last executing test programs:

6.677087221s ago: executing program 3 (id=553):
lookup_dcookie(0x0, &(0x7f0000000000), 0x0)

6.613883279s ago: executing program 3 (id=556):
statfs(&(0x7f0000000000), &(0x7f0000000000))

6.530160995s ago: executing program 3 (id=563):
pause()

6.426397628s ago: executing program 1 (id=569):
memfd_create(&(0x7f0000000000), 0x0)

6.42607062s ago: executing program 1 (id=571):
ftruncate(0xffffffffffffffff, 0x0)

6.353694836s ago: executing program 1 (id=575):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1', 0x2, 0x0)

5.956068406s ago: executing program 0 (id=605):
syz_open_dev$dmmidi(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$dmmidi(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$dmmidi(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$dmmidi(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$dmmidi(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$dmmidi(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$dmmidi(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$dmmidi(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$dmmidi(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$dmmidi(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$dmmidi(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$dmmidi(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$dmmidi(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$dmmidi(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$dmmidi(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$dmmidi(&(0x7f0000000500), 0x4, 0x800)

5.870536761s ago: executing program 2 (id=608):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty', 0x800, 0x0)

5.870292855s ago: executing program 0 (id=609):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0)

5.870087882s ago: executing program 2 (id=611):
socket$isdn_base(0x22, 0x3, 0x0)

5.865002352s ago: executing program 0 (id=612):
syz_open_dev$sndhw(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xa, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xa, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xa, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xa, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x14, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x14, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x14, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x14, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x1e, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x1e, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x1e, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x1e, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x28, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x28, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x28, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x28, 0x800)

5.684490857s ago: executing program 4 (id=615):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb1', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb1', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb1', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb1', 0x800, 0x0)

5.622674643s ago: executing program 4 (id=616):
landlock_restrict_self(0xffffffffffffffff, 0x0)

5.622528876s ago: executing program 4 (id=617):
set_tid_address(&(0x7f0000000000))

5.622206407s ago: executing program 4 (id=618):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/kdamond_pid', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/kdamond_pid', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/kdamond_pid', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/kdamond_pid', 0x800, 0x0)

4.977500521s ago: executing program 1 (id=578):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

4.567696135s ago: executing program 0 (id=613):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

2.840736819s ago: executing program 1 (id=620):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/revoke-subject', 0x2, 0x0)

2.333658469s ago: executing program 2 (id=621):
readlink(&(0x7f0000000000), &(0x7f0000000000), 0x0)

2.287848719s ago: executing program 2 (id=625):
memfd_secret(0x0)

2.137437551s ago: executing program 4 (id=619):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.930164421s ago: executing program 0 (id=622):
statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000))

1.662415909s ago: executing program 3 (id=623):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.025816848s ago: executing program 2 (id=626):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

829.641706ms ago: executing program 1 (id=624):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

610.32727ms ago: executing program 4 (id=627):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

479.527886ms ago: executing program 3 (id=629):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs', 0x800, 0x0)

412.614259ms ago: executing program 3 (id=633):
syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800)

190.760073ms ago: executing program 0 (id=628):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

0s ago: executing program 2 (id=630):
syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts.
[   91.079363][ T5799] cgroup: Unknown subsys name 'net'
[   91.417267][ T5799] cgroup: Unknown subsys name 'cpuset'
[   91.492319][ T5799] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   92.275643][   T49] cfg80211: failed to load regulatory.db
[   93.609806][ T5799] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.452588][ T5850] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   99.766681][ T6097] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  103.607099][ T6315] mmap: syz.0.481 (6315) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  107.055020][ T3620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.055049][ T3620] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.122768][ T6483] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  108.128498][ T6483] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  108.129403][ T6483] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  108.146700][ T6483] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  108.148507][ T6483] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.677345][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.677367][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  110.193271][ T6483] Bluetooth: hci0: command tx timeout
[  111.503770][    C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[  111.503795][    C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 16, name: ktimers/0
[  111.503825][    C0] preempt_count: 0, expected: 0
[  111.503836][    C0] RCU nest depth: 2, expected: 2
[  111.503847][    C0] 7 locks held by ktimers/0/16:
[  111.503857][    C0]  #0: ffffffff8d649e40 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  111.503923][    C0]  #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  111.503963][    C0]  #2: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  111.504001][    C0]  #3: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  111.504042][    C0]  #4: ffff888019899d38 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  111.504084][    C0]  #5: ffffc90000157a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  111.504124][    C0]  #6: ffff8880b8828bb8 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460
[  111.504173][    C0] irq event stamp: 145225
[  111.504179][    C0] hardirqs last  enabled at (145224): [<ffffffff8af18255>] _raw_spin_unlock_irqrestore+0x85/0x110
[  111.504204][    C0] hardirqs last disabled at (145225): [<ffffffff86a3e645>] __usb_hcd_giveback_urb+0x3f5/0x710
[  111.504224][    C0] softirqs last  enabled at (145194): [<ffffffff8184fb41>] run_ktimerd+0xf1/0x190
[  111.504249][    C0] softirqs last disabled at (145200): [<ffffffff818e7dd2>] smpboot_thread_fn+0x542/0xa60
[  111.504289][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G        W           6.16.0-syzkaller-03957-g78bb43e51b94 #0 PREEMPT_{RT,(full)} 
[  111.504312][    C0] Tainted: [W]=WARN
[  111.504317][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  111.504328][    C0] Call Trace:
[  111.504336][    C0]  <TASK>
[  111.504344][    C0]  dump_stack_lvl+0x189/0x250
[  111.504368][    C0]  ? smpboot_thread_fn+0x542/0xa60
[  111.504386][    C0]  ? smpboot_thread_fn+0x542/0xa60
[  111.504408][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.504432][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[  111.504454][    C0]  ? print_lock_name+0xde/0x100
[  111.504474][    C0]  __might_resched+0x44b/0x5d0
[  111.504500][    C0]  ? __pfx___might_resched+0x10/0x10
[  111.504520][    C0]  ? kcov_remote_start+0x92/0x460
[  111.504555][    C0]  rt_spin_lock+0xc7/0x2c0
[  111.504570][    C0]  ? led_trigger_blink_setup+0xa8/0x300
[  111.504595][    C0]  ? __pfx_rt_spin_lock+0x10/0x10
[  111.504611][    C0]  ? __pfx_led_trigger_blink_setup+0x10/0x10
[  111.504632][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.504653][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.504679][    C0]  kcov_remote_start+0x92/0x460
[  111.504707][    C0]  __usb_hcd_giveback_urb+0x427/0x710
[  111.504734][    C0]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  111.504773][    C0]  usb_giveback_urb_bh+0x296/0x420
[  111.504800][    C0]  ? __pfx_usb_giveback_urb_bh+0x10/0x10
[  111.504830][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  111.504851][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  111.504870][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  111.504892][    C0]  process_scheduled_works+0xae1/0x17b0
[  111.504939][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.504970][    C0]  ? assign_work+0x3a1/0x410
[  111.504994][    C0]  bh_worker+0x2b1/0x600
[  111.505028][    C0]  tasklet_action+0xc/0x70
[  111.505049][    C0]  handle_softirqs+0x22f/0x710
[  111.505069][    C0]  ? schedule+0x165/0x360
[  111.505094][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  111.505123][    C0]  run_ktimerd+0xcf/0x190
[  111.505146][    C0]  ? __pfx_run_ktimerd+0x10/0x10
[  111.505167][    C0]  ? schedule+0x91/0x360
[  111.505192][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  111.505211][    C0]  smpboot_thread_fn+0x542/0xa60
[  111.505233][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  111.505260][    C0]  kthread+0x711/0x8a0
[  111.505288][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  111.505309][    C0]  ? __pfx_kthread+0x10/0x10
[  111.505338][    C0]  ? __pfx_kthread+0x10/0x10
[  111.505364][    C0]  ret_from_fork+0x3f9/0x770
[  111.505389][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  111.505416][    C0]  ? __switch_to_asm+0x39/0x70
[  111.505429][    C0]  ? __switch_to_asm+0x33/0x70
[  111.505443][    C0]  ? __pfx_kthread+0x10/0x10
[  111.505469][    C0]  ret_from_fork_asm+0x1a/0x30
[  111.505497][    C0]  </TASK>