program: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0xc}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x3ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x30}, 0x9}, r1, 0xb}}, 0x48) r2 = bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r0}, 0x8) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) listen(r3, 0x7ff) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRESOCT=r3, @ANYRES8=r1, @ANYRESDEC=r4, @ANYRES32=r2, @ANYRESOCT=r1, @ANYRES16], 0x28}}, 0x0) r7 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="02c9201e001a000500170616"], 0x23) r8 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r8, &(0x7f0000000000)={0x2a, 0xffffffff, 0xfffffffe}, 0xc) connect$qrtr(r8, &(0x7f0000000100)={0x2a, 0x4, 0x4001}, 0xc) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r10, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]}) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r2}, 0x8) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000001c0)={@broadcast, @rand_addr, 0x0}, &(0x7f0000000200)=0x2) r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x1f, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', r11, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f00000004c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000480), r1}}, 0x18) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYRES8=0x0], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x800) ioctl$KVM_SET_CPUID2(r10, 0x4008ae90, &(0x7f0000000680)={0x5, 0x0, [{0x0, 0x3253, 0x1, 0xb, 0x9b30, 0x3e, 0x4}, {0x6, 0x4, 0x8, 0x7fffffff, 0x3e078592, 0x8}, {0x80000008, 0x2, 0x1, 0x7, 0x61, 0x1, 0xf}, {0x80000000, 0x4, 0x4, 0x2974, 0x401, 0x9e, 0x4c}, {0xc0000000, 0x101, 0x4, 0x8, 0x5, 0x2, 0x1}]}) syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) [ 68.414924][ T5319] Bluetooth: hci0: command tx timeout [ 68.755683][ T5332] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 68.884789][ T5332] usb 5-1: device descriptor read/64, error -71 [ 69.124751][ T5332] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 69.254783][ T5332] usb 5-1: device descriptor read/64, error -71 [ 69.366524][ T5332] usb usb5-port1: attempt power cycle [ 69.704712][ T5332] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 69.725802][ T5332] usb 5-1: device descriptor read/8, error -71 [ 69.964776][ T5332] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 69.985651][ T5332] usb 5-1: device descriptor read/8, error -71 [ 70.095379][ T5332] usb usb5-port1: unable to enumerate USB device [ 70.496009][ T5319] Bluetooth: hci0: command tx timeout [ 71.420487][ C0] [ 71.421704][ C0] ============================= [ 71.423849][ C0] [ BUG: Invalid wait context ] [ 71.426173][ C0] 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 Not tainted [ 71.429333][ C0] ----------------------------- [ 71.431598][ C0] swapper/0/0 is trying to lock: [ 71.434090][ C0] ffffc900019f7410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 71.438372][ C0] other info that might help us debug this: [ 71.441243][ C0] context-{2:2} [ 71.442744][ C0] 1 lock held by swapper/0/0: [ 71.444796][ C0] #0: ffffc900019f7960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0 [ 71.449064][ C0] stack backtrace: [ 71.450664][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 71.450676][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 71.450682][ C0] Call Trace: [ 71.450689][ C0] [ 71.450695][ C0] dump_stack_lvl+0x189/0x250 [ 71.450710][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 71.450722][ C0] ? __pfx__printk+0x10/0x10 [ 71.450735][ C0] ? print_lock_name+0xde/0x100 [ 71.450746][ C0] __lock_acquire+0xbcb/0xd20 [ 71.450758][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 71.450767][ C0] lock_acquire+0x120/0x360 [ 71.450775][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 71.450786][ C0] _raw_read_lock_irqsave+0xaf/0x100 [ 71.450852][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 71.450862][ C0] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 71.450874][ C0] ? xa_load+0x1ea/0x210 [ 71.450885][ C0] kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 71.450893][ C0] ? do_raw_spin_unlock+0x4d/0x240 [ 71.450913][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 71.450925][ C0] ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0 [ 71.450934][ C0] xen_timer_callback+0x109/0x220 [ 71.450944][ C0] ? __pfx_xen_timer_callback+0x10/0x10 [ 71.450954][ C0] __hrtimer_run_queues+0x4dd/0xc60 [ 71.451002][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 71.451015][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 71.451029][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 71.451041][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 71.451055][ C0] [ 71.451058][ C0] [ 71.451061][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 71.451077][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 71.451090][ C0] Code: 03 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 e5 18 00 f3 0f 1e fa fb f4 d8 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 71.451098][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 71.451107][ C0] RAX: 190e2907cc569700 RBX: ffffffff81975d88 RCX: 190e2907cc569700 [ 71.451113][ C0] RDX: 0000000000000001 RSI: ffffffff8d9979bc RDI: ffffffff8be29780 [ 71.451123][ C0] RBP: ffffffff8de07ea8 R08: ffff88801fc32f5b R09: 1ffff11003f865eb [ 71.451129][ C0] R10: dffffc0000000000 R11: ffffed1003f865ec R12: ffffffff8fa1e8f0 [ 71.451139][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 71.451146][ C0] ? do_idle+0x1e8/0x510 [ 71.451159][ C0] default_idle+0x13/0x20 [ 71.451169][ C0] default_idle_call+0x74/0xb0 [ 71.451179][ C0] do_idle+0x1e8/0x510 [ 71.451190][ C0] ? __pfx_do_idle+0x10/0x10 [ 71.451200][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 71.451209][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 71.451226][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 71.451238][ C0] cpu_startup_entry+0x44/0x60 [ 71.451252][ C0] rest_init+0x2de/0x300 [ 71.451262][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 71.451313][ C0] start_kernel+0x47d/0x500 [ 71.451327][ C0] x86_64_start_reservations+0x24/0x30 [ 71.451335][ C0] x86_64_start_kernel+0x143/0x1c0 [ 71.451344][ C0] common_startup_64+0x13e/0x147 [ 71.451360][ C0]