last executing test programs:

9.820645053s ago: executing program 3 (id=574):
finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0)

9.772282194s ago: executing program 3 (id=577):
socket$pppl2tp(0x18, 0x1, 0x1)

9.700141109s ago: executing program 3 (id=581):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_qlen_max', 0x2, 0x0)

9.620503548s ago: executing program 3 (id=586):
lookup_dcookie(0x0, &(0x7f0000000000), 0x0)

9.603539889s ago: executing program 3 (id=591):
mount_setattr(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0)

8.400932641s ago: executing program 4 (id=598):
epoll_pwait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000), 0x0)

8.324286341s ago: executing program 4 (id=599):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control', 0x800, 0x0)

8.284541186s ago: executing program 4 (id=600):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36', 0x2, 0x0)

6.760915694s ago: executing program 3 (id=593):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

5.162914694s ago: executing program 4 (id=601):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

4.833836022s ago: executing program 0 (id=603):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

4.07213438s ago: executing program 4 (id=607):
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$I2C(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$I2C(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$I2C(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$I2C(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$I2C(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$I2C(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$I2C(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$I2C(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$I2C(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$I2C(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$I2C(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$I2C(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$I2C(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$I2C(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$I2C(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$I2C(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$I2C(&(0x7f0000000500), 0x4, 0x800)

4.033653129s ago: executing program 0 (id=608):
epoll_wait(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

3.953555313s ago: executing program 0 (id=617):
symlinkat(&(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000))

3.888431844s ago: executing program 0 (id=618):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)

3.160404764s ago: executing program 2 (id=611):
renameat(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000))

3.128179677s ago: executing program 2 (id=620):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0)

2.257358328s ago: executing program 0 (id=619):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.759191063s ago: executing program 2 (id=621):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.070715296s ago: executing program 4 (id=616):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

900.140044ms ago: executing program 1 (id=631):
migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000))

899.808643ms ago: executing program 1 (id=632):
fsmount(0xffffffffffffffff, 0x0, 0x0)

895.88733ms ago: executing program 1 (id=633):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/direct', 0x2, 0x0)

876.939252ms ago: executing program 1 (id=634):
msync(0x0, 0x0, 0x0)

812.1839ms ago: executing program 1 (id=635):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vim2m', 0x2, 0x0)

805.542388ms ago: executing program 1 (id=636):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey', 0x800, 0x0)

408.889235ms ago: executing program 0 (id=623):
shmdt(0x0)

49.712534ms ago: executing program 2 (id=624):
fchownat(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0)

34.705795ms ago: executing program 2 (id=639):
syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndpcmc(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndpcmc(&(0x7f0000000500), 0x29, 0x800)

0s ago: executing program 2 (id=640):
syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.10.12' (ED25519) to the list of known hosts.
[   92.321551][   T31] cfg80211: failed to load regulatory.db
[   93.158698][ T5803] cgroup: Unknown subsys name 'net'
[   93.404311][ T5803] cgroup: Unknown subsys name 'cpuset'
[   93.498977][ T5803] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   95.510860][ T5803] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.406745][ T6100] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  103.875774][ T6283] mmap: syz.1.445 (6283) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  106.216081][ T6420] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  107.038256][ T6285] syz.0.447 (6285) used greatest stack depth: 19416 bytes left
[  112.547924][ T6474] chnl_net:caif_netlink_parms(): no params data found
[  112.905940][ T5132] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.914196][ T5132] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.915828][ T5132] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.917222][ T5132] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.918999][ T5132] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  113.427723][ T6474] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.428185][ T6474] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.428428][ T6474] bridge_slave_0: entered allmulticast mode
[  113.437554][ T6474] bridge_slave_0: entered promiscuous mode
[  113.480694][ T6474] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.480812][ T6474] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.481020][ T6474] bridge_slave_1: entered allmulticast mode
[  113.483766][ T6474] bridge_slave_1: entered promiscuous mode
[  113.529929][ T1306] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.529957][ T1306] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.889808][ T6474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.960278][ T6474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  114.407476][ T1116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.407500][ T1116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.412643][ T6474] team0: Port device team_slave_0 added
[  114.624880][ T6474] team0: Port device team_slave_1 added
[  115.067166][ T6474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.067185][ T6474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.067230][ T6474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.188623][ T6474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.188642][ T6474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.188676][ T6474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.770696][ T6474] hsr_slave_0: entered promiscuous mode
[  115.772681][ T6474] hsr_slave_1: entered promiscuous mode
[  115.937561][    C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[  115.937586][    C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 15, name: ksoftirqd/0
[  115.937605][    C0] preempt_count: 0, expected: 0
[  115.937618][    C0] RCU nest depth: 2, expected: 2
[  115.937629][    C0] 7 locks held by ksoftirqd/0/15:
[  115.937642][    C0]  #0: ffffffff8d649e40 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  115.937710][    C0]  #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  115.937771][    C0]  #2: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  115.937837][    C0]  #3: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  115.937894][    C0]  #4: ffff888019899d38 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  115.937951][    C0]  #5: ffffc90000147a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  115.938014][    C0]  #6: ffff8880b8828bb8 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460
[  115.938088][    C0] irq event stamp: 61093
[  115.938096][    C0] hardirqs last  enabled at (61092): [<ffffffff8af13215>] _raw_spin_unlock_irqrestore+0x85/0x110
[  115.938127][    C0] hardirqs last disabled at (61093): [<ffffffff86a39235>] __usb_hcd_giveback_urb+0x3f5/0x710
[  115.938166][    C0] softirqs last  enabled at (61072): [<ffffffff8184f83e>] run_ksoftirqd+0xce/0x210
[  115.938200][    C0] softirqs last disabled at (61084): [<ffffffff818e7d3f>] smpboot_thread_fn+0x53f/0xa60
[  115.938255][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G        W           6.16.0-syzkaller-03824-g22c5696e3fe0 #0 PREEMPT_{RT,(full)} 
[  115.938289][    C0] Tainted: [W]=WARN
[  115.938296][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  115.938311][    C0] Call Trace:
[  115.938320][    C0]  <TASK>
[  115.938330][    C0]  dump_stack_lvl+0x189/0x250
[  115.938365][    C0]  ? smpboot_thread_fn+0x53f/0xa60
[  115.938392][    C0]  ? smpboot_thread_fn+0x53f/0xa60
[  115.938423][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  115.938458][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[  115.938487][    C0]  ? print_lock_name+0xde/0x100
[  115.938517][    C0]  __might_resched+0x44b/0x5d0
[  115.938552][    C0]  ? __pfx___might_resched+0x10/0x10
[  115.938581][    C0]  ? kcov_remote_start+0x92/0x460
[  115.938630][    C0]  rt_spin_lock+0xc7/0x2c0
[  115.938667][    C0]  ? led_trigger_blink_setup+0xa8/0x300
[  115.938699][    C0]  ? __pfx_rt_spin_lock+0x10/0x10
[  115.938737][    C0]  ? __pfx_led_trigger_blink_setup+0x10/0x10
[  115.938765][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  115.938802][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  115.938837][    C0]  kcov_remote_start+0x92/0x460
[  115.938875][    C0]  __usb_hcd_giveback_urb+0x427/0x710
[  115.938919][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  115.938971][    C0]  usb_giveback_urb_bh+0x296/0x420
[  115.939008][    C0]  ? __pfx_usb_giveback_urb_bh+0x10/0x10
[  115.939036][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  115.939071][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  115.939099][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  115.939131][    C0]  process_scheduled_works+0xade/0x17b0
[  115.939200][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  115.939242][    C0]  ? assign_work+0x3a1/0x410
[  115.939277][    C0]  bh_worker+0x2b1/0x600
[  115.939324][    C0]  tasklet_action+0xc/0x70
[  115.939353][    C0]  handle_softirqs+0x22c/0x710
[  115.939380][    C0]  ? schedule+0x165/0x360
[  115.939415][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  115.939458][    C0]  run_ksoftirqd+0xac/0x210
[  115.939490][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  115.939519][    C0]  ? schedule+0x91/0x360
[  115.939553][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  115.939580][    C0]  smpboot_thread_fn+0x53f/0xa60
[  115.939610][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  115.939650][    C0]  kthread+0x70e/0x8a0
[  115.939689][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  115.939718][    C0]  ? __pfx_kthread+0x10/0x10
[  115.939761][    C0]  ? __pfx_kthread+0x10/0x10
[  115.939797][    C0]  ret_from_fork+0x3f9/0x770
[  115.939831][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  115.939870][    C0]  ? __switch_to_asm+0x39/0x70
[  115.939890][    C0]  ? __switch_to_asm+0x33/0x70
[  115.939907][    C0]  ? __pfx_kthread+0x10/0x10
[  115.939943][    C0]  ret_from_fork_asm+0x1a/0x30
[  115.939983][    C0]  </TASK>
[  123.018557][   T13] bridge_slave_1: left allmulticast mode
[  123.018811][   T13] bridge_slave_1: left promiscuous mode
[  123.020538][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.100193][   T13] bridge_slave_0: left allmulticast mode
[  123.100232][   T13] bridge_slave_0: left promiscuous mode
[  123.100548][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.452398][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  123.569217][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  123.671038][   T13] bond0 (unregistering): Released all slaves
[  123.978458][   T13] hsr_slave_0: left promiscuous mode
[  124.038375][   T13] hsr_slave_1: left promiscuous mode
[  124.039419][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  124.100017][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  124.690666][   T13] team0 (unregistering): Port device team_slave_1 removed
[  124.859150][   T13] team0 (unregistering): Port device team_slave_0 removed