last executing test programs:

3.178994959s ago: executing program 2 (id=3):
socket$nl_crypto(0x10, 0x3, 0x15)

3.041039166s ago: executing program 1 (id=2):
ustat(0x0, &(0x7f0000000000))

2.950459357s ago: executing program 3 (id=4):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37', 0x2, 0x0)

2.845295125s ago: executing program 4 (id=5):
nanosleep(&(0x7f0000000000), 0x0)

2.810162658s ago: executing program 4 (id=9):
openat(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci', 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci', 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci', 0x800, 0x0)

2.275387682s ago: executing program 0 (id=1):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.300611034s ago: executing program 4 (id=10):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

1.224156066s ago: executing program 3 (id=8):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

811.452211ms ago: executing program 2 (id=12):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

725.301458ms ago: executing program 0 (id=11):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

724.809468ms ago: executing program 1 (id=7):
mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0)

26.423845ms ago: executing program 3 (id=13):
expanding glob: /sys/**/*

0s ago: executing program 4 (id=14):
syz_open_dev$usbfs(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x1, 0x1)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x1, 0x2)
syz_open_dev$usbfs(&(0x7f0000000100), 0x1, 0x800)
syz_open_dev$usbfs(&(0x7f0000000140), 0xb, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0xb, 0x1)
syz_open_dev$usbfs(&(0x7f00000001c0), 0xb, 0x2)
syz_open_dev$usbfs(&(0x7f0000000200), 0xb, 0x800)
syz_open_dev$usbfs(&(0x7f0000000240), 0x15, 0x0)
syz_open_dev$usbfs(&(0x7f0000000280), 0x15, 0x1)
syz_open_dev$usbfs(&(0x7f00000002c0), 0x15, 0x2)
syz_open_dev$usbfs(&(0x7f0000000300), 0x15, 0x800)
syz_open_dev$usbfs(&(0x7f0000000340), 0x1f, 0x0)
syz_open_dev$usbfs(&(0x7f0000000380), 0x1f, 0x1)
syz_open_dev$usbfs(&(0x7f00000003c0), 0x1f, 0x2)
syz_open_dev$usbfs(&(0x7f0000000400), 0x1f, 0x800)
syz_open_dev$usbfs(&(0x7f0000000440), 0x29, 0x0)
syz_open_dev$usbfs(&(0x7f0000000480), 0x29, 0x1)
syz_open_dev$usbfs(&(0x7f00000004c0), 0x29, 0x2)
syz_open_dev$usbfs(&(0x7f0000000500), 0x29, 0x800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts.
[   75.838482][ T5824] cgroup: Unknown subsys name 'net'
[   76.079078][ T5824] cgroup: Unknown subsys name 'cpuset'
[   76.165121][ T5824] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   77.802698][ T5824] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   79.662271][   T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   79.664814][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   79.666442][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   79.675926][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   79.676759][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.369203][ T3930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.369228][ T3930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.877770][ T3828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.877790][ T3828] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.197709][    C1] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
[   83.197730][    C1] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 30, name: ksoftirqd/1
[   83.197749][    C1] preempt_count: 0, expected: 0
[   83.197760][    C1] RCU nest depth: 2, expected: 2
[   83.197770][    C1] 7 locks held by ksoftirqd/1/30:
[   83.197782][    C1]  #0: ffffffff8d84a740 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[   83.197840][    C1]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[   83.197890][    C1]  #2: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0
[   83.197946][    C1]  #3: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[   83.197993][    C1]  #4: ffff88801989a138 ((wq_completion)events_bh){+...}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   83.198044][    C1]  #5: ffffc90000a4fa00 ((work_completion)(&bh->bh)){+...}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   83.198090][    C1]  #6: ffff8880b8928b50 ((lock)#3){+.+.}-{3:3}, at: kcov_remote_start+0x92/0x460
[   83.198143][    C1] irq event stamp: 50359
[   83.198151][    C1] hardirqs last  enabled at (50358): [<ffffffff8af8a285>] _raw_spin_unlock_irqrestore+0x85/0x110
[   83.198176][    C1] hardirqs last disabled at (50359): [<ffffffff86a7efa5>] __usb_hcd_giveback_urb+0x3f5/0x710
[   83.198202][    C1] softirqs last  enabled at (50342): [<ffffffff8185037e>] run_ksoftirqd+0xce/0x210
[   83.198233][    C1] softirqs last disabled at (50350): [<ffffffff818e8062>] smpboot_thread_fn+0x542/0xa60
[   83.198280][    C1] CPU: 1 UID: 0 PID: 30 Comm: ksoftirqd/1 Tainted: G        W           6.16.0-syzkaller-11699-g7e161a991ea7 #0 PREEMPT_{RT,(full)} 
[   83.198308][    C1] Tainted: [W]=WARN
[   83.198314][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   83.198326][    C1] Call Trace:
[   83.198334][    C1]  <TASK>
[   83.198343][    C1]  dump_stack_lvl+0x189/0x250
[   83.198368][    C1]  ? smpboot_thread_fn+0x542/0xa60
[   83.198388][    C1]  ? smpboot_thread_fn+0x542/0xa60
[   83.198412][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.198446][    C1]  ? print_lock_name+0xde/0x100
[   83.198479][    C1]  __might_resched+0x44b/0x5d0
[   83.198507][    C1]  ? __pfx___might_resched+0x10/0x10
[   83.198528][    C1]  ? kcov_remote_start+0x92/0x460
[   83.198564][    C1]  rt_spin_lock+0xc7/0x2c0
[   83.198594][    C1]  ? led_trigger_blink_setup+0xa8/0x300
[   83.198620][    C1]  ? __pfx_rt_spin_lock+0x10/0x10
[   83.198643][    C1]  ? __pfx_led_trigger_blink_setup+0x10/0x10
[   83.198667][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   83.198686][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.198711][    C1]  kcov_remote_start+0x92/0x460
[   83.198739][    C1]  __usb_hcd_giveback_urb+0x427/0x710
[   83.198767][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[   83.198803][    C1]  usb_giveback_urb_bh+0x296/0x420
[   83.198838][    C1]  ? __pfx_usb_giveback_urb_bh+0x10/0x10
[   83.198865][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   83.198885][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[   83.198909][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[   83.198935][    C1]  process_scheduled_works+0xae1/0x17b0
[   83.198994][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[   83.199027][    C1]  ? assign_work+0x3a1/0x410
[   83.199057][    C1]  bh_worker+0x2b1/0x600
[   83.199098][    C1]  tasklet_action+0xc/0x70
[   83.199123][    C1]  handle_softirqs+0x22c/0x710
[   83.199158][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   83.199196][    C1]  run_ksoftirqd+0xac/0x210
[   83.199219][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[   83.199243][    C1]  ? schedule+0x91/0x360
[   83.199282][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[   83.199305][    C1]  smpboot_thread_fn+0x542/0xa60
[   83.199332][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[   83.199366][    C1]  kthread+0x711/0x8a0
[   83.199400][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   83.199424][    C1]  ? __pfx_kthread+0x10/0x10
[   83.199458][    C1]  ? __pfx_kthread+0x10/0x10
[   83.199488][    C1]  ret_from_fork+0x3fc/0x770
[   83.199518][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[   83.199547][    C1]  ? __switch_to_asm+0x39/0x70
[   83.199565][    C1]  ? __switch_to_asm+0x33/0x70
[   83.199582][    C1]  ? __pfx_kthread+0x10/0x10
[   83.199624][    C1]  ret_from_fork_asm+0x1a/0x30
[   83.199662][    C1]  </TASK>
[   86.798487][  T990] cfg80211: failed to load regulatory.db