last executing test programs: 11.108866702s ago: executing program 1 (id=425): kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 11.053734552s ago: executing program 1 (id=431): pkey_free(0xffffffffffffffff) 10.987524402s ago: executing program 1 (id=434): pause() 9.938093091s ago: executing program 3 (id=524): readlinkat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 9.870795713s ago: executing program 3 (id=527): syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$loop(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x800) syz_open_dev$loop(&(0x7f0000000140), 0x1, 0x0) syz_open_dev$loop(&(0x7f0000000180), 0x1, 0x1) syz_open_dev$loop(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$loop(&(0x7f0000000200), 0x1, 0x800) syz_open_dev$loop(&(0x7f0000000240), 0x2, 0x0) syz_open_dev$loop(&(0x7f0000000280), 0x2, 0x1) syz_open_dev$loop(&(0x7f00000002c0), 0x2, 0x2) syz_open_dev$loop(&(0x7f0000000300), 0x2, 0x800) syz_open_dev$loop(&(0x7f0000000340), 0x3, 0x0) syz_open_dev$loop(&(0x7f0000000380), 0x3, 0x1) syz_open_dev$loop(&(0x7f00000003c0), 0x3, 0x2) syz_open_dev$loop(&(0x7f0000000400), 0x3, 0x800) syz_open_dev$loop(&(0x7f0000000440), 0x4, 0x0) syz_open_dev$loop(&(0x7f0000000480), 0x4, 0x1) syz_open_dev$loop(&(0x7f00000004c0), 0x4, 0x2) syz_open_dev$loop(&(0x7f0000000500), 0x4, 0x800) 9.807395846s ago: executing program 3 (id=530): rt_sigreturn() 8.6808404s ago: executing program 0 (id=604): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 8.611187666s ago: executing program 4 (id=606): clock_gettime(0x0, &(0x7f0000000000)) 8.611092583s ago: executing program 4 (id=607): statx(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 8.60221657s ago: executing program 4 (id=609): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm', 0x2, 0x0) 7.933231996s ago: executing program 1 (id=613): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) 7.855423326s ago: executing program 1 (id=614): sched_getattr(0x0, &(0x7f0000000000), 0x0, 0x0) 5.625538848s ago: executing program 0 (id=612): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.557695567s ago: executing program 4 (id=611): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.380334083s ago: executing program 3 (id=616): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.351256094s ago: executing program 1 (id=615): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.568603418s ago: executing program 0 (id=618): pwritev(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) 3.507294311s ago: executing program 0 (id=623): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec', 0x2, 0x0) 3.277522952s ago: executing program 3 (id=619): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.791368621s ago: executing program 2 (id=632): socket$phonet_pipe(0x23, 0x5, 0x2) 2.776416162s ago: executing program 2 (id=633): socket$inet_icmp_raw(0x2, 0x3, 0x1) 2.765862214s ago: executing program 2 (id=634): socket$rds(0x15, 0x5, 0x0) 2.204115441s ago: executing program 4 (id=626): ustat(0x0, &(0x7f0000000000)) 2.173010767s ago: executing program 0 (id=624): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.160043438s ago: executing program 3 (id=625): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.365731026s ago: executing program 2 (id=635): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 827.542573ms ago: executing program 4 (id=636): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 575.938739ms ago: executing program 0 (id=638): expanding glob: /sys/**/* 25.284012ms ago: executing program 2 (id=639): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 0s ago: executing program 2 (id=642): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.156' (ED25519) to the list of known hosts. [ 77.191665][ T5801] cgroup: Unknown subsys name 'net' [ 77.534952][ T5801] cgroup: Unknown subsys name 'cpuset' [ 77.650658][ T5801] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.322883][ T5801] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.967089][ T6074] mmap: syz.4.250 (6074) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 86.554010][ T6199] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.853397][ T983] cfg80211: failed to load regulatory.db [ 87.413718][ T6255] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.198592][ T6453] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.215859][ T6453] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.220002][ T6453] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.231053][ T6453] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.245111][ T6453] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.233690][ T6495] chnl_net:caif_netlink_parms(): no params data found [ 97.029026][ T6495] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.031096][ T6495] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.031707][ T6495] bridge_slave_0: entered allmulticast mode [ 97.034760][ T6495] bridge_slave_0: entered promiscuous mode [ 97.072909][ T6495] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.073089][ T6495] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.073287][ T6495] bridge_slave_1: entered allmulticast mode [ 97.074809][ T6495] bridge_slave_1: entered promiscuous mode [ 97.427532][ T6495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.467291][ T6495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.843894][ T6495] team0: Port device team_slave_0 added [ 97.900972][ T6495] team0: Port device team_slave_1 added [ 98.370863][ T6495] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.370879][ T6495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.370904][ T6495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.434426][ T6495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.434442][ T6495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.434464][ T6495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.530814][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.530840][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.604463][ C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 98.604483][ C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 15, name: ksoftirqd/0 [ 98.604500][ C0] preempt_count: 0, expected: 0 [ 98.604509][ C0] RCU nest depth: 2, expected: 2 [ 98.604519][ C0] 7 locks held by ksoftirqd/0/15: [ 98.604530][ C0] #0: ffffffff8d649e40 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 98.604592][ C0] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 98.604643][ C0] #2: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 98.604701][ C0] #3: ffffffff8d7aa380 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 98.604759][ C0] #4: ffff888019899d38 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 98.604812][ C0] #5: ffffc90000147a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 98.604863][ C0] #6: ffff8880b8828bb8 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 98.604924][ C0] irq event stamp: 27841 [ 98.604932][ C0] hardirqs last enabled at (27840): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 98.604959][ C0] hardirqs last disabled at (27841): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 98.604992][ C0] softirqs last enabled at (27826): [] run_ksoftirqd+0xce/0x210 [ 98.605022][ C0] softirqs last disabled at (27832): [] smpboot_thread_fn+0x53f/0xa60 [ 98.605071][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G W 6.16.0-syzkaller-03841-g0db240bc077f #0 PREEMPT_{RT,(full)} [ 98.605102][ C0] Tainted: [W]=WARN [ 98.605109][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 98.605123][ C0] Call Trace: [ 98.605132][ C0] [ 98.605141][ C0] dump_stack_lvl+0x189/0x250 [ 98.605169][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 98.605190][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 98.605217][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.605247][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 98.605274][ C0] ? print_lock_name+0xde/0x100 [ 98.605302][ C0] __might_resched+0x44b/0x5d0 [ 98.605335][ C0] ? __pfx___might_resched+0x10/0x10 [ 98.605360][ C0] ? kcov_remote_start+0x92/0x460 [ 98.605405][ C0] rt_spin_lock+0xc7/0x2c0 [ 98.605434][ C0] ? led_trigger_blink_setup+0xa8/0x300 [ 98.605462][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 98.605491][ C0] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 98.605512][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.605537][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.605567][ C0] kcov_remote_start+0x92/0x460 [ 98.605600][ C0] __usb_hcd_giveback_urb+0x427/0x710 [ 98.605639][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 98.605687][ C0] usb_giveback_urb_bh+0x296/0x420 [ 98.605729][ C0] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 98.605754][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 98.605776][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 98.605799][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 98.605826][ C0] process_scheduled_works+0xade/0x17b0 [ 98.605887][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 98.605922][ C0] ? assign_work+0x3a1/0x410 [ 98.605952][ C0] bh_worker+0x2b1/0x600 [ 98.605993][ C0] tasklet_action+0xc/0x70 [ 98.606019][ C0] handle_softirqs+0x22c/0x710 [ 98.606042][ C0] ? schedule+0x165/0x360 [ 98.606073][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 98.606111][ C0] run_ksoftirqd+0xac/0x210 [ 98.606138][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 98.606163][ C0] ? schedule+0x91/0x360 [ 98.606196][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 98.606220][ C0] smpboot_thread_fn+0x53f/0xa60 [ 98.606247][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 98.606282][ C0] kthread+0x70e/0x8a0 [ 98.606316][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 98.606341][ C0] ? __pfx_kthread+0x10/0x10 [ 98.606377][ C0] ? __pfx_kthread+0x10/0x10 [ 98.606408][ C0] ret_from_fork+0x3f9/0x770 [ 98.606439][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 98.606471][ C0] ? __switch_to_asm+0x39/0x70 [ 98.606489][ C0] ? __switch_to_asm+0x33/0x70 [ 98.606506][ C0] ? __pfx_kthread+0x10/0x10 [ 98.606536][ C0] ret_from_fork_asm+0x1a/0x30 [ 98.606576][ C0] [ 102.880615][ T12] bridge_slave_1: left allmulticast mode [ 102.880798][ T12] bridge_slave_1: left promiscuous mode [ 102.882264][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.971391][ T12] bridge_slave_0: left allmulticast mode [ 102.971423][ T12] bridge_slave_0: left promiscuous mode [ 102.971705][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.393502][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.510279][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.591848][ T12] bond0 (unregistering): Released all slaves [ 105.192219][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.242002][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.571819][ T12] team0 (unregistering): Port device team_slave_1 removed [ 105.710262][ T12] team0 (unregistering): Port device team_slave_0 removed