last executing test programs: 8.044034553s ago: executing program 0 (id=590): symlink(&(0x7f0000000000), &(0x7f0000000000)) 8.031262971s ago: executing program 2 (id=592): pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 7.96051604s ago: executing program 0 (id=594): fstat(0xffffffffffffffff, &(0x7f0000000000)) 7.960424508s ago: executing program 2 (id=595): mount_setattr(0xffffffffffffffff, &(0x7f0000000000), 0x0, &(0x7f0000000000), 0x0) 7.960321373s ago: executing program 0 (id=596): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/binder', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/binder', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/binder', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binder', 0x800, 0x0) 7.960164799s ago: executing program 2 (id=597): rt_sigaction(0x0, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 7.932002892s ago: executing program 2 (id=600): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/udmabuf', 0x2, 0x0) 7.863503502s ago: executing program 2 (id=602): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/relabel-self', 0x2, 0x0) 6.946469049s ago: executing program 3 (id=580): mprotect(0x0, 0x0, 0x0) 6.918323281s ago: executing program 3 (id=608): geteuid() 4.901898886s ago: executing program 0 (id=601): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.327610069s ago: executing program 2 (id=604): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.042220828s ago: executing program 3 (id=609): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.899371981s ago: executing program 1 (id=615): socket$inet6_dccp(0xa, 0x6, 0x0) 2.639172851s ago: executing program 0 (id=616): personality(0x0) 2.140215205s ago: executing program 3 (id=617): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.824962961s ago: executing program 1 (id=618): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.070221795s ago: executing program 0 (id=620): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 893.073962ms ago: executing program 3 (id=621): socket$inet6_udplite(0xa, 0x2, 0x88) 812.706037ms ago: executing program 3 (id=625): gettid() 288.650857ms ago: executing program 4 (id=633): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/smackfs/syslog', 0x2, 0x0) 288.50028ms ago: executing program 4 (id=634): open_tree(0xffffffffffffffff, &(0x7f0000000000), 0x0) 288.390356ms ago: executing program 4 (id=635): iopl(0x0) 279.933677ms ago: executing program 4 (id=636): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsu', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcsu', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsu', 0x800, 0x0) 257.42974ms ago: executing program 4 (id=637): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/xen/evtchn', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/xen/evtchn', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/xen/evtchn', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/xen/evtchn', 0x800, 0x0) 192.611728ms ago: executing program 4 (id=638): select(0x0, &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000), &(0x7f0000000000)) 89.393157ms ago: executing program 1 (id=623): io_cancel(0x0, &(0x7f0000000000), &(0x7f0000000000)) 65.652183ms ago: executing program 1 (id=640): syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 25.045307ms ago: executing program 1 (id=641): syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800) 0s ago: executing program 1 (id=642): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.234' (ED25519) to the list of known hosts. [ 80.441213][ T5824] cgroup: Unknown subsys name 'net' [ 80.716745][ T5824] cgroup: Unknown subsys name 'cpuset' [ 80.772500][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.611487][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.886217][ T1599] cfg80211: failed to load regulatory.db [ 89.398263][ T6232] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.590321][ T6245] mmap: syz.4.388 (6245) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 95.080492][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.080521][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.768607][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.768627][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.074900][ T6530] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.080339][ T6530] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.081233][ T6530] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.107997][ T6530] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.108859][ T6530] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.029960][ T6513] chnl_net:caif_netlink_parms(): no params data found [ 99.963869][ T6513] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.964115][ T6513] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.964400][ T6513] bridge_slave_0: entered allmulticast mode [ 99.989019][ T6513] bridge_slave_0: entered promiscuous mode [ 100.042979][ T6513] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.043600][ T6513] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.043897][ T6513] bridge_slave_1: entered allmulticast mode [ 100.054229][ T6513] bridge_slave_1: entered promiscuous mode [ 100.348957][ T6513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.379780][ T6513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.642191][ T6567] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.700062][ T6513] team0: Port device team_slave_0 added [ 100.766880][ T6513] team0: Port device team_slave_1 added [ 101.271214][ T6513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.271230][ T6513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.271255][ T6513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.350844][ T6513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.350860][ T6513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.350895][ T6513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.518551][ C0] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 101.518571][ C0] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 15, name: ksoftirqd/0 [ 101.518589][ C0] preempt_count: 0, expected: 0 [ 101.518598][ C0] RCU nest depth: 2, expected: 2 [ 101.518608][ C0] 7 locks held by ksoftirqd/0/15: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 101.518619][ C0] #0: ffffffff8d84a740 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 101.518689][ C0] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 101.518741][ C0] #2: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 101.518788][ C0] #3: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 101.518838][ C0] #4: ffff88801989a138 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 101.518882][ C0] #5: ffffc90000147a00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 101.518933][ C0] #6: ffff8880b8828b50 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 101.518991][ C0] irq event stamp: 25199 [ 101.518999][ C0] hardirqs last enabled at (25198): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 101.519029][ C0] hardirqs last disabled at (25199): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 101.519060][ C0] softirqs last enabled at (25180): [] run_ksoftirqd+0xce/0x210 [ 101.519092][ C0] softirqs last disabled at (25190): [] smpboot_thread_fn+0x542/0xa60 [ 101.519147][ C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G W 6.17.0-rc1-syzkaller-00014-g0e39a731820a #0 PREEMPT_{RT,(full)} [ 101.519178][ C0] Tainted: [W]=WARN [ 101.519185][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.519198][ C0] Call Trace: [ 101.519206][ C0] [ 101.519215][ C0] dump_stack_lvl+0x189/0x250 [ 101.519246][ C0] ? smpboot_thread_fn+0x542/0xa60 [ 101.519269][ C0] ? smpboot_thread_fn+0x542/0xa60 [ 101.519297][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 101.519337][ C0] ? print_lock_name+0xde/0x100 [ 101.519367][ C0] __might_resched+0x44b/0x5d0 [ 101.519405][ C0] ? __pfx___might_resched+0x10/0x10 [ 101.519429][ C0] ? kcov_remote_start+0x92/0x460 [ 101.519472][ C0] rt_spin_lock+0xc7/0x2c0 [ 101.519491][ C0] ? led_trigger_blink_setup+0xa8/0x300 [ 101.519526][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 101.519547][ C0] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 101.519577][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 101.519603][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 101.519635][ C0] kcov_remote_start+0x92/0x460 [ 101.519666][ C0] __usb_hcd_giveback_urb+0x427/0x710 [ 101.519701][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 101.519745][ C0] usb_giveback_urb_bh+0x296/0x420 [ 101.519787][ C0] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 101.519819][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.519843][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 101.519865][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 101.519893][ C0] process_scheduled_works+0xae1/0x17b0 [ 101.519946][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 101.519982][ C0] ? assign_work+0x3a1/0x410 [ 101.520013][ C0] bh_worker+0x2b1/0x600 [ 101.520055][ C0] tasklet_action+0xc/0x70 [ 101.520081][ C0] handle_softirqs+0x22c/0x710 [ 101.520127][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 101.520165][ C0] run_ksoftirqd+0xac/0x210 [ 101.520193][ C0] ? __pfx_run_ksoftirqd+0x10/0x10 [ 101.520220][ C0] ? schedule+0x91/0x360 [ 101.520251][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 101.520273][ C0] smpboot_thread_fn+0x542/0xa60 [ 101.520301][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 101.520338][ C0] kthread+0x711/0x8a0 [ 101.520374][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 101.520399][ C0] ? __pfx_kthread+0x10/0x10 [ 101.520436][ C0] ? __pfx_kthread+0x10/0x10 [ 101.520472][ C0] ret_from_fork+0x3fc/0x770 [ 101.520502][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 101.520533][ C0] ? __switch_to_asm+0x39/0x70 [ 101.520550][ C0] ? __switch_to_asm+0x33/0x70 [ 101.520563][ C0] ? __pfx_kthread+0x10/0x10 [ 101.520588][ C0] ret_from_fork_asm+0x1a/0x30 [ 101.520626][ C0] [ 106.202160][ T4393] bridge_slave_1: left allmulticast mode [ 106.202336][ T4393] bridge_slave_1: left promiscuous mode [ 106.203748][ T4393] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.302945][ T4393] bridge_slave_0: left allmulticast mode [ 106.302967][ T4393] bridge_slave_0: left promiscuous mode [ 106.303153][ T4393] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.602751][ T4393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.692718][ T4393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.765193][ T4393] bond0 (unregistering): Released all slaves [ 107.308473][ T4393] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.343230][ T4393] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 107.582735][ T4393] team0 (unregistering): Port device team_slave_1 removed [ 107.702733][ T4393] team0 (unregistering): Port device team_slave_0 removed