last executing test programs: 11.693589071s ago: executing program 1 (id=464): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0) 11.615256382s ago: executing program 1 (id=468): pause() 11.039430008s ago: executing program 4 (id=502): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 10.988192629s ago: executing program 4 (id=505): unshare(0x0) 10.939549883s ago: executing program 4 (id=508): readv(0xffffffffffffffff, &(0x7f0000000000), 0x0) 10.896632823s ago: executing program 4 (id=511): rt_sigreturn() 7.171364257s ago: executing program 4 (id=612): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 7.025698723s ago: executing program 0 (id=609): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.57811628s ago: executing program 2 (id=618): syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$sg(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$sg(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$sg(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$sg(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$sg(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$sg(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$sg(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$sg(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$sg(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$sg(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$sg(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$sg(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$sg(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$sg(&(0x7f0000000500), 0x4, 0x800) 5.130702115s ago: executing program 1 (id=611): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.998315608s ago: executing program 4 (id=614): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/reclaim', 0x1, 0x0) 4.816680158s ago: executing program 0 (id=615): finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0) 4.359813199s ago: executing program 3 (id=619): ioperm(0x0, 0x0, 0x0) 4.330217041s ago: executing program 3 (id=624): munmap(0x0, 0x0) 4.31492273s ago: executing program 3 (id=625): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/irnet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/irnet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/irnet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/irnet', 0x800, 0x0) 3.704547621s ago: executing program 2 (id=620): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.060970503s ago: executing program 1 (id=627): socket$inet_udplite(0x2, 0x2, 0x88) 3.059998097s ago: executing program 3 (id=626): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.056658585s ago: executing program 0 (id=623): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.633903763s ago: executing program 2 (id=628): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.334679796s ago: executing program 0 (id=631): fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0) 1.313179499s ago: executing program 0 (id=633): io_pgetevents(0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) 1.24011164s ago: executing program 3 (id=630): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.17683435s ago: executing program 1 (id=629): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 177.193187ms ago: executing program 3 (id=635): set_thread_area(&(0x7f0000000000)) 132.414385ms ago: executing program 2 (id=632): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0) 131.645275ms ago: executing program 1 (id=636): socket$rds(0x15, 0x5, 0x0) 28.035452ms ago: executing program 2 (id=638): capget(&(0x7f0000000000), &(0x7f0000000000)) 541.695µs ago: executing program 0 (id=634): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=640): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. [ 86.766251][ T5808] cgroup: Unknown subsys name 'net' [ 87.012592][ T5808] cgroup: Unknown subsys name 'cpuset' [ 87.055769][ T5808] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.409399][ T9] cfg80211: failed to load regulatory.db [ 88.861650][ T5808] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 99.964567][ T6453] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.374064][ T6489] mmap: syz.2.616 (6489) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 105.426619][ T1414] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.426651][ T1414] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.805609][ T3594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.805632][ T3594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.002934][ T6531] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.762122][ T6507] chnl_net:caif_netlink_parms(): no params data found [ 107.388764][ T6507] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.391481][ T6507] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.391784][ T6507] bridge_slave_0: entered allmulticast mode [ 107.394552][ T6507] bridge_slave_0: entered promiscuous mode [ 107.440931][ T6507] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.441069][ T6507] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.441302][ T6507] bridge_slave_1: entered allmulticast mode [ 107.444025][ T6507] bridge_slave_1: entered promiscuous mode [ 108.207543][ T6507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 108.228168][ T6507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.428228][ T6507] team0: Port device team_slave_0 added [ 108.456078][ T6507] team0: Port device team_slave_1 added [ 108.674654][ T6507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.674671][ T6507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.674685][ T6507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.727221][ T6507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.727241][ T6507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.727256][ T6507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.073750][ C1] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 109.073779][ C1] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 30, name: ksoftirqd/1 [ 109.073799][ C1] preempt_count: 0, expected: 0 [ 109.073809][ C1] RCU nest depth: 2, expected: 2 [ 109.073820][ C1] 7 locks held by ksoftirqd/1/30: [ 109.073833][ C1] #0: ffffffff8d64a5e0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 109.073915][ C1] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 109.073967][ C1] #2: ffffffff8d7a8a80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 109.074037][ C1] #3: ffffffff8d7a8a80 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 109.074085][ C1] #4: ffff888019899d38 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 109.074138][ C1] #5: ffffc90000a4fa00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 109.074178][ C1] #6: ffff8880b8928b78 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 109.074226][ C1] irq event stamp: 28185 [ 109.074234][ C1] hardirqs last enabled at (28184): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 109.074262][ C1] hardirqs last disabled at (28185): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 109.074293][ C1] softirqs last enabled at (28166): [] run_ksoftirqd+0xce/0x210 [ 109.074322][ C1] softirqs last disabled at (28176): [] smpboot_thread_fn+0x53f/0xa60 [ 109.074371][ C1] CPU: 1 UID: 0 PID: 30 Comm: ksoftirqd/1 Tainted: G W 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT_{RT,(full)} [ 109.074401][ C1] Tainted: [W]=WARN [ 109.074407][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 109.074420][ C1] Call Trace: [ 109.074430][ C1] [ 109.074439][ C1] dump_stack_lvl+0x189/0x250 [ 109.074467][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 109.074487][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 109.074511][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.074547][ C1] ? print_lock_name+0xde/0x100 [ 109.074587][ C1] __might_resched+0x44b/0x5d0 [ 109.074616][ C1] ? __pfx___might_resched+0x10/0x10 [ 109.074635][ C1] ? kcov_remote_start+0x92/0x460 [ 109.074675][ C1] rt_spin_lock+0xc7/0x2c0 [ 109.074705][ C1] ? led_trigger_blink_setup+0xa8/0x300 [ 109.074729][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 109.074756][ C1] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 109.074774][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 109.074797][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 109.074830][ C1] kcov_remote_start+0x92/0x460 [ 109.074857][ C1] __usb_hcd_giveback_urb+0x427/0x710 [ 109.074889][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 109.074929][ C1] usb_giveback_urb_bh+0x296/0x420 [ 109.074962][ C1] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 109.074995][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 109.075014][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 109.075032][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 109.075054][ C1] process_scheduled_works+0xade/0x17b0 [ 109.075104][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 109.075134][ C1] ? assign_work+0x3a1/0x410 [ 109.075157][ C1] bh_worker+0x2b1/0x600 [ 109.075191][ C1] tasklet_action+0xc/0x70 [ 109.075216][ C1] handle_softirqs+0x22f/0x710 [ 109.075251][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 109.075288][ C1] run_ksoftirqd+0xac/0x210 [ 109.075315][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 109.075340][ C1] ? schedule+0x91/0x360 [ 109.075373][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.075396][ C1] smpboot_thread_fn+0x53f/0xa60 [ 109.075421][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 109.075456][ C1] kthread+0x70e/0x8a0 [ 109.075490][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 109.075513][ C1] ? __pfx_kthread+0x10/0x10 [ 109.075549][ C1] ? __pfx_kthread+0x10/0x10 [ 109.075580][ C1] ret_from_fork+0x3f9/0x770 [ 109.075608][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 109.075639][ C1] ? __switch_to_asm+0x39/0x70 [ 109.075668][ C1] ? __switch_to_asm+0x33/0x70 [ 109.075696][ C1] ? __pfx_kthread+0x10/0x10 [ 109.075727][ C1] ret_from_fork_asm+0x1a/0x30 [ 109.075777][ C1] [ 109.248735][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.257290][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.258600][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 109.261898][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.262882][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 110.606980][ T4154] bridge_slave_1: left allmulticast mode [ 110.607268][ T4154] bridge_slave_1: left promiscuous mode [ 110.609272][ T4154] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.687832][ T4154] bridge_slave_0: left allmulticast mode [ 110.687867][ T4154] bridge_slave_0: left promiscuous mode [ 110.688083][ T4154] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.046480][ T4154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.136157][ T4154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.197613][ T4154] bond0 (unregistering): Released all slaves [ 114.301237][ T4154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.326790][ T4154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.576015][ T4154] team0 (unregistering): Port device team_slave_1 removed [ 114.706090][ T4154] team0 (unregistering): Port device team_slave_0 removed