last executing test programs: 11.913564857s ago: executing program 2 (id=447): syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) 11.856453019s ago: executing program 2 (id=455): getxattr(&(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), 0x0) 11.758573772s ago: executing program 2 (id=459): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 11.700487504s ago: executing program 2 (id=468): pause() 9.869849083s ago: executing program 0 (id=602): process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 9.761221038s ago: executing program 0 (id=603): lseek(0xffffffffffffffff, 0x0, 0x0) 8.679109897s ago: executing program 2 (id=607): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cdrom1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cdrom1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cdrom1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cdrom1', 0x800, 0x0) 8.553123736s ago: executing program 2 (id=608): syz_open_dev$vcsa(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$vcsa(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$vcsa(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$vcsa(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$vcsa(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vcsa(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$vcsa(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$vcsa(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$vcsa(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$vcsa(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$vcsa(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$vcsa(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$vcsa(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$vcsa(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$vcsa(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$vcsa(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$vcsa(&(0x7f0000000500), 0x4, 0x800) 7.406154026s ago: executing program 0 (id=605): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 6.778439561s ago: executing program 3 (id=609): truncate(&(0x7f0000000000), 0x0) 5.958498976s ago: executing program 0 (id=612): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.408043225s ago: executing program 3 (id=614): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.711143961s ago: executing program 0 (id=617): pread64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 4.199358057s ago: executing program 3 (id=618): dup(0xffffffffffffffff) 4.182439778s ago: executing program 3 (id=622): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vmci', 0x2, 0x0) 3.369224913s ago: executing program 4 (id=625): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttynull', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttynull', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttynull', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttynull', 0x800, 0x0) 3.368912573s ago: executing program 4 (id=627): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/user', 0x2, 0x0) 3.349932913s ago: executing program 1 (id=628): getcwd(&(0x7f0000000000), 0x0) 3.333091714s ago: executing program 4 (id=629): socket$pppl2tp(0x18, 0x1, 0x1) 3.269264473s ago: executing program 1 (id=630): socket$inet6(0xa, 0x1, 0x0) 3.269118142s ago: executing program 4 (id=631): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rtc0', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0', 0x800, 0x0) 3.269014557s ago: executing program 1 (id=632): getpriority(0x0, 0x0) 2.343283852s ago: executing program 3 (id=623): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.399782463s ago: executing program 1 (id=634): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.280488958s ago: executing program 4 (id=633): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.135088203s ago: executing program 3 (id=636): fgetxattr(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 1.035385779s ago: executing program 0 (id=635): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 101.189988ms ago: executing program 1 (id=637): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/virtual_nci', 0x2, 0x0) 15.127698ms ago: executing program 4 (id=638): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 1 (id=641): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. [ 74.395079][ T5822] cgroup: Unknown subsys name 'net' [ 74.664264][ T5822] cgroup: Unknown subsys name 'cpuset' [ 74.720109][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.428194][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.950978][ T5962] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.809025][ T6209] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.639296][ T6357] mmap: syz.3.505 (6357) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 86.886406][ T991] cfg80211: failed to load regulatory.db [ 88.458729][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.458755][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.641103][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.641120][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.809824][ T6487] chnl_net:caif_netlink_parms(): no params data found [ 91.585948][ T6487] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.586695][ T6487] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.586822][ T6487] bridge_slave_0: entered allmulticast mode [ 91.588456][ T6487] bridge_slave_0: entered promiscuous mode [ 91.653181][ T6487] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.653316][ T6487] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.653597][ T6487] bridge_slave_1: entered allmulticast mode [ 91.656436][ T6487] bridge_slave_1: entered promiscuous mode [ 92.037257][ T6487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.066993][ T6487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.327678][ T6487] team0: Port device team_slave_0 added [ 92.357422][ T6487] team0: Port device team_slave_1 added [ 92.582683][ T6487] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.582700][ T6487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.582725][ T6487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.171805][ T6487] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.171821][ T6487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.171854][ T6487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.791564][ T6562] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 93.794354][ T6562] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 93.795935][ T6562] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 93.799138][ T6562] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 93.819261][ T6487] hsr_slave_0: entered promiscuous mode [ 93.820841][ T6562] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 93.824508][ T6487] hsr_slave_1: entered promiscuous mode [ 96.486916][ T6487] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.557108][ T6487] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.641472][ T6487] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.730086][ T6487] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 96.868504][ C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 96.868525][ C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 15, name: ksoftirqd/0 [ 96.868538][ C0] preempt_count: 0, expected: 0 [ 96.868548][ C0] RCU nest depth: 2, expected: 2 [ 96.868557][ C0] 7 locks held by ksoftirqd/0/15: [ 96.868568][ C0] #0: ffffffff8d84a680 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 96.868634][ C0] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 96.868685][ C0] #2: ffffffff8d9a8b00 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 96.868747][ C0] #3: ffffffff8d9a8b00 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 96.868795][ C0] #4: ffff88801989a138 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 96.868843][ C0] #5: ffffc90000147a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 96.868894][ C0] #6: ffff8880b8828b50 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 96.868949][ C0] irq event stamp: 31739 [ 96.868956][ C0] hardirqs last enabled at (31738): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 96.868982][ C0] hardirqs last disabled at (31739): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 96.869009][ C0] softirqs last enabled at (31720): [] run_ksoftirqd+0xce/0x210 [ 96.869047][ C0] softirqs last disabled at (31730): [] smpboot_thread_fn+0x53f/0xa60 [ 96.869092][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G W 6.16.0-syzkaller-11105-ga6923c06a3b2 #0 PREEMPT_{RT,(full)} [ 96.869117][ C0] Tainted: [W]=WARN [ 96.869123][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 96.869135][ C0] Call Trace: [ 96.869144][ C0] [ 96.869153][ C0] dump_stack_lvl+0x189/0x250 [ 96.869177][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 96.869195][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 96.869218][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.869256][ C0] ? print_lock_name+0xde/0x100 [ 96.869284][ C0] __might_resched+0x44b/0x5d0 [ 96.869314][ C0] ? __pfx___might_resched+0x10/0x10 [ 96.869336][ C0] ? kcov_remote_start+0x92/0x460 [ 96.869376][ C0] rt_spin_lock+0xc7/0x2c0 [ 96.869404][ C0] ? led_trigger_blink_setup+0xa8/0x300 [ 96.869436][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 96.869459][ C0] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 96.869481][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 96.869500][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 96.869521][ C0] kcov_remote_start+0x92/0x460 [ 96.869546][ C0] __usb_hcd_giveback_urb+0x427/0x710 [ 96.869571][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 96.869600][ C0] usb_giveback_urb_bh+0x296/0x420 [ 96.869635][ C0] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 96.869657][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 96.869671][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 96.869688][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 96.869713][ C0] process_scheduled_works+0xae1/0x17b0 [ 96.869762][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 96.869794][ C0] ? assign_work+0x3a1/0x410 [ 96.869819][ C0] bh_worker+0x2b1/0x600 [ 96.869856][ C0] tasklet_action+0xc/0x70 [ 96.869879][ C0] handle_softirqs+0x22c/0x710 [ 96.869912][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 96.869944][ C0] run_ksoftirqd+0xac/0x210 [ 96.869968][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 96.869985][ C0] ? schedule+0x91/0x360 [ 96.870015][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 96.870033][ C0] smpboot_thread_fn+0x53f/0xa60 [ 96.870053][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 96.870081][ C0] kthread+0x70e/0x8a0 [ 96.870105][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 96.870124][ C0] ? __pfx_kthread+0x10/0x10 [ 96.870155][ C0] ? __pfx_kthread+0x10/0x10 [ 96.870182][ C0] ret_from_fork+0x3fc/0x770 [ 96.870206][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 96.870234][ C0] ? __switch_to_asm+0x39/0x70 [ 96.870250][ C0] ? __switch_to_asm+0x33/0x70 [ 96.870265][ C0] ? __pfx_kthread+0x10/0x10 [ 96.870292][ C0] ret_from_fork_asm+0x1a/0x30 [ 96.870327][ C0] [ 97.283990][ T6487] kthread_run failed with err -4 [ 99.309970][ T984] bridge_slave_1: left allmulticast mode [ 99.310167][ T984] bridge_slave_1: left promiscuous mode [ 99.312288][ T984] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.383135][ T984] bridge_slave_0: left allmulticast mode [ 99.383166][ T984] bridge_slave_0: left promiscuous mode [ 99.383449][ T984] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.750477][ T984] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 99.871887][ T984] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 99.933671][ T984] bond0 (unregistering): Released all slaves [ 102.502011][ T984] hsr_slave_0: left promiscuous mode [ 102.542647][ T984] hsr_slave_1: left promiscuous mode [ 102.543813][ T984] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.583622][ T984] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 103.251217][ T984] team0 (unregistering): Port device team_slave_1 removed [ 103.361340][ T984] team0 (unregistering): Port device team_slave_0 removed