last executing test programs: 1.480304489s ago: executing program 0 (id=331): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000070000006a0a00ff000000000c00000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="0000000000009500"/24], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)={@ifindex, r4, 0x11, 0x0, 0x0, @void, @value=r3}, 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[], 0x20) 1.273758573s ago: executing program 0 (id=337): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.234790479s ago: executing program 2 (id=338): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x9ac, 0xfffffc, 0x4000000000000000, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}, 0x800}}, 0xb8}}, 0x2c000010) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) 1.149718539s ago: executing program 1 (id=339): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303001d0000000000000015000010"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x14, 0x3, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x40}}, 0x14}, 0x1, 0x0, 0x0, 0x20004080}, 0x4) 1.03824122s ago: executing program 0 (id=340): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffdffffe}, [@call={0x85, 0x0, 0x0, 0x56}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sk_lookup=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) 1.036861492s ago: executing program 3 (id=341): r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000fc00400009"], 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38}, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) 1.036477187s ago: executing program 4 (id=342): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32], 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 1.029239084s ago: executing program 2 (id=343): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x3, 0x0, 0x0, &(0x7f0000000680)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="0000010051227b17774892c91ad1", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4}, 0x2d) 952.613547ms ago: executing program 1 (id=344): bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x408, 0x84, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) bpf$MAP_LOOKUP_BATCH(0x19, 0x0, 0x0) 811.497955ms ago: executing program 4 (id=345): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000140)="5c00000015006b0300224ed86e6c1d000a117ea6e070d6064e22000300000001250002000f00000017d34460bc24eab556a705251e6182949a00003d3b48dfd8cdbf9767b4fa51f62a64c9f4060046d88037e786a6d0a5d700000017", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 810.126843ms ago: executing program 0 (id=346): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) close(0x3) 793.174537ms ago: executing program 3 (id=347): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000006c0)=@generic={0x0, r0}, 0x18) 734.514875ms ago: executing program 2 (id=348): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000008000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 658.833184ms ago: executing program 1 (id=349): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200cd4c1960b89c40ebb373", 0x39}], 0x1}, 0x0) 585.906773ms ago: executing program 3 (id=350): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 566.123494ms ago: executing program 4 (id=351): r0 = socket$inet(0x2, 0x3, 0x1) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000400)=@in={0x2, 0x4e26, @empty}, 0x80, &(0x7f00000008c0)}, 0x8086) 544.525537ms ago: executing program 1 (id=352): bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xc, 0x0, &(0x7f00000000c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x18, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc85}, 0x94) 415.42061ms ago: executing program 2 (id=353): socket$kcm(0x2d, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)) r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000340)={r0}) 415.033297ms ago: executing program 3 (id=354): sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303001d0000000000000015000010"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x14, 0x3, 0x3, 0x101, 0x0, 0x0, {0x0, 0x0, 0x40}}, 0x14}, 0x1, 0x0, 0x0, 0x20004080}, 0x4) 373.223365ms ago: executing program 4 (id=355): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32], 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 300.072759ms ago: executing program 1 (id=356): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x2c, 0x17, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44010}, 0x8094) 249.623022ms ago: executing program 3 (id=357): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, 0x0, 0x28040) 243.670545ms ago: executing program 0 (id=358): r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1e00000000000000fc00400009"], 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x2}, @volatile={0x0, 0x0, 0x0, 0x2}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x38}, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) 243.232395ms ago: executing program 2 (id=359): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x8, 0xdd, 0x40}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x34, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x75, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x9c}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x80) 183.409449ms ago: executing program 4 (id=360): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000400000008"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xde9, 0xffffffffffffffff, 0x20}, 0x38) 100.022194ms ago: executing program 3 (id=361): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) close(r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000000000000ffffff80e500020000000000c500fcff000000008500feffd100000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='percpu_alloc_percpu\x00', r0, 0x0, 0x10}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 66.355184ms ago: executing program 4 (id=362): r0 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e2357f9ffffffffffffff0521018701546fabca1b4e8a06a6580e88370200cd4c1960b89c40ebb373", 0x39}], 0x1}, 0x0) 59.79999ms ago: executing program 1 (id=363): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0, 0x0, 0x400000000000000}, 0x18) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00) 1.12338ms ago: executing program 2 (id=364): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x5, 0x0, 0x0, 0xa, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xac, 0xfff, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x2, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@empty, 0x4d2, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x49}]}]}, 0xfc}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000bc0)={&(0x7f0000000340)={0xa, 0x4a21, 0x1, @mcast2, 0x5}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000740)="d3", 0x1}], 0x1}, 0x890) 0s ago: executing program 0 (id=365): r0 = socket$inet(0x2, 0x3, 0x1) sendmsg(r0, &(0x7f00000007c0)={&(0x7f0000000400)=@in={0x2, 0x4e26, @empty}, 0x80, &(0x7f00000008c0)=[{0x0}], 0x1}, 0x8086) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.141' (ED25519) to the list of known hosts. [ 73.643555][ T5785] cgroup: Unknown subsys name 'net' [ 73.903572][ T5785] cgroup: Unknown subsys name 'cpuset' [ 73.948998][ T5785] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.589736][ T5785] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.977315][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.992031][ T5813] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.000811][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.002095][ T5813] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.003695][ T5116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.005474][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.007078][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 80.010680][ T5116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.018711][ T5116] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.020308][ T5116] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 80.024872][ T5116] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 80.050793][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.059986][ T5801] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.065005][ T5801] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 80.066040][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.066928][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.067886][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.068276][ T5801] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.070462][ T5116] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.071471][ T5116] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.107357][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.111848][ T5811] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.112641][ T5811] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.113062][ T5811] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.121182][ T5811] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.981281][ T5802] chnl_net:caif_netlink_parms(): no params data found [ 80.985806][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 81.093529][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 81.325692][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 81.331883][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 81.738102][ T10] cfg80211: failed to load regulatory.db [ 81.880730][ T5802] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.880816][ T5802] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.881155][ T5802] bridge_slave_0: entered allmulticast mode [ 81.882807][ T5802] bridge_slave_0: entered promiscuous mode [ 81.886326][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.886439][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.886664][ T5795] bridge_slave_0: entered allmulticast mode [ 81.935651][ T5795] bridge_slave_0: entered promiscuous mode [ 82.019426][ T5802] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.019518][ T5802] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.019629][ T5802] bridge_slave_1: entered allmulticast mode [ 82.021058][ T5802] bridge_slave_1: entered promiscuous mode [ 82.024849][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.024938][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.025209][ T5795] bridge_slave_1: entered allmulticast mode [ 82.026582][ T5795] bridge_slave_1: entered promiscuous mode [ 82.130376][ T5811] Bluetooth: hci4: command tx timeout [ 82.208600][ T5811] Bluetooth: hci1: command tx timeout [ 82.208627][ T5805] Bluetooth: hci0: command tx timeout [ 82.208885][ T62] Bluetooth: hci2: command tx timeout [ 82.290529][ T62] Bluetooth: hci3: command tx timeout [ 82.292532][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.292599][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.292714][ T5797] bridge_slave_0: entered allmulticast mode [ 82.294075][ T5797] bridge_slave_0: entered promiscuous mode [ 82.569350][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.569445][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.569598][ T5797] bridge_slave_1: entered allmulticast mode [ 82.572327][ T5797] bridge_slave_1: entered promiscuous mode [ 82.581002][ T5802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.584554][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.811246][ T5802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.813277][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.813500][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.813633][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.813751][ T5796] bridge_slave_0: entered allmulticast mode [ 82.815086][ T5796] bridge_slave_0: entered promiscuous mode [ 82.817423][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.817540][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.817693][ T5798] bridge_slave_0: entered allmulticast mode [ 82.821365][ T5798] bridge_slave_0: entered promiscuous mode [ 83.059613][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.059797][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.059938][ T5796] bridge_slave_1: entered allmulticast mode [ 83.061466][ T5796] bridge_slave_1: entered promiscuous mode [ 83.062896][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.063009][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.063149][ T5798] bridge_slave_1: entered allmulticast mode [ 83.064584][ T5798] bridge_slave_1: entered promiscuous mode [ 83.068025][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.561184][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.562849][ T5802] team0: Port device team_slave_0 added [ 83.564734][ T5795] team0: Port device team_slave_0 added [ 83.765941][ T5802] team0: Port device team_slave_1 added [ 83.767647][ T5795] team0: Port device team_slave_1 added [ 83.783435][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.786217][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.051440][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.053498][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.121294][ T5797] team0: Port device team_slave_0 added [ 84.208667][ T62] Bluetooth: hci4: command tx timeout [ 84.288676][ T62] Bluetooth: hci1: command tx timeout [ 84.288709][ T5811] Bluetooth: hci2: command tx timeout [ 84.288732][ T5811] Bluetooth: hci0: command tx timeout [ 84.330483][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.330495][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.330508][ T5802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.334290][ T5797] team0: Port device team_slave_1 added [ 84.334997][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.335007][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.335029][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.368630][ T62] Bluetooth: hci3: command tx timeout [ 84.660161][ T5802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.660178][ T5802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.660201][ T5802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.749943][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.749956][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.749970][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.752064][ T5796] team0: Port device team_slave_0 added [ 84.753971][ T5798] team0: Port device team_slave_0 added [ 84.837114][ T5796] team0: Port device team_slave_1 added [ 84.839445][ T5798] team0: Port device team_slave_1 added [ 84.843913][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.843929][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.843953][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.980647][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.980664][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.980679][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.306053][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.306067][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.306080][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.420315][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.420331][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.420353][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.531457][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.531470][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.531484][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.645181][ T5802] hsr_slave_0: entered promiscuous mode [ 85.646241][ T5802] hsr_slave_1: entered promiscuous mode [ 85.647899][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.647910][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 85.647923][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.713600][ T5795] hsr_slave_0: entered promiscuous mode [ 85.714829][ T5795] hsr_slave_1: entered promiscuous mode [ 85.715885][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 85.716002][ T5795] Cannot create hsr debugfs directory [ 85.994180][ T5797] hsr_slave_0: entered promiscuous mode [ 85.994990][ T5797] hsr_slave_1: entered promiscuous mode [ 85.995540][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 85.995561][ T5797] Cannot create hsr debugfs directory [ 86.288673][ T62] Bluetooth: hci4: command tx timeout [ 86.368617][ T5805] Bluetooth: hci0: command tx timeout [ 86.368653][ T5805] Bluetooth: hci2: command tx timeout [ 86.368747][ T62] Bluetooth: hci1: command tx timeout [ 86.414476][ T5796] hsr_slave_0: entered promiscuous mode [ 86.415268][ T5796] hsr_slave_1: entered promiscuous mode [ 86.415803][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 86.415824][ T5796] Cannot create hsr debugfs directory [ 86.433914][ T5798] hsr_slave_0: entered promiscuous mode [ 86.435296][ T5798] hsr_slave_1: entered promiscuous mode [ 86.436175][ T5798] debugfs: 'hsr0' already exists in 'hsr' [ 86.436196][ T5798] Cannot create hsr debugfs directory [ 86.448590][ T62] Bluetooth: hci3: command tx timeout [ 87.689492][ T5802] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.726422][ T5802] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.745361][ T5802] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.795699][ T5802] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.882232][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.925380][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.962276][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.001987][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.151498][ T5795] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 88.197100][ T5795] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 88.216356][ T5795] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 88.270945][ T5795] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.368521][ T62] Bluetooth: hci4: command tx timeout [ 88.417973][ T5798] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.447786][ T5798] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.449792][ T62] Bluetooth: hci1: command tx timeout [ 88.449819][ T62] Bluetooth: hci0: command tx timeout [ 88.458627][ T5811] Bluetooth: hci2: command tx timeout [ 88.484034][ T5798] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.522783][ T5798] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.528820][ T5811] Bluetooth: hci3: command tx timeout [ 88.645309][ T5802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.688082][ T5797] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.730437][ T5797] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.776682][ T5797] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.797727][ T5797] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.855626][ T5802] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.886103][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.899756][ T82] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.899879][ T82] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.942560][ T82] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.942662][ T82] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.996221][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.035890][ T1398] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.036022][ T1398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.073925][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.082438][ T990] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.082597][ T990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.166241][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.192221][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.216761][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.217049][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.266846][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.271062][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.331478][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.356578][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.403147][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.403360][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.472345][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.472531][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.540821][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.589908][ T3558] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.590101][ T3558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.641183][ T3558] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.641386][ T3558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.689332][ T5802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.823332][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.986906][ T5802] veth0_vlan: entered promiscuous mode [ 90.021086][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.028068][ T5802] veth1_vlan: entered promiscuous mode [ 90.141177][ T5796] veth0_vlan: entered promiscuous mode [ 90.169959][ T5796] veth1_vlan: entered promiscuous mode [ 90.251874][ T5802] veth0_macvtap: entered promiscuous mode [ 90.274764][ T5802] veth1_macvtap: entered promiscuous mode [ 90.311346][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.358000][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.369502][ T5796] veth0_macvtap: entered promiscuous mode [ 90.396694][ T5796] veth1_macvtap: entered promiscuous mode [ 90.411916][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.463035][ T5802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.495733][ T990] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.507398][ T990] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.513870][ T990] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.525550][ T990] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.552003][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.553898][ T5798] veth0_vlan: entered promiscuous mode [ 90.624172][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.741098][ T3476] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.750996][ T5798] veth1_vlan: entered promiscuous mode [ 90.762671][ T3476] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.784980][ T3476] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.811175][ T3476] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.818108][ T5797] veth0_vlan: entered promiscuous mode [ 90.963193][ T5797] veth1_vlan: entered promiscuous mode [ 90.964726][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.964748][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.972944][ T5795] veth0_vlan: entered promiscuous mode [ 91.085130][ T5795] veth1_vlan: entered promiscuous mode [ 91.100728][ T3476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.100749][ T3476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.126047][ T5798] veth0_macvtap: entered promiscuous mode [ 91.163267][ T5798] veth1_macvtap: entered promiscuous mode [ 91.184511][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.184529][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.253327][ T5797] veth0_macvtap: entered promiscuous mode [ 91.285672][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.287446][ T5797] veth1_macvtap: entered promiscuous mode [ 91.319349][ T3558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.319370][ T3558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.327604][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.370539][ T5795] veth0_macvtap: entered promiscuous mode [ 91.428612][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.430887][ T5795] veth1_macvtap: entered promiscuous mode [ 91.456875][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.461936][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.480911][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.507799][ T5916] process 'syz.3.4' launched './file2' with NULL argv: empty string added [ 91.513859][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.558331][ T5916] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'. [ 91.590714][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.597086][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.692923][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.765435][ T990] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.811351][ T990] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.858947][ T990] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.868518][ T990] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.868562][ T990] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.868597][ T990] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.868629][ T990] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.868664][ T990] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.959480][ T5841] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.013372][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.013628][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.013672][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.013711][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.013750][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.013796][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 92.076912][ T5919] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2'. [ 92.081126][ T5919] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 92.084724][ T82] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.084743][ T82] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.187828][ T5841] usb 4-1: config 0 has an invalid interface number: 48 but max is 0 [ 92.187856][ T5841] usb 4-1: config 0 has no interface number 0 [ 92.187910][ T5841] usb 4-1: too many endpoints for config 0 interface 48 altsetting 32: 48, using maximum allowed: 30 [ 92.193996][ T5841] usb 4-1: config 0 interface 48 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 92.194029][ T5841] usb 4-1: config 0 interface 48 has no altsetting 0 [ 92.194063][ T5841] usb 4-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6 [ 92.194085][ T5841] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.240890][ T5841] usb 4-1: config 0 descriptor?? [ 92.491400][ T5841] usb 4-1: string descriptor 0 read error: -71 [ 92.541979][ T5841] mxuport 4-1:0.48: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 92.544684][ T5841] mxuport 4-1:0.48: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 92.544768][ T5841] mxuport 4-1:0.48: probe with driver mxuport failed with error -71 [ 92.830287][ T5841] usb 4-1: USB disconnect, device number 2 [ 93.146895][ T82] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.146915][ T82] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.585081][ T166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.585099][ T166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.653392][ T3476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.653415][ T3476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.073899][ T62] Bluetooth: hci5: command 0x1003 tx timeout [ 94.074039][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 94.269072][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.269091][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.410751][ T3558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.410772][ T3558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.432354][ T5937] FAULT_INJECTION: forcing a failure. [ 94.432354][ T5937] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 94.432403][ T5937] CPU: 1 UID: 0 PID: 5937 Comm: syz.1.7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 94.432424][ T5937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 94.432441][ T5937] Call Trace: [ 94.432451][ T5937] [ 94.432458][ T5937] dump_stack_lvl+0xe8/0x150 [ 94.432492][ T5937] should_fail_ex+0x46c/0x600 [ 94.432520][ T5937] _copy_from_user+0x2d/0xb0 [ 94.432539][ T5937] io_submit_one+0xc2/0x1440 [ 94.432564][ T5937] ? irqentry_exit+0x5e8/0x670 [ 94.432582][ T5937] ? lockdep_hardirqs_on+0x7b/0x110 [ 94.432598][ T5937] ? irqentry_exit+0x5e8/0x670 [ 94.432618][ T5937] ? __pfx_io_submit_one+0x10/0x10 [ 94.432640][ T5937] ? __might_fault+0xb0/0x130 [ 94.432673][ T5937] ? __might_fault+0xb0/0x130 [ 94.432699][ T5937] __se_sys_io_submit+0x185/0x320 [ 94.432722][ T5937] ? __pfx___se_sys_io_submit+0x10/0x10 [ 94.432739][ T5937] ? ksys_write+0x230/0x260 [ 94.432776][ T5937] do_syscall_64+0xec/0xf80 [ 94.432792][ T5937] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.432809][ T5937] ? trace_irq_disable+0x37/0x100 [ 94.432826][ T5937] ? clear_bhb_loop+0x60/0xb0 [ 94.432846][ T5937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.432862][ T5937] RIP: 0033:0x7fed6192f749 [ 94.432881][ T5937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.432895][ T5937] RSP: 002b:00007fed5fb6d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 94.432913][ T5937] RAX: ffffffffffffffda RBX: 00007fed61b86090 RCX: 00007fed6192f749 [ 94.432926][ T5937] RDX: 0000200000001300 RSI: 0000000000000001 RDI: 00007fed626c2000 [ 94.432937][ T5937] RBP: 00007fed5fb6d090 R08: 0000000000000000 R09: 0000000000000000 [ 94.432948][ T5937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.432958][ T5937] R13: 00007fed61b86128 R14: 00007fed61b86090 R15: 00007ffdf83b9bb8 [ 94.432985][ T5937] [ 94.958523][ T5840] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.088870][ T5840] usb 1-1: device descriptor read/64, error -71 [ 95.278757][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5'. [ 95.378516][ T5840] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 95.518604][ T5840] usb 1-1: device descriptor read/64, error -71 [ 95.628774][ T5840] usb usb1-port1: attempt power cycle [ 95.786577][ T1529] Bluetooth: hci5: Frame reassembly failed (-84) [ 95.821567][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 95.859447][ T5970] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16'. [ 95.866486][ T5970] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 95.991837][ T5840] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 96.009767][ T5840] usb 1-1: device descriptor read/8, error -71 [ 96.098326][ T31] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 96.098588][ T31] usb 2-1: config 0 has no interface number 0 [ 96.098639][ T31] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 96.098665][ T31] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 96.098691][ T31] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 96.098732][ T31] usb 2-1: New USB device found, idVendor=04d9, idProduct=a0c2, bcdDevice= 0.00 [ 96.098753][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.188813][ T31] usb 2-1: config 0 descriptor?? [ 96.190611][ T5968] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 96.338470][ T5840] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 96.359909][ T5840] usb 1-1: device descriptor read/8, error -71 [ 96.471401][ T5840] usb usb1-port1: unable to enumerate USB device [ 96.808511][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808555][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808582][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808607][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808633][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808658][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808684][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808709][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808733][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.808760][ T31] holtek_mouse 0003:04D9:A0C2.0001: unknown main item tag 0x0 [ 96.879172][ T5966] netlink: 'syz.1.15': attribute type 4 has an invalid length. [ 97.280024][ T31] holtek_mouse 0003:04D9:A0C2.0001: hidraw0: USB HID v0.03 Device [HID 04d9:a0c2] on usb-dummy_hcd.1-1/input1 [ 97.790520][ T31] usb 2-1: USB disconnect, device number 2 [ 97.808600][ T62] Bluetooth: hci5: command 0x1003 tx timeout [ 97.808763][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 98.683993][ T5987] netlink: 28 bytes leftover after parsing attributes in process `syz.2.19'. [ 98.738261][ T5990] Zero length message leads to an empty skb [ 98.968422][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.978429][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.988410][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 98.994212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.065245][ T5986] fido_id[5986]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 99.506636][ T6005] batadv_slave_0: entered promiscuous mode [ 99.516216][ T6007] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.818920][ T5999] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 99.969447][ T5999] usb 4-1: Using ep0 maxpacket: 32 [ 99.974042][ T5999] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 99.974073][ T5999] usb 4-1: config 0 has no interface number 0 [ 99.974499][ T5999] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 100.014726][ T5999] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 100.014762][ T5999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.014787][ T5999] usb 4-1: Product: syz [ 100.014802][ T5999] usb 4-1: Manufacturer: syz [ 100.014816][ T5999] usb 4-1: SerialNumber: syz [ 100.068203][ T5999] usb 4-1: config 0 descriptor?? [ 100.087175][ T5999] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 100.087224][ T5999] em28xx 4-1:0.132: Video interface 132 found: [ 100.512487][ T5999] em28xx 4-1:0.132: unknown em28xx chip ID (39) [ 101.438427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.438743][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.448446][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.458425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.468425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.478419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.629986][ T6034] affs: No valid root block on device nullb0 [ 103.191531][ T5999] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 103.191559][ T5999] em28xx 4-1:0.132: board has no eeprom [ 103.314848][ T6037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.33'. [ 103.331216][ T5999] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 103.331242][ T5999] em28xx 4-1:0.132: analog set to bulk mode. [ 103.332067][ T807] em28xx 4-1:0.132: Registering V4L2 extension [ 103.388168][ T6003] batadv_slave_0: left promiscuous mode [ 103.405759][ T5999] usb 4-1: USB disconnect, device number 3 [ 103.419232][ T5999] em28xx 4-1:0.132: Disconnecting em28xx [ 103.606862][ T6042] netlink: 132 bytes leftover after parsing attributes in process `syz.1.30'. [ 104.058686][ T5982] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 104.253616][ T5982] usb 2-1: not running at top speed; connect to a high speed hub [ 104.258815][ T5982] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 104.258844][ T5982] usb 2-1: config 1 has no interface number 1 [ 104.258888][ T5982] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 104.267328][ T807] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 104.267350][ T807] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 104.267362][ T807] em28xx 4-1:0.132: No AC97 audio processor [ 104.345235][ T5982] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 104.345265][ T5982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.345285][ T5982] usb 2-1: Product: syz [ 104.345299][ T5982] usb 2-1: Manufacturer: syz [ 104.345320][ T5982] usb 2-1: SerialNumber: syz [ 104.441404][ T807] usb 4-1: Decoder not found [ 104.441418][ T807] em28xx 4-1:0.132: failed to create media graph [ 104.441471][ T807] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 104.670863][ T807] em28xx 4-1:0.132: Remote control support is not available for this card. [ 104.673057][ T5999] em28xx 4-1:0.132: Closing input extension [ 104.781535][ T56] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 104.846329][ T5982] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 104.850998][ T5999] em28xx 4-1:0.132: Freeing device [ 104.864183][ T6054] FAULT_INJECTION: forcing a failure. [ 104.864183][ T6054] name failslab, interval 1, probability 0, space 0, times 1 [ 104.864216][ T6054] CPU: 0 UID: 0 PID: 6054 Comm: syz.4.37 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 104.864241][ T6054] Tainted: [L]=SOFTLOCKUP [ 104.864247][ T6054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 104.864257][ T6054] Call Trace: [ 104.864264][ T6054] [ 104.864271][ T6054] dump_stack_lvl+0xe8/0x150 [ 104.864298][ T6054] should_fail_ex+0x46c/0x600 [ 104.864325][ T6054] should_failslab+0xa8/0x100 [ 104.864344][ T6054] __kmalloc_noprof+0xe0/0x7e0 [ 104.864366][ T6054] ? kfree+0x4d/0x900 [ 104.864382][ T6054] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 104.864402][ T6054] tomoyo_realpath_from_path+0xe3/0x5d0 [ 104.864422][ T6054] ? tomoyo_domain+0xd9/0x130 [ 104.864443][ T6054] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 104.864463][ T6054] tomoyo_path_number_perm+0x1e8/0x5a0 [ 104.864487][ T6054] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 104.864509][ T6054] ? __lock_acquire+0x6b6/0x2cf0 [ 104.864535][ T6054] ? do_raw_spin_lock+0x121/0x290 [ 104.864594][ T6054] ? __fget_files+0x2a/0x420 [ 104.864616][ T6054] ? __fget_files+0x2a/0x420 [ 104.864632][ T6054] ? __fget_files+0x3a6/0x420 [ 104.864649][ T6054] ? __fget_files+0x2a/0x420 [ 104.864670][ T6054] security_file_ioctl+0xcb/0x2d0 [ 104.864696][ T6054] __se_sys_ioctl+0x47/0x170 [ 104.864721][ T6054] do_syscall_64+0xec/0xf80 [ 104.864739][ T6054] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.864755][ T6054] ? trace_irq_disable+0x37/0x100 [ 104.864772][ T6054] ? clear_bhb_loop+0x60/0xb0 [ 104.864793][ T6054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.864810][ T6054] RIP: 0033:0x7f44f438f749 [ 104.864826][ T6054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.864840][ T6054] RSP: 002b:00007f44f25ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 104.864860][ T6054] RAX: ffffffffffffffda RBX: 00007f44f45e5fa0 RCX: 00007f44f438f749 [ 104.864873][ T6054] RDX: 0000200000000040 RSI: 000000004008ae89 RDI: 0000000000000005 [ 104.864884][ T6054] RBP: 00007f44f25ee090 R08: 0000000000000000 R09: 0000000000000000 [ 104.864895][ T6054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 104.864906][ T6054] R13: 00007f44f45e6038 R14: 00007f44f45e5fa0 R15: 00007fff26761df8 [ 104.864936][ T6054] [ 104.864943][ T6054] ERROR: Out of memory at tomoyo_realpath_from_path. [ 104.956121][ T56] usb 1-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=5e.ad [ 104.956151][ T56] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.035215][ T56] usb 1-1: config 0 descriptor?? [ 105.314357][ T6061] netlink: 56 bytes leftover after parsing attributes in process `syz.1.39'. [ 105.314877][ T56] snd-usb-hiface 1-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 105.438530][ T5982] usb 2-1: USB disconnect, device number 3 [ 105.587070][ T5803] usb 1-1: USB disconnect, device number 6 [ 105.738532][ T5999] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 105.780414][ T6066] vxfs: WRONG superblock magic 00000000 at 1 [ 105.780765][ T6066] vxfs: WRONG superblock magic 00000000 at 8 [ 105.780780][ T6066] vxfs: can't find superblock. [ 105.792167][ T6066] netlink: 36 bytes leftover after parsing attributes in process `syz.4.41'. [ 105.957553][ T5999] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.957585][ T5999] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.957622][ T5999] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 105.957644][ T5999] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.979792][ T5999] usb 4-1: config 0 descriptor?? [ 106.057935][ T6052] udevd[6052]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 106.500428][ T5999] hid_parser_main: 28 callbacks suppressed [ 106.500451][ T5999] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 106.500599][ T5999] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 106.507572][ T5999] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0002/input/input5 [ 106.552892][ T5999] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 107.814799][ T6030] usb 4-1: reset high-speed USB device number 4 using dummy_hcd [ 109.732190][ T6100] FAULT_INJECTION: forcing a failure. [ 109.732190][ T6100] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 109.732226][ T6100] CPU: 1 UID: 0 PID: 6100 Comm: syz.2.48 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 109.732252][ T6100] Tainted: [L]=SOFTLOCKUP [ 109.732258][ T6100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 109.732268][ T6100] Call Trace: [ 109.732276][ T6100] [ 109.732283][ T6100] dump_stack_lvl+0xe8/0x150 [ 109.732312][ T6100] should_fail_ex+0x46c/0x600 [ 109.732339][ T6100] _copy_from_user+0x2d/0xb0 [ 109.732358][ T6100] ___sys_sendmsg+0x158/0x2a0 [ 109.732383][ T6100] ? __pfx____sys_sendmsg+0x10/0x10 [ 109.732435][ T6100] ? __fget_files+0x2a/0x420 [ 109.732451][ T6100] ? __fget_files+0x3a6/0x420 [ 109.732482][ T6100] __x64_sys_sendmsg+0x1a1/0x260 [ 109.732506][ T6100] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 109.732535][ T6100] ? __pfx_ksys_write+0x10/0x10 [ 109.732569][ T6100] do_syscall_64+0xec/0xf80 [ 109.732588][ T6100] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.732605][ T6100] ? trace_irq_disable+0x37/0x100 [ 109.732623][ T6100] ? clear_bhb_loop+0x60/0xb0 [ 109.732643][ T6100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.732675][ T6100] RIP: 0033:0x7f5679aff749 [ 109.732691][ T6100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.732704][ T6100] RSP: 002b:00007f5677d5e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 109.732723][ T6100] RAX: ffffffffffffffda RBX: 00007f5679d55fa0 RCX: 00007f5679aff749 [ 109.732735][ T6100] RDX: 0000000004000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 109.732747][ T6100] RBP: 00007f5677d5e090 R08: 0000000000000000 R09: 0000000000000000 [ 109.732758][ T6100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.732768][ T6100] R13: 00007f5679d56038 R14: 00007f5679d55fa0 R15: 00007fffdb1eb0c8 [ 109.732794][ T6100] [ 111.515659][ T6114] netlink: 56 bytes leftover after parsing attributes in process `syz.3.54'. [ 112.382648][ T10] usb 4-1: USB disconnect, device number 4 [ 112.689181][ T6121] FAULT_INJECTION: forcing a failure. [ 112.689181][ T6121] name failslab, interval 1, probability 0, space 0, times 0 [ 112.689216][ T6121] CPU: 1 UID: 0 PID: 6121 Comm: syz.2.55 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 112.689241][ T6121] Tainted: [L]=SOFTLOCKUP [ 112.689248][ T6121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 112.689258][ T6121] Call Trace: [ 112.689265][ T6121] [ 112.689272][ T6121] dump_stack_lvl+0xe8/0x150 [ 112.689301][ T6121] should_fail_ex+0x46c/0x600 [ 112.689329][ T6121] should_failslab+0xa8/0x100 [ 112.689349][ T6121] __kmalloc_noprof+0xe0/0x7e0 [ 112.689373][ T6121] ? kfree+0x4d/0x900 [ 112.689391][ T6121] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 112.689415][ T6121] tomoyo_realpath_from_path+0xe3/0x5d0 [ 112.689435][ T6121] ? tomoyo_domain+0xd9/0x130 [ 112.689459][ T6121] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 112.689482][ T6121] tomoyo_path_number_perm+0x1e8/0x5a0 [ 112.689519][ T6121] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 112.689551][ T6121] ? sb_end_write+0xe9/0x1c0 [ 112.689571][ T6121] ? vfs_write+0x965/0xb40 [ 112.689626][ T6121] ? ksys_write+0x1e7/0x260 [ 112.689655][ T6121] security_file_ioctl+0xcb/0x2d0 [ 112.689682][ T6121] __se_sys_ioctl+0x47/0x170 [ 112.689707][ T6121] do_syscall_64+0xec/0xf80 [ 112.689725][ T6121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.689742][ T6121] ? trace_irq_disable+0x37/0x100 [ 112.689759][ T6121] ? clear_bhb_loop+0x60/0xb0 [ 112.689780][ T6121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.689797][ T6121] RIP: 0033:0x7f5679aff749 [ 112.689812][ T6121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.689826][ T6121] RSP: 002b:00007f5677d1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 112.689846][ T6121] RAX: ffffffffffffffda RBX: 00007f5679d56180 RCX: 00007f5679aff749 [ 112.689859][ T6121] RDX: 0000000000000000 RSI: 0000000000005404 RDI: 0000000000000009 [ 112.689869][ T6121] RBP: 00007f5677d1c090 R08: 0000000000000000 R09: 0000000000000000 [ 112.689880][ T6121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.689890][ T6121] R13: 00007f5679d56218 R14: 00007f5679d56180 R15: 00007fffdb1eb0c8 [ 112.689920][ T6121] [ 112.689939][ T6121] ERROR: Out of memory at tomoyo_realpath_from_path. [ 112.759912][ T37] audit: type=1800 audit(1768042401.803:2): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.55" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 116.418847][ T6152] FAULT_INJECTION: forcing a failure. [ 116.418847][ T6152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 116.418885][ T6152] CPU: 1 UID: 0 PID: 6152 Comm: syz.2.63 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 116.418937][ T6152] Tainted: [L]=SOFTLOCKUP [ 116.418950][ T6152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 116.418969][ T6152] Call Trace: [ 116.418983][ T6152] [ 116.418997][ T6152] dump_stack_lvl+0xe8/0x150 [ 116.419035][ T6152] should_fail_ex+0x46c/0x600 [ 116.419062][ T6152] _copy_to_user+0x31/0xb0 [ 116.419080][ T6152] simple_read_from_buffer+0xe1/0x170 [ 116.419099][ T6152] proc_fail_nth_read+0x1b6/0x220 [ 116.419125][ T6152] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.419151][ T6152] ? rw_verify_area+0x2ac/0x4e0 [ 116.419173][ T6152] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 116.419197][ T6152] vfs_read+0x206/0xa30 [ 116.419228][ T6152] ? __pfx_vfs_read+0x10/0x10 [ 116.419262][ T6152] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 116.419282][ T6152] ? lockdep_hardirqs_on+0x7b/0x110 [ 116.419300][ T6152] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 116.419317][ T6152] ? mutex_lock_nested+0x154/0x1d0 [ 116.419338][ T6152] ? fdget_pos+0x253/0x320 [ 116.419364][ T6152] ksys_read+0x14b/0x260 [ 116.419385][ T6152] ? __fget_files+0x3a6/0x420 [ 116.419403][ T6152] ? __pfx_ksys_read+0x10/0x10 [ 116.419436][ T6152] do_syscall_64+0xec/0xf80 [ 116.419453][ T6152] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.419469][ T6152] ? trace_irq_disable+0x37/0x100 [ 116.419487][ T6152] ? clear_bhb_loop+0x60/0xb0 [ 116.419506][ T6152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.419523][ T6152] RIP: 0033:0x7f5679afe15c [ 116.419538][ T6152] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 116.419552][ T6152] RSP: 002b:00007f5677d1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 116.419571][ T6152] RAX: ffffffffffffffda RBX: 00007f5679d56180 RCX: 00007f5679afe15c [ 116.419583][ T6152] RDX: 000000000000000f RSI: 00007f5677d1c0a0 RDI: 0000000000000005 [ 116.419595][ T6152] RBP: 00007f5677d1c090 R08: 0000000000000000 R09: 0000000000000000 [ 116.419606][ T6152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.419616][ T6152] R13: 00007f5679d56218 R14: 00007f5679d56180 R15: 00007fffdb1eb0c8 [ 116.419645][ T6152] [ 116.518525][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 116.606699][ T6157] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.691225][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.691259][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.691296][ T10] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 116.691318][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.770413][ T10] usb 2-1: config 0 descriptor?? [ 117.094591][ T6161] kvm: kvm [6158]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 118.263189][ T10] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 118.263323][ T10] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0 [ 119.224385][ T6161] kvm: kvm [6158]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 119.224448][ T6161] kvm: kvm [6158]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 119.332340][ T10] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0003/input/input6 [ 119.398713][ T6176] netlink: 56 bytes leftover after parsing attributes in process `syz.4.68'. [ 119.555760][ T10] cm6533_jd 0003:0D8C:0022.0003: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 119.632125][ T10] usb 2-1: USB disconnect, device number 4 [ 121.655209][ T6188] fido_id[6188]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 121.819188][ T6196] netlink: 128 bytes leftover after parsing attributes in process `syz.4.76'. [ 121.819236][ T6196] netlink: 'syz.4.76': attribute type 2 has an invalid length. [ 121.819252][ T6196] netlink: 52 bytes leftover after parsing attributes in process `syz.4.76'. [ 129.758780][ T6247] netlink: 56 bytes leftover after parsing attributes in process `syz.3.86'. [ 132.776063][ T6261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.91'. [ 132.776081][ T6261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.91'. [ 132.776090][ T6261] netlink: 12 bytes leftover after parsing attributes in process `syz.0.91'. [ 132.777091][ T6261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.91'. [ 132.777108][ T6261] netlink: 'syz.0.91': attribute type 6 has an invalid length. [ 132.932049][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.932137][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.857248][ T6282] FAULT_INJECTION: forcing a failure. [ 136.857248][ T6282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.857293][ T6282] CPU: 1 UID: 0 PID: 6282 Comm: syz.0.96 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 136.857318][ T6282] Tainted: [L]=SOFTLOCKUP [ 136.857324][ T6282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 136.857334][ T6282] Call Trace: [ 136.857342][ T6282] [ 136.857350][ T6282] dump_stack_lvl+0xe8/0x150 [ 136.857387][ T6282] should_fail_ex+0x46c/0x600 [ 136.857416][ T6282] _copy_from_user+0x2d/0xb0 [ 136.857435][ T6282] ___sys_sendmsg+0x158/0x2a0 [ 136.857461][ T6282] ? __pfx____sys_sendmsg+0x10/0x10 [ 136.857516][ T6282] ? __fget_files+0x2a/0x420 [ 136.857534][ T6282] ? __fget_files+0x3a6/0x420 [ 136.857561][ T6282] __x64_sys_sendmsg+0x1a1/0x260 [ 136.857586][ T6282] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 136.857617][ T6282] ? __pfx_ksys_write+0x10/0x10 [ 136.857651][ T6282] do_syscall_64+0xec/0xf80 [ 136.857670][ T6282] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.857687][ T6282] ? trace_irq_disable+0x37/0x100 [ 136.857705][ T6282] ? clear_bhb_loop+0x60/0xb0 [ 136.857726][ T6282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.857744][ T6282] RIP: 0033:0x7f0a449af749 [ 136.857764][ T6282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.857778][ T6282] RSP: 002b:00007f0a42c16038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.857801][ T6282] RAX: ffffffffffffffda RBX: 00007f0a44c05fa0 RCX: 00007f0a449af749 [ 136.857815][ T6282] RDX: 0000000000040890 RSI: 0000200000000000 RDI: 0000000000000003 [ 136.857827][ T6282] RBP: 00007f0a42c16090 R08: 0000000000000000 R09: 0000000000000000 [ 136.857838][ T6282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.857849][ T6282] R13: 00007f0a44c06038 R14: 00007f0a44c05fa0 R15: 00007ffe03ccc978 [ 136.857879][ T6282] [ 143.071137][ T6324] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 143.714713][ T56] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 143.973776][ T56] usb 5-1: Using ep0 maxpacket: 16 [ 143.976071][ T56] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.976101][ T56] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.976125][ T56] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.976158][ T56] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 143.976180][ T56] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.981459][ T56] usb 5-1: config 0 descriptor?? [ 144.398206][ T56] nzxt-smart2 0003:1E71:2009.0004: unknown main item tag 0x0 [ 144.398241][ T56] nzxt-smart2 0003:1E71:2009.0004: unknown main item tag 0x0 [ 144.398267][ T56] nzxt-smart2 0003:1E71:2009.0004: unknown main item tag 0x0 [ 144.398291][ T56] nzxt-smart2 0003:1E71:2009.0004: unknown main item tag 0x0 [ 144.398316][ T56] nzxt-smart2 0003:1E71:2009.0004: unknown main item tag 0x0 [ 144.445566][ T56] nzxt-smart2 0003:1E71:2009.0004: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0 [ 144.676028][ T5841] usb 5-1: USB disconnect, device number 2 [ 144.726187][ T6331] fido_id[6331]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 145.237411][ T6346] FAULT_INJECTION: forcing a failure. [ 145.237411][ T6346] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 145.237434][ T6346] CPU: 1 UID: 0 PID: 6346 Comm: syz.3.119 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 145.237451][ T6346] Tainted: [L]=SOFTLOCKUP [ 145.237455][ T6346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 145.237461][ T6346] Call Trace: [ 145.237465][ T6346] [ 145.237469][ T6346] dump_stack_lvl+0xe8/0x150 [ 145.237486][ T6346] should_fail_ex+0x46c/0x600 [ 145.237502][ T6346] _copy_from_user+0x2d/0xb0 [ 145.237513][ T6346] do_sock_getsockopt+0x15c/0x3d0 [ 145.237527][ T6346] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 145.237539][ T6346] ? __fget_files+0x3a6/0x420 [ 145.237553][ T6346] ? __fget_files+0x2a/0x420 [ 145.237575][ T6346] __x64_sys_getsockopt+0x1ab/0x250 [ 145.237603][ T6346] do_syscall_64+0xec/0xf80 [ 145.237620][ T6346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.237636][ T6346] ? trace_irq_disable+0x37/0x100 [ 145.237653][ T6346] ? clear_bhb_loop+0x60/0xb0 [ 145.237665][ T6346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.237674][ T6346] RIP: 0033:0x7f2013f3f749 [ 145.237684][ T6346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.237692][ T6346] RSP: 002b:00007f20121a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 145.237703][ T6346] RAX: ffffffffffffffda RBX: 00007f2014195fa0 RCX: 00007f2013f3f749 [ 145.237710][ T6346] RDX: 0000000000000037 RSI: 0000000000000001 RDI: 0000000000000003 [ 145.237716][ T6346] RBP: 00007f20121a6090 R08: 0000200000000200 R09: 0000000000000000 [ 145.237722][ T6346] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 145.237729][ T6346] R13: 00007f2014196038 R14: 00007f2014195fa0 R15: 00007ffe973e4e48 [ 145.237744][ T6346] [ 148.682312][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x100 [ 148.682387][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 148.729182][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x20 [ 148.779406][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x100 [ 148.779459][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 148.807648][ T6350] kvm: kvm [6349]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x20 [ 148.872379][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.872479][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.872559][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.872643][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.872717][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.872795][ T166] Bluetooth: hci5: Frame reassembly failed (-84) [ 148.929208][ T5843] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 148.958575][ T6364] netlink: 16 bytes leftover after parsing attributes in process `syz.0.126'. [ 148.961369][ T6364] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 149.012194][ T6364] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 149.083731][ T5843] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 149.083757][ T5843] usb 3-1: config 0 has no interface number 0 [ 149.106300][ T5843] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 149.106331][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.106352][ T5843] usb 3-1: Product: syz [ 149.106366][ T5843] usb 3-1: Manufacturer: syz [ 149.106380][ T5843] usb 3-1: SerialNumber: syz [ 149.164721][ T5843] usb 3-1: config 0 descriptor?? [ 149.348518][ T56] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 149.436418][ T5843] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 149.486826][ T5843] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 149.487499][ T5843] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 149.487579][ T5843] usb 3-1: media controller created [ 149.562974][ T5843] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 150.567142][ T6372] overlayfs: conflicting lowerdir path [ 150.773301][ T5843] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 150.929805][ T62] Bluetooth: hci5: command 0x1003 tx timeout [ 150.929996][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 151.011085][ T5843] usb 3-1: USB disconnect, device number 2 [ 153.875723][ T6393] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 154.600609][ T6405] warning: `syz.1.137' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 155.158659][ T6422] netlink: 'syz.0.146': attribute type 3 has an invalid length. [ 155.360646][ T6432] sch_tbf: peakrate 8 is lower than or equals to rate 4294967293 ! [ 155.854322][ T6450] netlink: 'syz.2.157': attribute type 3 has an invalid length. [ 155.983769][ T6457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 155.984987][ T6457] netlink: 60 bytes leftover after parsing attributes in process `syz.1.159'. [ 156.710717][ T6484] netlink: 'syz.3.172': attribute type 3 has an invalid length. [ 156.710739][ T6484] netlink: 'syz.3.172': attribute type 1 has an invalid length. [ 156.710752][ T6484] netlink: 60387 bytes leftover after parsing attributes in process `syz.3.172'. [ 157.141883][ T6495] netlink: 830 bytes leftover after parsing attributes in process `syz.0.177'. [ 158.203958][ T6527] netlink: 160 bytes leftover after parsing attributes in process `syz.0.193'. [ 158.566856][ T6549] syz.4.202 uses obsolete (PF_INET,SOCK_PACKET) [ 158.780583][ T6553] Driver unsupported XDP return value 0 on prog (id 27) dev N/A, expect packet loss! [ 158.818497][ T6557] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 159.849909][ T6602] netlink: 'syz.0.230': attribute type 3 has an invalid length. [ 159.849932][ T6602] netlink: 'syz.0.230': attribute type 1 has an invalid length. [ 159.849944][ T6602] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.230'. [ 160.014770][ T6603] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.101221][ T6603] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.125392][ T6603] bridge0: entered allmulticast mode [ 160.219981][ T6610] bridge_slave_1: left allmulticast mode [ 160.220150][ T6610] bridge_slave_1: left promiscuous mode [ 160.227344][ T6610] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.327478][ T6610] bridge_slave_0: left allmulticast mode [ 160.327506][ T6610] bridge_slave_0: left promiscuous mode [ 160.328323][ T6610] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.307466][ T6657] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 161.330894][ T6656] netlink: 'syz.0.255': attribute type 3 has an invalid length. [ 161.330915][ T6656] netlink: 'syz.0.255': attribute type 1 has an invalid length. [ 161.330928][ T6656] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.255'. [ 162.433967][ T6710] netlink: 'syz.0.281': attribute type 3 has an invalid length. [ 162.433986][ T6710] netlink: 'syz.0.281': attribute type 1 has an invalid length. [ 162.433998][ T6710] netlink: 60387 bytes leftover after parsing attributes in process `syz.0.281'. [ 162.885757][ T6723] openvswitch: netlink: Missing valid actions attribute. [ 162.885788][ T6723] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 163.270503][ T6738] netlink: 'syz.2.295': attribute type 3 has an invalid length. [ 163.270520][ T6738] netlink: 'syz.2.295': attribute type 1 has an invalid length. [ 163.270530][ T6738] netlink: 60387 bytes leftover after parsing attributes in process `syz.2.295'. [ 164.623787][ T6786] netlink: 12 bytes leftover after parsing attributes in process `syz.4.318'. [ 166.246583][ T6860] netlink: 8 bytes leftover after parsing attributes in process `syz.1.339'. [ 167.529898][ T6907] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 167.529923][ T6907] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6907, name: syz.3.361 [ 167.529941][ T6907] preempt_count: 2, expected: 0 [ 167.529950][ T6907] RCU nest depth: 1, expected: 1 [ 167.529964][ T6907] 2 locks held by syz.3.361/6907: [ 167.529976][ T6907] #0: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run10+0x1f2/0x510 [ 167.530036][ T6907] #1: ffff8880b893fe88 (&s->lock_key#14){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13e0 [ 167.530090][ T6907] Preemption disabled at: [ 167.530095][ T6907] [<0000000000000000>] 0x0 [ 167.530124][ T6907] CPU: 1 UID: 0 PID: 6907 Comm: syz.3.361 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 167.530153][ T6907] Tainted: [L]=SOFTLOCKUP [ 167.530160][ T6907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 167.530172][ T6907] Call Trace: [ 167.530180][ T6907] [ 167.530188][ T6907] dump_stack_lvl+0xe8/0x150 [ 167.530216][ T6907] __might_resched+0x32a/0x480 [ 167.530243][ T6907] rt_spin_lock+0xc7/0x3e0 [ 167.530273][ T6907] ? __pfx_rt_spin_lock+0x10/0x10 [ 167.530298][ T6907] ? __lock_acquire+0x6b6/0x2cf0 [ 167.530326][ T6907] ? __lock_acquire+0x6b6/0x2cf0 [ 167.530354][ T6907] ___slab_alloc+0x12f/0x13e0 [ 167.530377][ T6907] ? unwind_next_frame+0xa5/0x23d0 [ 167.530401][ T6907] ? lock_acquire+0x107/0x340 [ 167.530423][ T6907] ? __bpf_stream_push_str+0xa8/0x2b0 [ 167.530457][ T6907] __slab_alloc+0xc6/0x1f0 [ 167.530476][ T6907] ? __bpf_stream_push_str+0xa8/0x2b0 [ 167.530514][ T6907] kmalloc_nolock_noprof+0x1be/0x440 [ 167.530541][ T6907] ? __bpf_stream_push_str+0xa8/0x2b0 [ 167.530573][ T6907] __bpf_stream_push_str+0xa8/0x2b0 [ 167.530600][ T6907] ? __asan_memcpy+0x40/0x70 [ 167.530626][ T6907] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 167.530664][ T6907] bpf_stream_stage_printk+0x14e/0x1c0 [ 167.530692][ T6907] ? __pfx_find_from_stack_cb+0x10/0x10 [ 167.530714][ T6907] ? arch_bpf_stack_walk+0x112/0x170 [ 167.530744][ T6907] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 167.530789][ T6907] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 167.530819][ T6907] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 167.530847][ T6907] ? irqentry_exit+0x5e8/0x670 [ 167.530867][ T6907] ? trace_irq_disable+0x37/0x100 [ 167.530889][ T6907] ? read_tsc+0x9/0x20 [ 167.530910][ T6907] bpf_check_timed_may_goto+0xaa/0xb0 [ 167.530941][ T6907] arch_bpf_timed_may_goto+0x21/0x40 [ 167.530964][ T6907] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 167.530984][ T6907] bpf_trace_run10+0x450/0x510 [ 167.531003][ T6907] ? is_bpf_text_address+0x26/0x2b0 [ 167.531027][ T6907] ? bpf_trace_run10+0x1f2/0x510 [ 167.531048][ T6907] ? __pfx_bpf_trace_run10+0x10/0x10 [ 167.531066][ T6907] ? is_bpf_text_address+0x26/0x2b0 [ 167.531091][ T6907] ? bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531130][ T6907] __bpf_trace_percpu_alloc_percpu+0x364/0x400 [ 167.531167][ T6907] ? bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531189][ T6907] ? __pfx___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 167.531217][ T6907] ? bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531239][ T6907] ? bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531260][ T6907] ? __lock_acquire+0x6b6/0x2cf0 [ 167.531291][ T6907] ? do_raw_spin_lock+0x121/0x290 [ 167.531316][ T6907] ? do_raw_spin_lock+0x121/0x290 [ 167.531348][ T6907] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 167.531368][ T6907] ? lockdep_hardirqs_on+0x7b/0x110 [ 167.531388][ T6907] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 167.531413][ T6907] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 167.531446][ T6907] ? bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531468][ T6907] pcpu_alloc_noprof+0x1557/0x16d0 [ 167.531519][ T6907] bpf_prog_alloc_no_stats+0x10e/0x4d0 [ 167.531546][ T6907] bpf_prog_alloc+0x3c/0x1a0 [ 167.531571][ T6907] bpf_prog_load+0x735/0x1a10 [ 167.531604][ T6907] ? __pfx_bpf_prog_load+0x10/0x10 [ 167.531625][ T6907] ? __might_fault+0xb0/0x130 [ 167.531671][ T6907] ? bpf_lsm_bpf+0x9/0x20 [ 167.531686][ T6907] ? security_bpf+0x7e/0x300 [ 167.531716][ T6907] __sys_bpf+0x507/0x860 [ 167.531744][ T6907] ? __pfx___sys_bpf+0x10/0x10 [ 167.531787][ T6907] ? rcu_is_watching+0x15/0xb0 [ 167.531813][ T6907] __x64_sys_bpf+0x7c/0x90 [ 167.531833][ T6907] do_syscall_64+0xec/0xf80 [ 167.531852][ T6907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.531871][ T6907] ? trace_irq_disable+0x37/0x100 [ 167.531890][ T6907] ? clear_bhb_loop+0x60/0xb0 [ 167.531913][ T6907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.531932][ T6907] RIP: 0033:0x7f2013f3f749 [ 167.531950][ T6907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 167.531966][ T6907] RSP: 002b:00007f20121a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 167.531987][ T6907] RAX: ffffffffffffffda RBX: 00007f2014195fa0 RCX: 00007f2013f3f749 [ 167.532002][ T6907] RDX: 0000000000000094 RSI: 00002000000004c0 RDI: 0000000000000005 [ 167.532015][ T6907] RBP: 00007f2013fc3f91 R08: 0000000000000000 R09: 0000000000000000 [ 167.532027][ T6907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 167.532039][ T6907] R13: 00007f2014196038 R14: 00007f2014195fa0 R15: 00007ffe973e4e48 [ 167.532070][ T6907] [ 168.652486][ T6914] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 168.652510][ T6914] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6914, name: syz.0.365 [ 168.652526][ T6914] preempt_count: 2, expected: 0 [ 168.652535][ T6914] RCU nest depth: 1, expected: 1 [ 168.652544][ T6914] 3 locks held by syz.0.365/6914: [ 168.652555][ T6914] #0: ffffffff8d5e92b0 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: copy_process+0x206b/0x3960 [ 168.652610][ T6914] #1: ffffffff8d5ae940 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run10+0x1f2/0x510 [ 168.652654][ T6914] #2: ffff8880b883fe88 (&s->lock_key#14){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x13e0 [ 168.652702][ T6914] Preemption disabled at: [ 168.652706][ T6914] [<0000000000000000>] 0x0 [ 168.652733][ T6914] CPU: 0 UID: 0 PID: 6914 Comm: syz.0.365 Tainted: G W L syzkaller #0 PREEMPT_{RT,(full)} [ 168.652760][ T6914] Tainted: [W]=WARN, [L]=SOFTLOCKUP [ 168.652767][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 168.652777][ T6914] Call Trace: [ 168.652784][ T6914] [ 168.652793][ T6914] dump_stack_lvl+0xe8/0x150 [ 168.652819][ T6914] __might_resched+0x32a/0x480 [ 168.652844][ T6914] rt_spin_lock+0xc7/0x3e0 [ 168.652870][ T6914] ? __pfx_rt_spin_lock+0x10/0x10 [ 168.652890][ T6914] ? __lock_acquire+0x6b6/0x2cf0 [ 168.652915][ T6914] ? __lock_acquire+0x6b6/0x2cf0 [ 168.652939][ T6914] ___slab_alloc+0x12f/0x13e0 [ 168.652961][ T6914] ? unwind_next_frame+0xa5/0x23d0 [ 168.652981][ T6914] ? lock_acquire+0x107/0x340 [ 168.653000][ T6914] ? __bpf_stream_push_str+0xa8/0x2b0 [ 168.653030][ T6914] __slab_alloc+0xc6/0x1f0 [ 168.653048][ T6914] ? __bpf_stream_push_str+0xa8/0x2b0 [ 168.653074][ T6914] kmalloc_nolock_noprof+0x1be/0x440 [ 168.653097][ T6914] ? __bpf_stream_push_str+0xa8/0x2b0 [ 168.653133][ T6914] __bpf_stream_push_str+0xa8/0x2b0 [ 168.653155][ T6914] ? __asan_memcpy+0x40/0x70 [ 168.653177][ T6914] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 168.653211][ T6914] bpf_stream_stage_printk+0x14e/0x1c0 [ 168.653234][ T6914] ? __pfx_find_from_stack_cb+0x10/0x10 [ 168.653254][ T6914] ? arch_bpf_stack_walk+0x112/0x170 [ 168.653280][ T6914] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 168.653321][ T6914] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 168.653347][ T6914] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 168.653370][ T6914] ? irqentry_exit+0x5e8/0x670 [ 168.653388][ T6914] ? trace_irq_disable+0x37/0x100 [ 168.653409][ T6914] ? read_tsc+0x9/0x20 [ 168.653430][ T6914] bpf_check_timed_may_goto+0xaa/0xb0 [ 168.653456][ T6914] arch_bpf_timed_may_goto+0x21/0x40 [ 168.653478][ T6914] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 168.653497][ T6914] bpf_trace_run10+0x450/0x510 [ 168.653514][ T6914] ? unwind_next_frame+0xa5/0x23d0 [ 168.653536][ T6914] ? bpf_trace_run10+0x1f2/0x510 [ 168.653555][ T6914] ? __pfx_bpf_trace_run10+0x10/0x10 [ 168.653575][ T6914] ? futex_hash_allocate+0x3e8/0xe80 [ 168.653615][ T6914] __bpf_trace_percpu_alloc_percpu+0x364/0x400 [ 168.653647][ T6914] ? futex_hash_allocate+0x3e8/0xe80 [ 168.653669][ T6914] ? __pfx___bpf_trace_percpu_alloc_percpu+0x10/0x10 [ 168.653693][ T6914] ? futex_hash_allocate+0x3e8/0xe80 [ 168.653715][ T6914] ? futex_hash_allocate+0x3e8/0xe80 [ 168.653735][ T6914] ? __lock_acquire+0x6b6/0x2cf0 [ 168.653763][ T6914] ? do_raw_spin_lock+0x121/0x290 [ 168.653785][ T6914] ? do_raw_spin_lock+0x121/0x290 [ 168.653816][ T6914] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.653834][ T6914] ? lockdep_hardirqs_on+0x7b/0x110 [ 168.653852][ T6914] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 168.653874][ T6914] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 168.653903][ T6914] ? futex_hash_allocate+0x3e8/0xe80 [ 168.653925][ T6914] pcpu_alloc_noprof+0x1557/0x16d0 [ 168.653966][ T6914] futex_hash_allocate+0x3e8/0xe80 [ 168.653989][ T6914] ? futex_hash_allocate+0x13b/0xe80 [ 168.654016][ T6914] ? __pfx_futex_hash_allocate+0x10/0x10 [ 168.654041][ T6914] ? futex_hash_allocate_default+0x56/0x480 [ 168.654068][ T6914] ? futex_hash_allocate_default+0x379/0x480 [ 168.654089][ T6914] ? futex_hash_allocate_default+0x56/0x480 [ 168.654120][ T6914] copy_process+0x20ea/0x3960 [ 168.654151][ T6914] ? copy_process+0x915/0x3960 [ 168.654180][ T6914] ? __pfx_copy_process+0x10/0x10 [ 168.654203][ T6914] ? __asan_memset+0x22/0x50 [ 168.654229][ T6914] kernel_clone+0x21d/0x7a0 [ 168.654253][ T6914] ? __pfx_kernel_clone+0x10/0x10 [ 168.654292][ T6914] __se_sys_clone3+0x256/0x2d0 [ 168.654313][ T6914] ? __might_fault+0xb0/0x130 [ 168.654337][ T6914] ? __pfx___se_sys_clone3+0x10/0x10 [ 168.654372][ T6914] ? _copy_to_user+0x8a/0xb0 [ 168.654405][ T6914] ? do_user_addr_fault+0xc85/0x1380 [ 168.654435][ T6914] do_syscall_64+0xec/0xf80 [ 168.654453][ T6914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.654469][ T6914] ? trace_irq_disable+0x37/0x100 [ 168.654486][ T6914] ? clear_bhb_loop+0x60/0xb0 [ 168.654506][ T6914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.654524][ T6914] RIP: 0033:0x7f0a449e3e89 [ 168.654541][ T6914] Code: ef 08 00 48 8d 3d 5c ef 08 00 e8 12 29 f6 ff 66 90 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 168.654555][ T6914] RSP: 002b:00007ffe03ccc848 EFLAGS: 00000206 ORIG_RAX: 00000000000001b3 [ 168.654574][ T6914] RAX: ffffffffffffffda RBX: 00007f0a449662a0 RCX: 00007f0a449e3e89 [ 168.654587][ T6914] RDX: 00007f0a449662a0 RSI: 0000000000000058 RDI: 00007ffe03ccc890 [ 168.654599][ T6914] RBP: 00007f0a42c166c0 R08: 00007f0a42c166c0 R09: 00007ffe03ccc977 [ 168.654612][ T6914] R10: 0000000000000008 R11: 0000000000000206 R12: ffffffffffffffa8 [ 168.654623][ T6914] R13: 000000000000000b R14: 00007ffe03ccc890 R15: 00007ffe03ccc978 [ 168.654652][ T6914]