymap rc-empty
[ 2532.513953][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2532.594223][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2532.642499][T15708] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 2532.716492][T15708] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input58
[ 2532.739671][ T1798] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8100'.
[ 2532.821497][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2532.878552][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2532.949282][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2532.991603][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.028979][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.069026][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.113315][ T1807] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8103'.
[ 2533.133603][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.181101][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.224962][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.269033][T15708] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[ 2533.311889][T15708] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[ 2533.338445][T15708] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2533.341352][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2533.353251][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2533.381088][T15708] usb 6-1: USB disconnect, device number 64
[ 2533.918027][T32282] team0 (unregistering): Port device team_slave_1 removed
[ 2534.022124][T32282] team0 (unregistering): Port device team_slave_0 removed
[ 2535.222002][ T1581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2535.303559][ T1379] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2535.354681][ T1379] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2535.493641][ T1581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2535.553735][ T1379] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2536.052212][ T1379] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2536.101455][ T1830] 9pnet_fd: Insufficient options for proto=fd
[ 2536.276939][ T1581] team0: Port device team_slave_0 added
[ 2536.683503][ T1581] team0: Port device team_slave_1 added
[ 2537.130115][ T1581] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2537.167716][ T1581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2537.232912][ T1581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2537.253055][ T1581] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2537.261785][ T1581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2537.304301][ T1581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2537.361328][T28014] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 2537.552348][T28014] usb 2-1: Using ep0 maxpacket: 16
[ 2537.573416][T28014] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2537.601613][T28014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2537.647314][T28014] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2537.678804][T28014] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2537.703455][ T1581] hsr_slave_0: entered promiscuous mode
[ 2537.709519][T28014] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2537.752106][T28014] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2537.763068][T28014] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2537.763625][ T1581] hsr_slave_1: entered promiscuous mode
[ 2537.780499][T28014] usb 2-1: Manufacturer: syz
[ 2537.800299][ T1843] netlink: 'syz.4.8112': attribute type 9 has an invalid length.
[ 2537.809649][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2537.818817][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2537.824734][T28014] usb 2-1: config 0 descriptor??
[ 2537.871465][ T1581] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2537.894933][ T1581] Cannot create hsr debugfs directory
[ 2538.465199][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[ 2538.625856][ T1852] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8115'.
[ 2538.823836][ T1379] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2539.091328][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2539.112793][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2539.503459][ T1379] 8021q: adding VLAN 0 to HW filter on device team0
[ 2539.671604][ T5083] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2539.678978][ T5083] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2539.818158][ T5083] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2539.825504][ T5083] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2540.379850][ T1861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8118'.
[ 2540.418591][T28014] rc_core: IR keymap rc-hauppauge not found
[ 2540.438470][T28014] Registered IR keymap rc-empty
[ 2540.459212][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.481233][ T1863] 9pnet_fd: Insufficient options for proto=fd
[ 2540.528853][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.571120][T28014] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2540.646365][T28014] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input59
[ 2540.749569][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.756985][ T1581] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2540.781879][ T1856] loop2: detected capacity change from 0 to 32768
[ 2540.818887][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.858543][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.898735][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.930297][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2540.987748][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2541.028128][ T1856] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 2541.041263][ T1581] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2541.061123][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2541.128798][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2541.161357][ T1858] loop5: detected capacity change from 0 to 40427
[ 2541.175879][ T1581] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2541.176345][ T1858] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[ 2541.192390][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2541.229096][T28014] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2541.274561][T28014] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 2541.285641][T28014] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2541.395000][ T1856] XFS (loop2): Ending clean mount
[ 2541.543197][T28014] usb 2-1: USB disconnect, device number 52
[ 2541.628780][ T1858] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[ 2541.650107][ T1581] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2541.686731][ T1856] XFS (loop2): Quotacheck needed: Please wait.
[ 2541.704282][ T1858] F2FS-fs (loop5): invalid crc value
[ 2541.778591][ T1858] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 2541.982063][ T1856] XFS (loop2): Quotacheck: Done.
[ 2542.115759][T24937] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[ 2542.507780][ T1379] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2542.675395][ T1897] loop1: detected capacity change from 0 to 2048
[ 2542.780997][ T1897] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 2542.835411][ T1897] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 2542.925329][ T1581] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2542.933459][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2543.046812][ T1581] 8021q: adding VLAN 0 to HW filter on device team0
[ 2543.174079][T12950] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2543.181462][T12950] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2543.327706][T12950] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2543.335069][T12950] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2543.424037][ T1379] veth0_vlan: entered promiscuous mode
[ 2543.575617][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2543.606051][ T1379] veth1_vlan: entered promiscuous mode
[ 2543.819537][ T1910] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8127'.
[ 2544.062669][ T1379] veth0_macvtap: entered promiscuous mode
[ 2544.157906][ T1379] veth1_macvtap: entered promiscuous mode
[ 2544.200379][ T1913] netlink: 'syz.2.8128': attribute type 9 has an invalid length.
[ 2544.390181][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2544.435597][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.465056][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2544.481140][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.495206][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2544.506172][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.539499][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2544.573318][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.587265][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2544.598149][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.634804][ T1379] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2544.753818][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2544.787795][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.838474][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2544.849724][   T45] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 2544.856580][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2544.879639][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2544.883492][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2544.942418][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2544.972402][ T1923] 9pnet_fd: Insufficient options for proto=fd
[ 2544.978491][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2545.041201][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2545.068549][   T45] usb 2-1: Using ep0 maxpacket: 16
[ 2545.083652][   T45] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2545.092926][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2545.117275][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2545.138768][ T1379] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2545.148952][   T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2545.159877][ T1379] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2545.180819][   T45] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2545.191303][   T45] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2545.200847][ T1379] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2545.209548][   T45] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2545.267620][ T1379] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2545.298052][ T1379] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2545.316627][ T1379] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2545.325842][ T1379] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2545.340833][ T1926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8131'.
[ 2545.581431][   T45] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2545.604976][   T45] usb 2-1: Manufacturer: syz
[ 2546.092848][ T1581] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2546.258893][ T2800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2546.307469][ T2800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2546.500659][   T45] usb 2-1: config 0 descriptor??
[ 2546.576968][T32293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2546.599072][T32293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2546.672698][ T1935] loop4: detected capacity change from 0 to 256
[ 2546.893047][ T1581] veth0_vlan: entered promiscuous mode
[ 2546.996666][ T1581] veth1_vlan: entered promiscuous mode
[ 2547.264887][ T1945] loop4: detected capacity change from 0 to 128
[ 2547.309105][ T1581] veth0_macvtap: entered promiscuous mode
[ 2547.318815][ T5162] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[ 2547.327662][ T1945] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[ 2547.395144][ T1581] veth1_macvtap: entered promiscuous mode
[ 2547.409106][ T1945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 2547.550683][ T5162] usb 1-1: Using ep0 maxpacket: 16
[ 2547.572582][ T5162] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2547.607100][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.659208][ T5162] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2547.669215][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.675902][ T5162] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2547.700098][ T5162] usb 1-1: config 0 descriptor??
[ 2547.709093][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.714427][ T5162] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 2547.761890][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.776803][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.787653][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.797957][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.811649][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.822030][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.833305][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.845196][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2547.866123][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2547.918039][ T1581] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2547.955154][ T5162] usb 1-1: USB disconnect, device number 34
[ 2548.031338][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.083523][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.122902][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.168051][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.219845][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.269145][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.308468][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.355683][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.418860][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.438993][ T1952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8139'.
[ 2548.448054][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.499113][ T1581] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2548.518697][   T45] rc_core: IR keymap rc-hauppauge not found
[ 2548.538505][ T1581] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2548.545137][   T45] Registered IR keymap rc-empty
[ 2548.575905][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2548.614772][ T1581] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2548.640152][ T1955] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8140'.
[ 2548.695080][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2548.729574][ T1581] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2548.758889][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2548.779616][ T1581] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2548.820089][   T45] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2548.840237][ T1581] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2548.887277][   T45] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input60
[ 2548.888486][ T1581] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2548.922034][ T1965] 9pnet_fd: Insufficient options for proto=fd
[ 2548.990132][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.098531][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.179568][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.228942][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.301112][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.339385][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2549.369158][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.408509][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.587145][ T1943] loop5: detected capacity change from 0 to 40427
[ 2549.729553][ T1943] F2FS-fs (loop5): Found nat_bits in checkpoint
[ 2549.763401][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.786814][T14844] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2549.803308][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2549.831840][T14844] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2549.980165][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2550.553350][T32287] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2550.591742][T32287] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2550.619175][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2550.648656][   T45] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 2550.681796][   T45] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 2550.718508][   T45] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2550.801124][   T45] usb 2-1: USB disconnect, device number 53
[ 2551.976976][ T1971] loop4: detected capacity change from 0 to 32768
[ 2551.988569][ T1995] netlink: 'syz.3.8150': attribute type 9 has an invalid length.
[ 2552.057956][ T1971] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.8144 (1971)
[ 2552.220531][ T1971] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[ 2552.263260][ T1971] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[ 2552.290891][ T1999] affs: No valid root block on device nbd5
[ 2552.306017][ T1971] BTRFS info (device loop4): using free-space-tree
[ 2552.351140][ T5160] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 2552.357209][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 2552.368555][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 2552.400289][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 2552.460089][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 2552.534470][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 2552.608851][ T5160] usb 1-1: Using ep0 maxpacket: 16
[ 2552.618914][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 2552.638111][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 2552.654236][ T1983] loop2: detected capacity change from 0 to 32768
[ 2552.670135][ T5160] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2552.678554][ T5162] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 2552.700424][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 2552.701732][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 2552.730077][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2552.732686][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 2552.754244][ T1983] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 2552.764007][ T5160] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2552.764091][ T5160] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2552.764209][ T5160] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2552.862132][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 2552.864187][ T1971] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 2552.909015][ T5162] usb 2-1: Using ep0 maxpacket: 16
[ 2552.928002][ T5160] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2552.958649][ T5162] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2552.972196][ T5162] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2552.984484][ T5162] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2552.999119][ T5162] usb 2-1: config 0 descriptor??
[ 2553.018913][ T5162] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 2553.022141][ T1971] BTRFS error (device loop4): open_ctree failed
[ 2553.048236][ T5160] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2553.112205][ T5160] usb 1-1: Manufacturer: syz
[ 2553.119298][ T2030] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8154'.
[ 2553.128089][ T1983] XFS (loop2): Ending clean mount
[ 2553.166170][ T1983] XFS (loop2): Quotacheck needed: Please wait.
[ 2553.201844][ T5160] usb 1-1: config 0 descriptor??
[ 2553.232060][ T5162] usb 2-1: USB disconnect, device number 54
[ 2553.424306][ T1983] XFS (loop2): Quotacheck: Done.
[ 2553.670453][ T2035] 9pnet_fd: Insufficient options for proto=fd
[ 2553.965337][T24937] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 2554.179972][ T2038] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8157'.
[ 2554.242497][ T2043] loop1: detected capacity change from 0 to 256
[ 2554.287050][ T2043] exfat: Unknown parameter '000000000000000000000x0000000020737365rem_��1ɦ�
�	�b]�A��ɍwvB5$WF]Ƚ9����-�Έp��f%F��3*��)i�kG`����S푸]˱�E�F"�9�ч��8����?Kjz'�8�!z��
[ 2554.287050][ T2043] ���'
[ 2554.430961][ T2043] loop1: detected capacity change from 0 to 512
[ 2554.454173][ T2043] ext3: Unknown parameter 'nouser_xattr'
[ 2554.460894][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2554.478758][ T2045] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8155'.
[ 2554.632049][   T29] audit: type=1804 audit(2000001618.849:619): pid=2046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8158" name="/root/syzkaller.wUdyoI/279/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2555.243386][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2555.289050][   T29] audit: type=1804 audit(2000001618.859:620): pid=2046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8158" name="/root/syzkaller.wUdyoI/279/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2555.389151][   T29] audit: type=1804 audit(2000001618.889:621): pid=2046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.8158" name="/root/syzkaller.wUdyoI/279/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2555.478074][   T29] audit: type=1804 audit(2000001618.899:622): pid=2046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.8158" name="/root/syzkaller.wUdyoI/279/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2555.573127][   T29] audit: type=1804 audit(2000001618.909:623): pid=2046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.8158" name="/root/syzkaller.wUdyoI/279/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2555.629036][ T5160] rc_core: IR keymap rc-hauppauge not found
[ 2555.634971][ T5160] Registered IR keymap rc-empty
[ 2555.661089][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2555.733745][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2555.770982][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2555.840324][ T5160] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 2555.911382][ T5160] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input61
[ 2556.019384][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2556.096869][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2556.161980][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2556.510563][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2557.252476][ T2083] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8168'.
[ 2557.431845][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.478692][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.520644][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.570716][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.612473][ T2093] 9pnet_fd: Insufficient options for proto=fd
[ 2557.642341][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.718555][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.789617][ T5160] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 2557.862140][ T5160] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[ 2557.892389][ T5160] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2557.958940][ T5160] usb 1-1: USB disconnect, device number 35
[ 2558.041229][ T2102] loop3: detected capacity change from 0 to 256
[ 2558.082471][ T2102] exfat: Unknown parameter '000000000000000000000x0000000020737365rem_��1ɦ�
�	�b]�A��ɍwvB5$WF]Ƚ9����-�Έp��f%F��3*��)i�kG`����S푸]˱�E�F"�9�ч��8����?Kjz'�8�!z��
[ 2558.082471][ T2102] ���'
[ 2558.130047][ T5162] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 2558.188144][ T2053] loop1: detected capacity change from 0 to 32768
[ 2558.219154][ T2053] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.8160 (2053)
[ 2558.270832][ T2102] loop3: detected capacity change from 0 to 512
[ 2558.294253][ T2053] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 2558.309550][ T2102] ext3: Unknown parameter 'nouser_xattr'
[ 2558.318538][ T2053] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm
[ 2558.337292][ T2053] BTRFS info (device loop1): using free-space-tree
[ 2558.344065][ T5162] usb 3-1: Using ep0 maxpacket: 16
[ 2558.352263][ T5162] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2558.382978][ T5162] usb 3-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[ 2558.439410][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 2558.486909][ T5162] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2558.525177][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 2558.554697][ T5162] usb 3-1: config 0 descriptor??
[ 2558.593915][   T29] audit: type=1804 audit(2000001622.749:624): pid=2112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8172" name="/root/syzkaller.Y7UYuZ/4/bus" dev="sda1" ino=2129 res=1 errno=0
[ 2558.614577][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 2558.691130][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 2558.840466][   T29] audit: type=1804 audit(2000001622.789:625): pid=2112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8172" name="/root/syzkaller.Y7UYuZ/4/bus" dev="sda1" ino=2129 res=1 errno=0
[ 2558.851793][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 2558.889725][ T5162] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 2558.979177][ T5160] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 2559.117067][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 2559.167749][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 2559.188676][ T5160] usb 5-1: Using ep0 maxpacket: 16
[ 2559.237045][ T5160] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2559.295465][ T5160] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2559.307214][ T5160] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 2559.312655][ T5162] usb 3-1: USB disconnect, device number 67
[ 2559.317173][ T5160] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 2559.334593][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 2559.342747][ T5160] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2559.352264][ T2053] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 2559.382527][ T5160] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 2559.409982][ T5160] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 2559.419549][ T5160] usb 5-1: Manufacturer: syz
[ 2559.453404][ T2053] BTRFS error (device loop1): open_ctree failed
[ 2559.490204][ T5160] usb 5-1: config 0 descriptor??
[ 2559.523094][   T29] audit: type=1804 audit(2000001623.739:626): pid=2116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.8172" name="/root/syzkaller.Y7UYuZ/4/bus" dev="sda1" ino=2129 res=1 errno=0
[ 2559.591379][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2559.668870][   T29] audit: type=1804 audit(2000001623.739:627): pid=2102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.8172" name="/root/syzkaller.Y7UYuZ/4/bus" dev="sda1" ino=2129 res=1 errno=0
[ 2559.758532][   T29] audit: type=1804 audit(2000001623.789:628): pid=2102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.8172" name="/root/syzkaller.Y7UYuZ/4/bus" dev="sda1" ino=2129 res=1 errno=0
[ 2560.374950][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2560.644216][ T2142] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8174'.
[ 2560.929003][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2561.103566][ T2145] netlink: 'syz.2.8179': attribute type 9 has an invalid length.
[ 2562.049138][ T2129] loop3: detected capacity change from 0 to 32768
[ 2562.126538][ T2129] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.8175 (2129)
[ 2562.155804][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2562.178464][ T5160] rc_core: IR keymap rc-hauppauge not found
[ 2562.184473][ T5160] Registered IR keymap rc-empty
[ 2562.190952][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2562.639363][ T2165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8183'.
[ 2563.099571][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.131621][ T5160] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 2563.173729][ T5160] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input62
[ 2563.242470][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.323838][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.691865][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.743531][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.818651][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.881140][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2563.938848][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2564.008974][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2564.058674][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2564.118498][ T5160] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 2564.219853][ T5160] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[ 2564.245418][ T5160] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 2564.320589][ T5160] usb 5-1: USB disconnect, device number 36
[ 2564.799558][ T2203] loop3: detected capacity change from 0 to 256
[ 2564.830272][ T2203] exfat: Unknown parameter '000000000000000000000x0000000020737365rem_��1ɦ�
�	�b]�A��ɍwvB5$WF]Ƚ9����-�Έp��f%F��3*��)i�kG`����S푸]˱�E�F"�9�ч��8����?Kjz'�8�!z��
[ 2564.830272][ T2203] ���'
[ 2565.040367][ T2203] loop3: detected capacity change from 0 to 512
[ 2565.077468][ T2203] ext3: Unknown parameter 'nouser_xattr'
[ 2565.436859][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2566.057211][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2566.072799][   T29] audit: type=1800 audit(2000001630.069:629): pid=2219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8188" name="bus" dev="sda1" ino=2126 res=0 errno=0
[ 2566.150780][   T29] audit: type=1800 audit(2000001630.159:630): pid=2219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8188" name="bus" dev="sda1" ino=2126 res=0 errno=0
[ 2566.258537][   T29] audit: type=1804 audit(2000001630.319:631): pid=2218 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.8188" name="/root/syzkaller.Y7UYuZ/6/bus" dev="sda1" ino=2126 res=1 errno=0
[ 2566.414032][ T2228] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8197'.
[ 2566.610181][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2567.409164][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2568.490718][   T29] audit: type=1800 audit(2000001632.709:632): pid=2276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.8210" name="bus" dev="sda1" ino=2118 res=0 errno=0
[ 2568.639697][ T2239] loop3: detected capacity change from 0 to 32768
[ 2568.646173][ T2279] netlink: 'syz.4.8209': attribute type 9 has an invalid length.
[ 2568.714018][ T2239] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2568.758730][ T2239] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[ 2568.779668][ T2281] netlink: 'syz.0.8212': attribute type 4 has an invalid length.
[ 2568.797482][ T2239] BTRFS info (device loop3): using free-space-tree
[ 2569.577520][ T1581] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2569.728317][ T2314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8216'.
[ 2571.648854][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2571.738955][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2572.371522][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2572.851544][ T2348] overlayfs: missing 'lowerdir'
[ 2572.900202][ T2350] netlink: 'syz.5.8226': attribute type 4 has an invalid length.
[ 2573.009401][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2574.739613][ T2381] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8233'.
[ 2575.140618][ T2345] loop1: detected capacity change from 0 to 32768
[ 2575.185697][ T2345] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.8225 (2345)
[ 2575.301184][ T2345] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2575.329064][ T2345] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[ 2575.337847][ T2345] BTRFS info (device loop1): using free-space-tree
[ 2575.628023][ T2412] overlayfs: missing 'lowerdir'
[ 2575.672002][   T29] audit: type=1804 audit(2000001639.889:633): pid=2345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.8225" name="/root/syzkaller.wUdyoI/295/file1/bus" dev="loop1" ino=263 res=1 errno=0
[ 2575.801457][ T2417] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2576.059843][T28733] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 2576.163496][ T2374] loop4: detected capacity change from 0 to 32768
[ 2576.207015][ T2421] netlink: 'syz.5.8243': attribute type 9 has an invalid length.
[ 2576.260026][ T2374] XFS (loop4): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[ 2576.481815][ T2435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2576.508255][ T2374] XFS (loop4): Ending clean mount
[ 2576.888143][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2577.197837][ T2435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2577.491168][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2577.491932][T32715] XFS (loop4): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[ 2577.593973][   T29] audit: type=1804 audit(2000001641.799:634): pid=2451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.8246" name="/root/syzkaller.wUdyoI/296/file0" dev="sda1" ino=2117 res=1 errno=0
[ 2577.842445][ T2454] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2577.850869][ T2454] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2578.061179][ T2457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8249'.
[ 2578.146980][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2578.937660][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2579.899205][ T2475] overlayfs: missing 'lowerdir'
[ 2580.718881][ T2490] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2580.967751][ T2502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2581.216656][ T2501] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2581.225247][ T2501] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2581.470055][ T2514] loop3: detected capacity change from 0 to 64
[ 2581.486972][ T2501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8267'.
[ 2581.704539][ T2524] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8270'.
[ 2582.086334][ T2533] overlay: Unknown parameter '/'
[ 2582.095169][ T2531] netlink: 'syz.3.8274': attribute type 4 has an invalid length.
[ 2582.579218][ T2556] loop5: detected capacity change from 0 to 64
[ 2582.616154][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2582.793848][ T2558] netlink: 'syz.3.8280': attribute type 9 has an invalid length.
[ 2583.254208][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2583.563016][ T2575] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8287'.
[ 2583.892016][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2583.933244][ T2579] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8289'.
[ 2584.409537][ T2584] overlay: Unknown parameter '/'
[ 2584.532785][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2586.263691][ T2632] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8303'.
[ 2586.352851][ T2636] overlay: Unknown parameter '/'
[ 2586.548736][ T2641] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8304'.
[ 2587.123583][ T2652] netlink: 'syz.5.8309': attribute type 9 has an invalid length.
[ 2587.327988][ T2659] loop4: detected capacity change from 0 to 64
[ 2587.804594][ T2669] loop1: detected capacity change from 0 to 128
[ 2588.442356][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2589.009881][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2589.229355][ T2696] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8323'.
[ 2590.291383][T32282] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2590.681324][ T2705] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8324'.
[ 2590.886880][ T2710] loop2: detected capacity change from 0 to 64
[ 2591.992748][ T2717] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8328'.
[ 2592.596008][ T2744] loop4: detected capacity change from 0 to 128
[ 2592.704438][ T2746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8337'.
[ 2592.928570][ T5169] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 2593.218663][ T5169] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2593.285156][ T5169] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2593.330336][ T5169] usb 5-1: New USB device found, idVendor=056a, idProduct=012c, bcdDevice= 0.00
[ 2593.371328][ T5169] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2593.417686][ T5169] usb 5-1: config 0 descriptor??
[ 2593.486744][ T2771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2593.601268][ T2771] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2593.634783][ T5160] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 2593.677396][ T2772] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2593.828627][ T5160] usb 4-1: device descriptor read/64, error -71
[ 2593.886308][ T5169] wacom 0003:056A:012C.0048: hidraw0: USB HID v0.00 Device [HID 056a:012c] on usb-dummy_hcd.4-1/input0
[ 2594.108501][ T5160] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 2594.132231][ T5083] usb 5-1: USB disconnect, device number 37
[ 2594.132548][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2594.289992][ T5160] usb 4-1: device descriptor read/64, error -71
[ 2594.365943][ T2776] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2594.374415][ T2776] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2594.414774][ T5160] usb usb4-port1: attempt power cycle
[ 2594.587111][ T2782] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8344'.
[ 2594.680439][ T2784] netlink: 'syz.1.8345': attribute type 9 has an invalid length.
[ 2594.770625][T32287] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2594.848617][ T5160] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 2594.891730][ T5160] usb 4-1: device descriptor read/8, error -71
[ 2595.178634][ T5160] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 2595.241307][ T5160] usb 4-1: device descriptor read/8, error -71
[ 2595.423634][ T5160] usb usb4-port1: unable to enumerate USB device
[ 2595.537419][ T2796] loop5: detected capacity change from 0 to 512
[ 2595.568452][ T2796] EXT4-fs: Ignoring removed oldalloc option
[ 2595.589292][ T2796] EXT4-fs: Ignoring removed oldalloc option
[ 2595.622456][ T2796] EXT4-fs (loop5): orphan cleanup on readonly fs
[ 2595.635093][ T2796] EXT4-fs error (device loop5): ext4_xattr_inode_iget:435: comm syz.5.8349: Parent and EA inode have the same ino 15
[ 2595.692761][ T2796] EXT4-fs (loop5): Remounting filesystem read-only
[ 2595.715800][ T2796] EXT4-fs (loop5): 1 orphan inode deleted
[ 2595.745162][ T2796] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[ 2595.920952][ T2799] overlayfs: overlapping lowerdir path
[ 2596.050991][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2596.941163][T32404] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 2597.623835][ T2820] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8355'.
[ 2598.125891][ T2823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2598.254128][ T2823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2598.348606][ T2823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 2598.829888][ T2850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8361'.
[ 2599.251109][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2599.488938][ T5169] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 2599.678708][ T5169] usb 5-1: device descriptor read/64, error -71
[ 2599.892750][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2599.904769][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[ 2599.960920][ T5169] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 2600.153996][ T5169] usb 5-1: device descriptor read/64, error -71
[ 2600.169808][ T2867] netlink: 'syz.1.8371': attribute type 9 has an invalid length.
[ 2600.309307][ T5169] usb usb5-port1: attempt power cycle
[ 2600.647092][ T2878] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8372'.
[ 2600.748471][ T5169] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 2600.790826][ T5169] usb 5-1: device descriptor read/8, error -71
[ 2601.090025][ T5169] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 2601.177195][ T5169] usb 5-1: device descriptor read/8, error -71
[ 2601.310135][ T5169] usb usb5-port1: unable to enumerate USB device
[ 2601.810696][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2601.819158][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2604.370426][ T3324] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2605.201553][ T2937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8383'.
[ 2605.438370][    C1] ==================================================================
[ 2605.446469][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[ 2605.453799][    C1] Read of size 8 at addr ffffc900169b7ba0 by task syz-executor/24937
[ 2605.461884][    C1] 
[ 2605.464208][    C1] CPU: 1 PID: 24937 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[ 2605.474553][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2605.484623][    C1] Call Trace:
[ 2605.487915][    C1]  <IRQ>
[ 2605.490774][    C1]  dump_stack_lvl+0x116/0x1f0
[ 2605.495489][    C1]  print_report+0xc3/0x620
[ 2605.499938][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2605.505599][    C1]  ? __virt_addr_valid+0x5e/0x580
[ 2605.510659][    C1]  kasan_report+0xd9/0x110
[ 2605.515102][    C1]  ? profile_pc+0x186/0x1a0
[ 2605.519646][    C1]  ? profile_pc+0x186/0x1a0
[ 2605.524193][    C1]  ? queued_read_lock_slowpath+0x135/0x2b1
[ 2605.530037][    C1]  profile_pc+0x186/0x1a0
[ 2605.534410][    C1]  profile_tick+0xd3/0x140
[ 2605.538875][    C1]  tick_nohz_handler+0x380/0x530
[ 2605.543867][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 2605.549369][    C1]  __hrtimer_run_queues+0x65a/0xcc0
[ 2605.554619][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 2605.560380][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2605.566047][    C1]  ? ktime_get_update_offsets_now+0x201/0x310
[ 2605.572158][    C1]  hrtimer_interrupt+0x31b/0x800
[ 2605.577153][    C1]  __sysvec_apic_timer_interrupt+0x112/0x450
[ 2605.583188][    C1]  sysvec_apic_timer_interrupt+0x90/0xb0
[ 2605.588867][    C1]  </IRQ>
[ 2605.591816][    C1]  <TASK>
[ 2605.594764][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2605.600806][    C1] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[ 2605.607268][    C1] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[ 2605.626912][    C1] RSP: 0018:ffffc900169b7b98 EFLAGS: 00000286
[ 2605.633009][    C1] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[ 2605.641004][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[ 2605.648997][    C1] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[ 2605.652267][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2605.656967][    C1] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002d36f74
[ 2605.675447][    C1] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[ 2605.683439][    C1]  ? do_wait+0x1e9/0x570
[ 2605.687714][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2605.693477][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2605.699230][    C1]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[ 2605.705426][    C1]  __do_wait+0x105/0x890
[ 2605.709701][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 2605.715633][    C1]  ? do_wait+0x1e9/0x570
[ 2605.719948][    C1]  do_wait+0x219/0x570
[ 2605.724050][    C1]  kernel_wait4+0x16c/0x280
[ 2605.728586][    C1]  ? __pfx_kernel_wait4+0x10/0x10
[ 2605.733644][    C1]  ? __pfx_child_wait_callback+0x10/0x10
[ 2605.739305][    C1]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[ 2605.744813][    C1]  ? __might_fault+0xe3/0x190
[ 2605.749530][    C1]  __do_sys_wait4+0x15f/0x170
[ 2605.754241][    C1]  ? __pfx___do_sys_wait4+0x10/0x10
[ 2605.759467][    C1]  ? __pfx_get_timespec64+0x10/0x10
[ 2605.764710][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2605.770383][    C1]  do_syscall_64+0xcd/0x250
[ 2605.774933][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2605.780870][    C1] RIP: 0033:0x7fbdb8d6be97
[ 2605.785300][    C1] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[ 2605.804928][    C1] RSP: 002b:00007ffedbc8a5d0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[ 2605.813344][    C1] RAX: ffffffffffffffda RBX: 0000000000000631 RCX: 00007fbdb8d6be97
[ 2605.821312][    C1] RDX: 0000000040000001 RSI: 00007ffedbc8a64c RDI: 00000000ffffffff
[ 2605.829276][    C1] RBP: 00007ffedbc8a64c R08: 0000000000000000 R09: 00007fbdb9b17080
[ 2605.837240][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[ 2605.845215][    C1] R13: 000000000027bf32 R14: 000000000027bebb R15: 00007ffedbc8a6b0
[ 2605.853207][    C1]  </TASK>
[ 2605.856214][    C1] 
[ 2605.858523][    C1] The buggy address belongs to stack of task syz-executor/24937
[ 2605.866138][    C1]  and is located at offset 0 in frame:
[ 2605.871664][    C1]  queued_read_lock_slowpath+0x0/0x2b1
[ 2605.877126][    C1] 
[ 2605.879442][    C1] This frame has 1 object:
[ 2605.883855][    C1]  [32, 36) 'val'
[ 2605.883871][    C1] 
[ 2605.889791][    C1] The buggy address belongs to the virtual mapping at
[ 2605.889791][    C1]  [ffffc900169b0000, ffffc900169b9000) created by:
[ 2605.889791][    C1]  kernel_clone+0xfd/0x980
[ 2605.907236][    C1] 
[ 2605.909546][    C1] The buggy address belongs to the physical page:
[ 2605.915940][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x577a9
[ 2605.924693][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2605.931804][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 2605.940381][    C1] raw: 0000000000000008 0000000000000000 00000001ffffffff 0000000000000000
[ 2605.948949][    C1] page dumped because: kasan: bad access detected
[ 2605.955347][    C1] page_owner tracks the page as allocated
[ 2605.961049][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 24930, tgid 24930 (syz-executor), ts 1732427868994, free_ts 1609277070540
[ 2605.979896][    C1]  post_alloc_hook+0x2d1/0x350
[ 2605.984662][    C1]  get_page_from_freelist+0x1353/0x2e50
[ 2605.990217][    C1]  __alloc_pages_noprof+0x22b/0x2460
[ 2605.995514][    C1]  alloc_pages_mpol_noprof+0x275/0x610
[ 2606.000982][    C1]  __vmalloc_node_range_noprof+0xa6a/0x1520
[ 2606.006892][    C1]  copy_process+0x2f38/0x8f10
[ 2606.011583][    C1]  kernel_clone+0xfd/0x980
[ 2606.015990][    C1]  __do_sys_clone+0xba/0x100
[ 2606.020577][    C1]  do_syscall_64+0xcd/0x250
[ 2606.025091][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2606.031002][    C1] page last free pid 23330 tgid 23329 stack trace:
[ 2606.037494][    C1]  free_unref_page+0x64a/0xe40
[ 2606.042275][    C1]  __folio_put+0x239/0x360
[ 2606.046686][    C1]  skb_release_data+0x5df/0x980
[ 2606.051619][    C1]  __kfree_skb+0x4f/0x70
[ 2606.055864][    C1]  tcp_write_queue_purge+0x188/0xd60
[ 2606.061177][    C1]  tcp_v4_destroy_sock+0xfa/0x590
[ 2606.066232][    C1]  inet_csk_destroy_sock+0x1a6/0x450
[ 2606.071522][    C1]  __tcp_close+0xbfc/0xfe0
[ 2606.075938][    C1]  tcp_close+0x28/0x130
[ 2606.080092][    C1]  inet_release+0x13f/0x280
[ 2606.084627][    C1]  __sock_release+0xb3/0x270
[ 2606.089243][    C1]  sock_close+0x1c/0x30
[ 2606.093419][    C1]  __fput+0x40b/0xbb0
[ 2606.097430][    C1]  task_work_run+0x151/0x250
[ 2606.102025][    C1]  do_exit+0xa9b/0x2ba0
[ 2606.106200][    C1]  do_group_exit+0xd3/0x2a0
[ 2606.110705][    C1] 
[ 2606.113016][    C1] Memory state around the buggy address:
[ 2606.118633][    C1]  ffffc900169b7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.126688][    C1]  ffffc900169b7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.134749][    C1] >ffffc900169b7b80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[ 2606.142801][    C1]                                ^
[ 2606.147898][    C1]  ffffc900169b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.155951][    C1]  ffffc900169b7c80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[ 2606.163998][    C1] ==================================================================
[ 2606.172039][    C1] Disabling lock debugging due to kernel taint
[ 2606.178205][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2606.184220][    C1] ==================================================================
[ 2606.192263][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[ 2606.199556][    C1] Read of size 8 at addr ffffc900169b7ba0 by task syz-executor/24937
[ 2606.207612][    C1] 
[ 2606.209922][    C1] CPU: 1 PID: 24937 Comm: syz-executor Tainted: G    B              6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[ 2606.221716][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2606.231763][    C1] Call Trace:
[ 2606.235031][    C1]  <IRQ>
[ 2606.237864][    C1]  dump_stack_lvl+0x116/0x1f0
[ 2606.242544][    C1]  print_report+0xc3/0x620
[ 2606.246961][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2606.252597][    C1]  ? __virt_addr_valid+0x5e/0x580
[ 2606.257625][    C1]  kasan_report+0xd9/0x110
[ 2606.262041][    C1]  ? profile_pc+0x186/0x1a0
[ 2606.266556][    C1]  ? profile_pc+0x186/0x1a0
[ 2606.271077][    C1]  ? queued_read_lock_slowpath+0x135/0x2b1
[ 2606.276895][    C1]  profile_pc+0x186/0x1a0
[ 2606.281240][    C1]  profile_tick+0xd3/0x140
[ 2606.285676][    C1]  tick_nohz_handler+0x380/0x530
[ 2606.290642][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 2606.296113][    C1]  __hrtimer_run_queues+0x65a/0xcc0
[ 2606.301331][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 2606.307063][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2606.312700][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2606.318337][    C1]  hrtimer_interrupt+0x31b/0x800
[ 2606.323294][    C1]  __sysvec_apic_timer_interrupt+0x112/0x450
[ 2606.329288][    C1]  sysvec_apic_timer_interrupt+0x90/0xb0
[ 2606.334929][    C1]  </IRQ>
[ 2606.337853][    C1]  <TASK>
[ 2606.340774][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2606.346771][    C1] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[ 2606.353196][    C1] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[ 2606.372803][    C1] RSP: 0018:ffffc900169b7b98 EFLAGS: 00000286
[ 2606.378868][    C1] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[ 2606.386834][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[ 2606.394801][    C1] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[ 2606.402779][    C1] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002d36f74
[ 2606.410744][    C1] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[ 2606.418710][    C1]  ? do_wait+0x1e9/0x570
[ 2606.422965][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2606.428693][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2606.434418][    C1]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[ 2606.440580][    C1]  __do_wait+0x105/0x890
[ 2606.444824][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 2606.450633][    C1]  ? do_wait+0x1e9/0x570
[ 2606.454875][    C1]  do_wait+0x219/0x570
[ 2606.458948][    C1]  kernel_wait4+0x16c/0x280
[ 2606.463458][    C1]  ? __pfx_kernel_wait4+0x10/0x10
[ 2606.468488][    C1]  ? __pfx_child_wait_callback+0x10/0x10
[ 2606.474127][    C1]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[ 2606.479605][    C1]  ? __might_fault+0xe3/0x190
[ 2606.484292][    C1]  __do_sys_wait4+0x15f/0x170
[ 2606.488979][    C1]  ? __pfx___do_sys_wait4+0x10/0x10
[ 2606.494185][    C1]  ? __pfx_get_timespec64+0x10/0x10
[ 2606.499405][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2606.505058][    C1]  do_syscall_64+0xcd/0x250
[ 2606.509576][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2606.515487][    C1] RIP: 0033:0x7fbdb8d6be97
[ 2606.519899][    C1] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[ 2606.539508][    C1] RSP: 002b:00007ffedbc8a5d0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[ 2606.547926][    C1] RAX: ffffffffffffffda RBX: 0000000000000631 RCX: 00007fbdb8d6be97
[ 2606.555907][    C1] RDX: 0000000040000001 RSI: 00007ffedbc8a64c RDI: 00000000ffffffff
[ 2606.563874][    C1] RBP: 00007ffedbc8a64c R08: 0000000000000000 R09: 00007fbdb9b17080
[ 2606.571925][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[ 2606.579891][    C1] R13: 000000000027bf32 R14: 000000000027bebb R15: 00007ffedbc8a6b0
[ 2606.587877][    C1]  </TASK>
[ 2606.590889][    C1] 
[ 2606.593200][    C1] The buggy address belongs to stack of task syz-executor/24937
[ 2606.600815][    C1]  and is located at offset 0 in frame:
[ 2606.606344][    C1]  queued_read_lock_slowpath+0x0/0x2b1
[ 2606.611813][    C1] 
[ 2606.614124][    C1] This frame has 1 object:
[ 2606.618524][    C1]  [32, 36) 'val'
[ 2606.618541][    C1] 
[ 2606.624478][    C1] The buggy address belongs to the virtual mapping at
[ 2606.624478][    C1]  [ffffc900169b0000, ffffc900169b9000) created by:
[ 2606.624478][    C1]  kernel_clone+0xfd/0x980
[ 2606.641925][    C1] 
[ 2606.644235][    C1] The buggy address belongs to the physical page:
[ 2606.650630][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x577a9
[ 2606.659385][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2606.666521][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 2606.675109][    C1] raw: 0000000000000008 0000000000000000 00000001ffffffff 0000000000000000
[ 2606.683681][    C1] page dumped because: kasan: bad access detected
[ 2606.690081][    C1] page_owner tracks the page as allocated
[ 2606.695780][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 24930, tgid 24930 (syz-executor), ts 1732427868994, free_ts 1609277070540
[ 2606.714632][    C1]  post_alloc_hook+0x2d1/0x350
[ 2606.719403][    C1]  get_page_from_freelist+0x1353/0x2e50
[ 2606.724956][    C1]  __alloc_pages_noprof+0x22b/0x2460
[ 2606.730247][    C1]  alloc_pages_mpol_noprof+0x275/0x610
[ 2606.735711][    C1]  __vmalloc_node_range_noprof+0xa6a/0x1520
[ 2606.741637][    C1]  copy_process+0x2f38/0x8f10
[ 2606.746328][    C1]  kernel_clone+0xfd/0x980
[ 2606.750746][    C1]  __do_sys_clone+0xba/0x100
[ 2606.755329][    C1]  do_syscall_64+0xcd/0x250
[ 2606.759840][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2606.765754][    C1] page last free pid 23330 tgid 23329 stack trace:
[ 2606.772247][    C1]  free_unref_page+0x64a/0xe40
[ 2606.777020][    C1]  __folio_put+0x239/0x360
[ 2606.781433][    C1]  skb_release_data+0x5df/0x980
[ 2606.786284][    C1]  __kfree_skb+0x4f/0x70
[ 2606.790530][    C1]  tcp_write_queue_purge+0x188/0xd60
[ 2606.795817][    C1]  tcp_v4_destroy_sock+0xfa/0x590
[ 2606.800858][    C1]  inet_csk_destroy_sock+0x1a6/0x450
[ 2606.806144][    C1]  __tcp_close+0xbfc/0xfe0
[ 2606.810555][    C1]  tcp_close+0x28/0x130
[ 2606.814705][    C1]  inet_release+0x13f/0x280
[ 2606.819221][    C1]  __sock_release+0xb3/0x270
[ 2606.823817][    C1]  sock_close+0x1c/0x30
[ 2606.827972][    C1]  __fput+0x40b/0xbb0
[ 2606.831952][    C1]  task_work_run+0x151/0x250
[ 2606.836543][    C1]  do_exit+0xa9b/0x2ba0
[ 2606.840696][    C1]  do_group_exit+0xd3/0x2a0
[ 2606.845196][    C1] 
[ 2606.847508][    C1] Memory state around the buggy address:
[ 2606.853131][    C1]  ffffc900169b7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.861181][    C1]  ffffc900169b7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.869233][    C1] >ffffc900169b7b80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[ 2606.877309][    C1]                                ^
[ 2606.882408][    C1]  ffffc900169b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2606.890467][    C1]  ffffc900169b7c80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[ 2606.898521][    C1] ==================================================================
[ 2606.906596][    C1] ==================================================================
[ 2606.914663][    C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0x186/0x1a0
[ 2606.921963][    C1] Read of size 8 at addr ffffc900169b7ba0 by task syz-executor/24937
[ 2606.930023][    C1] 
[ 2606.932336][    C1] CPU: 1 PID: 24937 Comm: syz-executor Tainted: G    B              6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0
[ 2606.944141][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2606.954232][    C1] Call Trace:
[ 2606.957515][    C1]  <IRQ>
[ 2606.960356][    C1]  dump_stack_lvl+0x116/0x1f0
[ 2606.965048][    C1]  print_report+0xc3/0x620
[ 2606.969471][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2606.975111][    C1]  ? __virt_addr_valid+0x5e/0x580
[ 2606.980144][    C1]  kasan_report+0xd9/0x110
[ 2606.984567][    C1]  ? profile_pc+0x186/0x1a0
[ 2606.989087][    C1]  ? profile_pc+0x186/0x1a0
[ 2606.993606][    C1]  ? queued_read_lock_slowpath+0x135/0x2b1
[ 2606.999424][    C1]  profile_pc+0x186/0x1a0
[ 2607.003770][    C1]  profile_tick+0xd3/0x140
[ 2607.008208][    C1]  tick_nohz_handler+0x380/0x530
[ 2607.013173][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[ 2607.018655][    C1]  __hrtimer_run_queues+0x65a/0xcc0
[ 2607.023882][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 2607.029645][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2607.035293][    C1]  ? ktime_get_update_offsets_now+0x201/0x310
[ 2607.041398][    C1]  hrtimer_interrupt+0x31b/0x800
[ 2607.046367][    C1]  __sysvec_apic_timer_interrupt+0x112/0x450
[ 2607.052380][    C1]  sysvec_apic_timer_interrupt+0x90/0xb0
[ 2607.058029][    C1]  </IRQ>
[ 2607.060954][    C1]  <TASK>
[ 2607.063879][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2607.069887][    C1] RIP: 0010:queued_read_lock_slowpath+0x135/0x2b1
[ 2607.076314][    C1] Code: 00 8b 03 84 c0 74 36 48 b8 00 00 00 00 00 fc ff df 49 89 de 48 89 dd 49 c1 ee 03 83 e5 07 49 01 c6 83 c5 03 f3 90 41 0f b6 06 <40> 38 c5 7c 08 84 c0 0f 85 1f 01 00 00 8b 03 84 c0 75 e7 48 c7 c0
[ 2607.095926][    C1] RSP: 0018:ffffc900169b7b98 EFLAGS: 00000286
[ 2607.101994][    C1] RAX: 0000000000000000 RBX: ffffffff8d80a080 RCX: ffffffff8aec1b8b
[ 2607.109964][    C1] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8d80a080
[ 2607.117934][    C1] RBP: 0000000000000003 R08: 0000000000000001 R09: fffffbfff1b01410
[ 2607.125900][    C1] R10: ffffffff8d80a083 R11: 0000000000000000 R12: 1ffff92002d36f74
[ 2607.133868][    C1] R13: ffffffff8d80a084 R14: fffffbfff1b01410 R15: ffffffff8152e4d9
[ 2607.141839][    C1]  ? do_wait+0x1e9/0x570
[ 2607.146097][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2607.151833][    C1]  ? queued_read_lock_slowpath+0xdb/0x2b1
[ 2607.157561][    C1]  ? __pfx_queued_read_lock_slowpath+0x10/0x10
[ 2607.163733][    C1]  __do_wait+0x105/0x890
[ 2607.167982][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 2607.173801][    C1]  ? do_wait+0x1e9/0x570
[ 2607.178066][    C1]  do_wait+0x219/0x570
[ 2607.182145][    C1]  kernel_wait4+0x16c/0x280
[ 2607.186656][    C1]  ? __pfx_kernel_wait4+0x10/0x10
[ 2607.191688][    C1]  ? __pfx_child_wait_callback+0x10/0x10
[ 2607.197328][    C1]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[ 2607.202806][    C1]  ? __might_fault+0xe3/0x190
[ 2607.207499][    C1]  __do_sys_wait4+0x15f/0x170
[ 2607.212187][    C1]  ? __pfx___do_sys_wait4+0x10/0x10
[ 2607.217391][    C1]  ? __pfx_get_timespec64+0x10/0x10
[ 2607.222605][    C1]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 2607.228248][    C1]  do_syscall_64+0xcd/0x250
[ 2607.232768][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2607.238681][    C1] RIP: 0033:0x7fbdb8d6be97
[ 2607.243123][    C1] Code: 89 7c 24 10 48 89 4c 24 18 e8 b5 14 03 00 4c 8b 54 24 18 8b 54 24 14 41 89 c0 48 8b 74 24 08 8b 7c 24 10 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 89 44 24 10 e8 05 15 03 00 8b 44
[ 2607.262735][    C1] RSP: 002b:00007ffedbc8a5d0 EFLAGS: 00000293 ORIG_RAX: 000000000000003d
[ 2607.271146][    C1] RAX: ffffffffffffffda RBX: 0000000000000631 RCX: 00007fbdb8d6be97
[ 2607.279112][    C1] RDX: 0000000040000001 RSI: 00007ffedbc8a64c RDI: 00000000ffffffff
[ 2607.287080][    C1] RBP: 00007ffedbc8a64c R08: 0000000000000000 R09: 00007fbdb9b17080
[ 2607.295046][    C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032
[ 2607.303009][    C1] R13: 000000000027bf32 R14: 000000000027bebb R15: 00007ffedbc8a6b0
[ 2607.311003][    C1]  </TASK>
[ 2607.314009][    C1] 
[ 2607.316319][    C1] The buggy address belongs to stack of task syz-executor/24937
[ 2607.323933][    C1]  and is located at offset 0 in frame:
[ 2607.329457][    C1]  queued_read_lock_slowpath+0x0/0x2b1
[ 2607.334921][    C1] 
[ 2607.337229][    C1] This frame has 1 object:
[ 2607.341631][    C1]  [32, 36) 'val'
[ 2607.341648][    C1] 
[ 2607.347563][    C1] The buggy address belongs to the virtual mapping at
[ 2607.347563][    C1]  [ffffc900169b0000, ffffc900169b9000) created by:
[ 2607.347563][    C1]  kernel_clone+0xfd/0x980
[ 2607.365014][    C1] 
[ 2607.367328][    C1] The buggy address belongs to the physical page:
[ 2607.373747][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x577a9
[ 2607.382504][    C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 2607.389615][    C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 2607.398198][    C1] raw: 0000000000000008 0000000000000000 00000001ffffffff 0000000000000000
[ 2607.406787][    C1] page dumped because: kasan: bad access detected
[ 2607.413184][    C1] page_owner tracks the page as allocated
[ 2607.418882][    C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 24930, tgid 24930 (syz-executor), ts 1732427868994, free_ts 1609277070540
[ 2607.437732][    C1]  post_alloc_hook+0x2d1/0x350
[ 2607.442532][    C1]  get_page_from_freelist+0x1353/0x2e50
[ 2607.448092][    C1]  __alloc_pages_noprof+0x22b/0x2460
[ 2607.453391][    C1]  alloc_pages_mpol_noprof+0x275/0x610
[ 2607.458857][    C1]  __vmalloc_node_range_noprof+0xa6a/0x1520
[ 2607.464766][    C1]  copy_process+0x2f38/0x8f10
[ 2607.469459][    C1]  kernel_clone+0xfd/0x980
[ 2607.473870][    C1]  __do_sys_clone+0xba/0x100
[ 2607.478453][    C1]  do_syscall_64+0xcd/0x250
[ 2607.482968][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2607.488879][    C1] page last free pid 23330 tgid 23329 stack trace:
[ 2607.495366][    C1]  free_unref_page+0x64a/0xe40
[ 2607.500140][    C1]  __folio_put+0x239/0x360
[ 2607.504554][    C1]  skb_release_data+0x5df/0x980
[ 2607.509407][    C1]  __kfree_skb+0x4f/0x70
[ 2607.513651][    C1]  tcp_write_queue_purge+0x188/0xd60
[ 2607.518959][    C1]  tcp_v4_destroy_sock+0xfa/0x590
[ 2607.524002][    C1]  inet_csk_destroy_sock+0x1a6/0x450
[ 2607.529294][    C1]  __tcp_close+0xbfc/0xfe0
[ 2607.533707][    C1]  tcp_close+0x28/0x130
[ 2607.537863][    C1]  inet_release+0x13f/0x280
[ 2607.542375][    C1]  __sock_release+0xb3/0x270
[ 2607.546971][    C1]  sock_close+0x1c/0x30
[ 2607.551132][    C1]  __fput+0x40b/0xbb0
[ 2607.555116][    C1]  task_work_run+0x151/0x250
[ 2607.559709][    C1]  do_exit+0xa9b/0x2ba0
[ 2607.563868][    C1]  do_group_exit+0xd3/0x2a0
[ 2607.568372][    C1] 
[ 2607.570681][    C1] Memory state around the buggy address:
[ 2607.576297][    C1]  ffffc900169b7a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2607.584353][    C1]  ffffc900169b7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2607.592405][    C1] >ffffc900169b7b80: 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3 00 00 00 00
[ 2607.600453][    C1]                                ^
[ 2607.605549][    C1]  ffffc900169b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2607.613603][    C1]  ffffc900169b7c80: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[ 2607.621675][    C1] ==================================================================
[ 2607.629736][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2607.635738][    C1] hrtimer: interrupt took 2197409570 ns
[ 2607.735768][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2607.808964][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2607.834232][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2608.212501][ T2943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8385'.
[ 2609.060108][ T3324] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2609.294901][ T3324] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2609.443017][ T3324] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2609.568252][ T3324] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2609.882192][ T3324] bridge_slave_1: left allmulticast mode
[ 2609.887939][ T3324] bridge_slave_1: left promiscuous mode
[ 2609.908817][ T3324] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2609.942792][ T3324] bridge_slave_0: left allmulticast mode
[ 2609.950296][ T3324] bridge_slave_0: left promiscuous mode
[ 2609.979140][ T3324] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2610.139164][   T12] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2610.595439][ T3324] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2610.623784][ T3324] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2610.664351][ T3324] bond0 (unregistering): Released all slaves
[ 2610.771285][T14844] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2611.179066][ T3324] hsr_slave_0: left promiscuous mode
[ 2611.198576][ T3324] hsr_slave_1: left promiscuous mode
[ 2611.218885][ T3324] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2611.226909][ T3324] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2611.249521][ T3324] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2611.257009][ T3324] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2611.268025][ T3324] veth1_macvtap: left promiscuous mode
[ 2611.273740][ T3324] veth0_macvtap: left promiscuous mode
[ 2611.279596][ T3324] veth1_vlan: left promiscuous mode
[ 2611.285071][ T3324] veth0_vlan: left promiscuous mode
[ 2612.225628][ T3324] team0 (unregistering): Port device team_slave_1 removed
[ 2612.315724][ T3324] team0 (unregistering): Port device team_slave_0 removed
[ 2613.330192][ T2800] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2613.341930][T32299] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 2615.283540][T14844] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2615.388882][T14844] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0