last executing test programs: 9.624564061s ago: executing program 3 (id=534): syz_open_dev$media(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$media(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$media(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$media(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$media(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$media(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$media(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$media(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$media(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$media(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$media(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$media(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$media(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$media(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$media(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$media(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$media(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$media(&(0x7f0000000500), 0x4, 0x800) 9.53522641s ago: executing program 3 (id=538): socket$pppl2tp(0x18, 0x1, 0x1) 9.521732633s ago: executing program 3 (id=541): io_submit(0x0, 0x0, &(0x7f0000000000)) 9.45098834s ago: executing program 3 (id=545): socket$inet6_dccp(0xa, 0x6, 0x0) 8.942223669s ago: executing program 0 (id=583): setitimer(0x0, &(0x7f0000000000), 0x0) 8.875271618s ago: executing program 0 (id=587): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 8.842299884s ago: executing program 0 (id=589): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools', 0x1, 0x0) 8.791235368s ago: executing program 0 (id=593): socket$inet_udplite(0x2, 0x2, 0x88) 8.670910462s ago: executing program 0 (id=597): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null', 0x800, 0x0) 8.67068077s ago: executing program 2 (id=598): fdatasync(0xffffffffffffffff) 8.656069499s ago: executing program 0 (id=600): chdir(&(0x7f0000000000)) 8.65594416s ago: executing program 4 (id=601): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/monitor_on', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/monitor_on', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/monitor_on', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/monitor_on', 0x800, 0x0) 8.561317392s ago: executing program 4 (id=604): eventfd2(0x0, 0x0) 7.259368393s ago: executing program 3 (id=578): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 7.120197838s ago: executing program 4 (id=605): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.51475716s ago: executing program 2 (id=602): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.425293665s ago: executing program 3 (id=608): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.017254432s ago: executing program 4 (id=609): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.339783238s ago: executing program 2 (id=611): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.079840722s ago: executing program 4 (id=613): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.301260457s ago: executing program 2 (id=614): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.031568818s ago: executing program 1 (id=632): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio', 0x800, 0x0) 1.031225652s ago: executing program 1 (id=633): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) 1.031054858s ago: executing program 1 (id=634): rt_sigreturn() 1.019081727s ago: executing program 1 (id=635): poll(&(0x7f0000000000), 0x0, 0x0) 1.00084712s ago: executing program 1 (id=636): epoll_create1(0x0) 947.799247ms ago: executing program 1 (id=637): renameat2(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0) 666.596546ms ago: executing program 4 (id=617): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 92.966378ms ago: executing program 2 (id=628): tgkill(0x0, 0x0, 0x0) 0s ago: executing program 2 (id=640): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.10' (ED25519) to the list of known hosts. [ 77.258586][ T5805] cgroup: Unknown subsys name 'net' [ 77.494671][ T5805] cgroup: Unknown subsys name 'cpuset' [ 77.560211][ T5805] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.234680][ T5805] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.767023][ T6023] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.943437][ T991] cfg80211: failed to load regulatory.db [ 87.306124][ T6299] mmap: syz.0.466 (6299) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 89.092088][ T6436] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.727890][ T5136] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.744954][ T5136] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.748345][ T5136] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.763688][ T5136] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.770019][ T5136] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.831236][ T5136] Bluetooth: hci0: command tx timeout [ 92.976043][ T6451] chnl_net:caif_netlink_parms(): no params data found [ 94.240101][ T6451] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.240256][ T6451] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.240533][ T6451] bridge_slave_0: entered allmulticast mode [ 94.243510][ T6451] bridge_slave_0: entered promiscuous mode [ 94.312032][ T6451] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.312176][ T6451] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.312386][ T6451] bridge_slave_1: entered allmulticast mode [ 94.323928][ T6451] bridge_slave_1: entered promiscuous mode [ 94.774379][ T6451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.814350][ T6451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.267637][ T6451] team0: Port device team_slave_0 added [ 95.318408][ T6451] team0: Port device team_slave_1 added [ 95.667859][ T6451] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.667876][ T6451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.667899][ T6451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.859140][ T6451] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.859157][ T6451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 95.859181][ T6451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.266058][ T6451] hsr_slave_0: entered promiscuous mode [ 96.278909][ T6451] hsr_slave_1: entered promiscuous mode [ 97.404857][ T4214] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.404882][ T4214] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.717651][ T1397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.717669][ T1397] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.887503][ C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 97.887525][ C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 15, name: ksoftirqd/0 [ 97.887542][ C0] preempt_count: 0, expected: 0 [ 97.887550][ C0] RCU nest depth: 2, expected: 2 [ 97.887560][ C0] 7 locks held by ksoftirqd/0/15: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 97.887571][ C0] #0: ffffffff8d64a620 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 97.887643][ C0] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 97.887688][ C0] #2: ffffffff8d7a8a00 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 97.887744][ C0] #3: ffffffff8d7a8a00 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 97.887789][ C0] #4: ffff888019899d38 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 97.887834][ C0] #5: ffffc90000147a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 97.887880][ C0] #6: ffff8880b8828b78 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 97.887937][ C0] irq event stamp: 27931 [ 97.887944][ C0] hardirqs last enabled at (27930): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 97.887968][ C0] hardirqs last disabled at (27931): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 97.887994][ C0] softirqs last enabled at (27904): [] run_ksoftirqd+0xce/0x210 [ 97.888021][ C0] softirqs last disabled at (27922): [] smpboot_thread_fn+0x53f/0xa60 [ 97.888060][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G W 6.16.0-syzkaller-07175-g63eb28bb1402 #0 PREEMPT_{RT,(full)} [ 97.888083][ C0] Tainted: [W]=WARN [ 97.888089][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 97.888099][ C0] Call Trace: [ 97.888107][ C0] [ 97.888115][ C0] dump_stack_lvl+0x189/0x250 [ 97.888140][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 97.888157][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 97.888179][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.888211][ C0] ? print_lock_name+0xde/0x100 [ 97.888245][ C0] __might_resched+0x44b/0x5d0 [ 97.888271][ C0] ? __pfx___might_resched+0x10/0x10 [ 97.888290][ C0] ? kcov_remote_start+0x92/0x460 [ 97.888324][ C0] rt_spin_lock+0xc7/0x2c0 [ 97.888347][ C0] ? led_trigger_blink_setup+0xa8/0x300 [ 97.888367][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 97.888388][ C0] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 97.888404][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 97.888422][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 97.888445][ C0] kcov_remote_start+0x92/0x460 [ 97.888469][ C0] __usb_hcd_giveback_urb+0x427/0x710 [ 97.888499][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 97.888535][ C0] usb_giveback_urb_bh+0x296/0x420 [ 97.888570][ C0] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 97.888595][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 97.888613][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 97.888634][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 97.888659][ C0] process_scheduled_works+0xade/0x17b0 [ 97.888706][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 97.888736][ C0] ? assign_work+0x3a1/0x410 [ 97.888762][ C0] bh_worker+0x2b1/0x600 [ 97.888796][ C0] tasklet_action+0xc/0x70 [ 97.888818][ C0] handle_softirqs+0x22f/0x710 [ 97.888850][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 97.888885][ C0] run_ksoftirqd+0xac/0x210 [ 97.888916][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 97.888937][ C0] ? schedule+0x91/0x360 [ 97.888976][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 97.888997][ C0] smpboot_thread_fn+0x53f/0xa60 [ 97.889020][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 97.889051][ C0] kthread+0x70e/0x8a0 [ 97.889081][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 97.889102][ C0] ? __pfx_kthread+0x10/0x10 [ 97.889135][ C0] ? __pfx_kthread+0x10/0x10 [ 97.889162][ C0] ret_from_fork+0x3f9/0x770 [ 97.889188][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 97.889219][ C0] ? __switch_to_asm+0x39/0x70 [ 97.889244][ C0] ? __switch_to_asm+0x33/0x70 [ 97.889269][ C0] ? __pfx_kthread+0x10/0x10 [ 97.889295][ C0] ret_from_fork_asm+0x1a/0x30 [ 97.889339][ C0] [ 101.882204][ T3529] bridge_slave_1: left allmulticast mode [ 101.882439][ T3529] bridge_slave_1: left promiscuous mode [ 101.884381][ T3529] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.971071][ T3529] bridge_slave_0: left allmulticast mode [ 101.971105][ T3529] bridge_slave_0: left promiscuous mode [ 101.973964][ T3529] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.391194][ T3529] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 102.501645][ T3529] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 102.563568][ T3529] bond0 (unregistering): Released all slaves [ 104.589695][ T3529] hsr_slave_0: left promiscuous mode [ 104.629625][ T3529] hsr_slave_1: left promiscuous mode [ 104.630575][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 104.681397][ T3529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.260307][ T3529] team0 (unregistering): Port device team_slave_1 removed [ 105.371457][ T3529] team0 (unregistering): Port device team_slave_0 removed