last executing test programs: 9.857821209s ago: executing program 4 (id=586): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/sync/info', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/sync/info', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/sync/info', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/sync/info', 0x800, 0x0) 9.857444463s ago: executing program 4 (id=589): socket$kcm(0x29, 0x2, 0x0) 9.809829902s ago: executing program 4 (id=591): fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)) 9.758003484s ago: executing program 4 (id=594): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0) 9.665809933s ago: executing program 4 (id=601): cachestat(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000000), 0x0) 9.660219152s ago: executing program 4 (id=604): fchdir(0xffffffffffffffff) 9.597622231s ago: executing program 0 (id=607): msgrcv(0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) 6.263116149s ago: executing program 3 (id=611): lsm_get_self_attr(0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0) 5.982796725s ago: executing program 1 (id=616): uselib(0x0) 5.084649362s ago: executing program 3 (id=615): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 5.016863701s ago: executing program 0 (id=614): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 4.782089592s ago: executing program 1 (id=617): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 3.950118778s ago: executing program 3 (id=619): syz_init_net_socket$bt_cmtp(0x1f, 0x3, 0x5) 3.859771156s ago: executing program 3 (id=623): openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self', 0x800, 0x0) 2.983572579s ago: executing program 1 (id=621): pread64(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 2.954419652s ago: executing program 1 (id=625): mq_open(&(0x7f0000000000), 0x0, 0x0, &(0x7f0000000000)) 2.937460014s ago: executing program 1 (id=626): syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x800) 2.51819718s ago: executing program 0 (id=620): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 2.468317171s ago: executing program 2 (id=632): faccessat2(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 2.4015547s ago: executing program 2 (id=633): setresgid(0x0, 0x0, 0x0) 2.302179561s ago: executing program 2 (id=634): socket$unix(0x1, 0x1, 0x0) 1.782573748s ago: executing program 3 (id=624): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.697926617s ago: executing program 1 (id=627): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 907.365057ms ago: executing program 0 (id=631): timerfd_create(0x0, 0x0) 887.823204ms ago: executing program 0 (id=638): signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0) 851.142093ms ago: executing program 2 (id=635): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 250.588837ms ago: executing program 3 (id=636): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 58.289617ms ago: executing program 2 (id=640): syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x29, 0x800) 17.58935ms ago: executing program 2 (id=642): syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800) 0s ago: executing program 0 (id=639): expanding glob: /sys/**/* kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.94' (ED25519) to the list of known hosts. [ 80.201314][ T5825] cgroup: Unknown subsys name 'net' [ 80.461570][ T5825] cgroup: Unknown subsys name 'cpuset' [ 80.517103][ T5825] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.377844][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.033065][ T1239] cfg80211: failed to load regulatory.db [ 88.369691][ T6140] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.999666][ T6181] mmap: syz.2.330 (6181) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 90.688665][ T6303] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.280771][ T6475] chnl_net:caif_netlink_parms(): no params data found [ 96.327529][ T6475] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.327686][ T6475] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.327965][ T6475] bridge_slave_0: entered allmulticast mode [ 96.331417][ T6475] bridge_slave_0: entered promiscuous mode [ 96.373965][ T6475] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.374098][ T6475] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.374329][ T6475] bridge_slave_1: entered allmulticast mode [ 96.391980][ T6475] bridge_slave_1: entered promiscuous mode [ 96.660500][ T6475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.708703][ T6475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.063685][ T6475] team0: Port device team_slave_0 added [ 97.098754][ T6475] team0: Port device team_slave_1 added [ 97.405120][ T6475] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.405135][ T6475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.405158][ T6475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.524892][ T6475] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.524909][ T6475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 97.524934][ T6475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.034652][ T6475] hsr_slave_0: entered promiscuous mode [ 98.035737][ T6475] hsr_slave_1: entered promiscuous mode [ 100.215184][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 100.232313][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 100.233294][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 100.234928][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 100.236217][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 100.911462][ T6475] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 101.058201][ T6475] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 101.217500][ T6475] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 101.339049][ T6475] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 102.202543][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.202568][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.418570][ C1] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 102.418589][ C1] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 29, name: ktimers/1 [ 102.418606][ C1] preempt_count: 0, expected: 0 [ 102.418615][ C1] RCU nest depth: 2, expected: 2 [ 102.418624][ C1] 7 locks held by ktimers/1/29: [ 102.418646][ C1] #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 102.418716][ C1] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 102.418760][ C1] #2: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 102.418809][ C1] #3: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 102.418852][ C1] #4: ffff88801989a138 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 102.418896][ C1] #5: ffffc90000a3fa00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 102.418946][ C1] #6: ffff8880b8928b50 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460 [ 102.419000][ C1] irq event stamp: 106913 [ 102.419007][ C1] hardirqs last enabled at (106912): [] _raw_spin_unlock_irqrestore+0x85/0x110 [ 102.419035][ C1] hardirqs last disabled at (106913): [] __usb_hcd_giveback_urb+0x3f5/0x710 [ 102.419065][ C1] softirqs last enabled at (106886): [] run_ktimerd+0xf1/0x190 [ 102.419094][ C1] softirqs last disabled at (106892): [] smpboot_thread_fn+0x53f/0xa60 [ 102.419141][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Tainted: G W syzkaller #0 PREEMPT_{RT,(full)} [ 102.419167][ C1] Tainted: [W]=WARN [ 102.419173][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.419185][ C1] Call Trace: [ 102.419192][ C1] [ 102.419201][ C1] dump_stack_lvl+0x189/0x250 [ 102.419229][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 102.419251][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 102.419275][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 102.419310][ C1] ? print_lock_name+0xde/0x100 [ 102.419337][ C1] __might_resched+0x44b/0x5d0 [ 102.419367][ C1] ? __pfx___might_resched+0x10/0x10 [ 102.419388][ C1] ? kcov_remote_start+0x92/0x460 [ 102.419426][ C1] rt_spin_lock+0xc7/0x2c0 [ 102.419444][ C1] ? led_trigger_blink_setup+0xa8/0x300 [ 102.419478][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 102.419497][ C1] ? __pfx_led_trigger_blink_setup+0x10/0x10 [ 102.419521][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 102.419543][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 102.419571][ C1] kcov_remote_start+0x92/0x460 [ 102.419599][ C1] __usb_hcd_giveback_urb+0x427/0x710 [ 102.419632][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 102.419677][ C1] usb_giveback_urb_bh+0x296/0x420 [ 102.419711][ C1] ? __pfx_usb_giveback_urb_bh+0x10/0x10 [ 102.419736][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 102.419755][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 102.419775][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 102.419801][ C1] process_scheduled_works+0xade/0x17b0 [ 102.419866][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.419903][ C1] ? assign_work+0x3a1/0x410 [ 102.419933][ C1] bh_worker+0x2b1/0x600 [ 102.419975][ C1] tasklet_action+0xc/0x70 [ 102.419999][ C1] handle_softirqs+0x22c/0x710 [ 102.420036][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 102.420074][ C1] run_ktimerd+0xcf/0x190 [ 102.420100][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 102.420124][ C1] ? schedule+0x91/0x360 [ 102.420157][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 102.420179][ C1] smpboot_thread_fn+0x53f/0xa60 [ 102.420206][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 102.420241][ C1] kthread+0x70e/0x8a0 [ 102.420275][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 102.420299][ C1] ? __pfx_kthread+0x10/0x10 [ 102.420334][ C1] ? __pfx_kthread+0x10/0x10 [ 102.420381][ C1] ret_from_fork+0x3fc/0x770 [ 102.420411][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 102.420443][ C1] ? __switch_to_asm+0x39/0x70 [ 102.420461][ C1] ? __switch_to_asm+0x33/0x70 [ 102.420479][ C1] ? __pfx_kthread+0x10/0x10 [ 102.420509][ C1] ret_from_fork_asm+0x1a/0x30 [ 102.420547][ C1] [ 104.517053][ T12] bridge_slave_1: left allmulticast mode [ 104.517378][ T12] bridge_slave_1: left promiscuous mode [ 104.520541][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.598266][ T12] bridge_slave_0: left allmulticast mode [ 104.598305][ T12] bridge_slave_0: left promiscuous mode [ 104.602719][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.258500][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.347549][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.435088][ T12] bond0 (unregistering): Released all slaves [ 108.546865][ T12] hsr_slave_0: left promiscuous mode [ 108.586595][ T12] hsr_slave_1: left promiscuous mode [ 108.587507][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 108.618157][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.207383][ T12] team0 (unregistering): Port device team_slave_1 removed [ 109.328928][ T12] team0 (unregistering): Port device team_slave_0 removed