last executing test programs:

4.688562653s ago: executing program 3 (id=578):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control', 0x800, 0x0)

4.612972464s ago: executing program 3 (id=584):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card0/oss_mixer', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card0/oss_mixer', 0x800, 0x0)

4.552503303s ago: executing program 3 (id=588):
migrate_pages(0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000))

4.528721922s ago: executing program 3 (id=590):
syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x1)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x0, 0x2)
syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x800)
syz_open_dev$vim2m(&(0x7f0000000140), 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f0000000180), 0x1, 0x1)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2)
syz_open_dev$vim2m(&(0x7f0000000200), 0x1, 0x800)
syz_open_dev$vim2m(&(0x7f0000000240), 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f0000000280), 0x2, 0x1)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2, 0x2)
syz_open_dev$vim2m(&(0x7f0000000300), 0x2, 0x800)
syz_open_dev$vim2m(&(0x7f0000000340), 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000380), 0x3, 0x1)
syz_open_dev$vim2m(&(0x7f00000003c0), 0x3, 0x2)
syz_open_dev$vim2m(&(0x7f0000000400), 0x3, 0x800)
syz_open_dev$vim2m(&(0x7f0000000440), 0x4, 0x0)
syz_open_dev$vim2m(&(0x7f0000000480), 0x4, 0x1)
syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2)
syz_open_dev$vim2m(&(0x7f0000000500), 0x4, 0x800)

4.376598067s ago: executing program 0 (id=599):
syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5)

4.280086002s ago: executing program 4 (id=602):
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000000), &(0x7f0000000000))

4.176898588s ago: executing program 4 (id=603):
restart_syscall()

4.171097739s ago: executing program 4 (id=604):
setuid(0x0)

4.077648895s ago: executing program 4 (id=606):
syncfs(0xffffffffffffffff)

3.108677261s ago: executing program 3 (id=598):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

2.302338092s ago: executing program 2 (id=601):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.624919805s ago: executing program 4 (id=607):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.552742647s ago: executing program 0 (id=605):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.529753102s ago: executing program 1 (id=611):
socket$inet(0x2, 0x1, 0x0)

1.31285407s ago: executing program 1 (id=615):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0)

1.3123089s ago: executing program 1 (id=616):
faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

1.276629367s ago: executing program 1 (id=617):
sync()

1.049230984s ago: executing program 2 (id=609):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x14)

968.9739ms ago: executing program 2 (id=618):
kexec_load(0x0, 0x0, &(0x7f0000000000), 0x0)

956.635996ms ago: executing program 2 (id=619):
socket$can_j1939(0x1d, 0x2, 0x7)

917.813006ms ago: executing program 2 (id=620):
fspick(0xffffffffffffffff, &(0x7f0000000000), 0x0)

856.819032ms ago: executing program 1 (id=621):
msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0)

856.543555ms ago: executing program 2 (id=622):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/register', 0x1, 0x0)

856.367955ms ago: executing program 1 (id=623):
fstat(0xffffffffffffffff, &(0x7f0000000000))

374.512276ms ago: executing program 4 (id=612):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

105.118738ms ago: executing program 0 (id=613):
splice(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)

86.301139ms ago: executing program 0 (id=627):
syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800)

57.487348ms ago: executing program 3 (id=614):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fb0', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0', 0x800, 0x0)

18.245928ms ago: executing program 0 (id=628):
syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800)

0s ago: executing program 0 (id=629):
syz_open_dev$sndmidi(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$sndmidi(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$sndmidi(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$sndmidi(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$sndmidi(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$sndmidi(&(0x7f0000000500), 0x29, 0x800)

kernel console output (not intermixed with test programs):

[   87.116434][  T991] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.75' (ED25519) to the list of known hosts.
[   91.543830][ T5802] cgroup: Unknown subsys name 'net'
[   91.798171][ T5802] cgroup: Unknown subsys name 'cpuset'
[   91.853167][ T5802] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   94.053874][ T5802] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   96.838242][ T5850] mmap: syz.2.28 (5850) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  100.657205][ T6143] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  101.746328][ T6226] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  106.014508][ T6452] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  106.017589][ T6452] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  106.032529][ T6452] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  106.043735][ T6452] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  106.044522][ T6452] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  108.073959][ T5132] Bluetooth: hci0: command tx timeout
[  109.848018][    C1] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[  109.848041][    C1] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 30, name: ksoftirqd/1
[  109.848059][    C1] preempt_count: 0, expected: 0
[  109.848069][    C1] RCU nest depth: 2, expected: 2
[  109.848080][    C1] 7 locks held by ksoftirqd/1/30:
[  109.848092][    C1]  #0: ffffffff8d64a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  109.848152][    C1]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  109.848204][    C1]  #2: ffffffff8d7a8b00 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[  109.848257][    C1]  #3: ffffffff8d7a8b00 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  109.848305][    C1]  #4: ffff88801989a138 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  109.848355][    C1]  #5: ffffc90000a4fa00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  109.848405][    C1]  #6: ffff8880b8928b50 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460
[  109.848460][    C1] irq event stamp: 58091
[  109.848468][    C1] hardirqs last  enabled at (58090): [<ffffffff8af459c5>] _raw_spin_unlock_irqrestore+0x85/0x110
[  109.848493][    C1] hardirqs last disabled at (58091): [<ffffffff86a72b95>] __usb_hcd_giveback_urb+0x3f5/0x710
[  109.848533][    C1] softirqs last  enabled at (58074): [<ffffffff8184ff9e>] run_ksoftirqd+0xce/0x210
[  109.848563][    C1] softirqs last disabled at (58082): [<ffffffff818e7aff>] smpboot_thread_fn+0x53f/0xa60
[  109.848601][    C1] CPU: 1 UID: 0 PID: 30 Comm: ksoftirqd/1 Tainted: G        W           6.16.0-syzkaller-10499-g89748acdf226 #0 PREEMPT_{RT,(full)} 
[  109.848629][    C1] Tainted: [W]=WARN
[  109.848635][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  109.848647][    C1] Call Trace:
[  109.848655][    C1]  <TASK>
[  109.848665][    C1]  dump_stack_lvl+0x189/0x250
[  109.848695][    C1]  ? smpboot_thread_fn+0x53f/0xa60
[  109.848715][    C1]  ? smpboot_thread_fn+0x53f/0xa60
[  109.848741][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.848780][    C1]  ? print_lock_name+0xde/0x100
[  109.848819][    C1]  __might_resched+0x44b/0x5d0
[  109.848850][    C1]  ? __pfx___might_resched+0x10/0x10
[  109.848872][    C1]  ? kcov_remote_start+0x92/0x460
[  109.848914][    C1]  rt_spin_lock+0xc7/0x2c0
[  109.848940][    C1]  ? led_trigger_blink_setup+0xa8/0x300
[  109.848969][    C1]  ? __pfx_rt_spin_lock+0x10/0x10
[  109.848998][    C1]  ? __pfx_led_trigger_blink_setup+0x10/0x10
[  109.849021][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  109.849043][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  109.849069][    C1]  kcov_remote_start+0x92/0x460
[  109.849097][    C1]  __usb_hcd_giveback_urb+0x427/0x710
[  109.849136][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  109.849183][    C1]  usb_giveback_urb_bh+0x296/0x420
[  109.849219][    C1]  ? __pfx_usb_giveback_urb_bh+0x10/0x10
[  109.849244][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  109.849262][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  109.849284][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  109.849309][    C1]  process_scheduled_works+0xade/0x17b0
[  109.849371][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  109.849407][    C1]  ? assign_work+0x3a1/0x410
[  109.849438][    C1]  bh_worker+0x2b1/0x600
[  109.849478][    C1]  tasklet_action+0xc/0x70
[  109.849501][    C1]  handle_softirqs+0x22f/0x710
[  109.849545][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  109.849581][    C1]  run_ksoftirqd+0xac/0x210
[  109.849607][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  109.849629][    C1]  ? schedule+0x91/0x360
[  109.849667][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  109.849688][    C1]  smpboot_thread_fn+0x53f/0xa60
[  109.849713][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  109.849745][    C1]  kthread+0x70e/0x8a0
[  109.849778][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  109.849801][    C1]  ? __pfx_kthread+0x10/0x10
[  109.849836][    C1]  ? __pfx_kthread+0x10/0x10
[  109.849865][    C1]  ret_from_fork+0x3f9/0x770
[  109.849895][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  109.849929][    C1]  ? __switch_to_asm+0x39/0x70
[  109.849956][    C1]  ? __switch_to_asm+0x33/0x70
[  109.849981][    C1]  ? __pfx_kthread+0x10/0x10
[  109.850011][    C1]  ret_from_fork_asm+0x1a/0x30
[  109.850061][    C1]  </TASK>