program:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_usb_connect$uac1(0x6, 0xc8, &(0x7f0000001280)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb6, 0x3, 0x1, 0x0, 0x90, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0xf}, [@selector_unit={0x7, 0x24, 0x5, 0x2, 0x0, "fb4f"}, @selector_unit={0x5, 0x24, 0x5, 0x1, 0xe}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x1ff, 0x6, 0x0, 0x59d, 0x1, 0x8}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0xc, 0x8, 0x9b, "155bb0fbc8a656f391"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x5, 0x7, 0x9, {0x7, 0x25, 0x1, 0x1, 0x1, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0x7f, 0x3, "cd819898"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x53, 0x6, 0x8, "c2254b181b5514de"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0xb08f, 0x7ff, 0x6, "f9806f462acd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0xff, 0x0, 0x10, {0x7, 0x25, 0x1, 0x81, 0x8, 0x100}}}}}}}]}}, &(0x7f0000000300)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x2, 0xc4, 0x5, 0x20, 0x2}, 0xe0, &(0x7f0000000a40)={0x5, 0xf, 0xe0, 0x5, [@ptm_cap={0x3}, @generic={0xc3, 0x10, 0x1, "41d8eb0717d75040dc0d524c85670e3e0f4054bcc324cacbeafcce733b081da676341d2c9e4787ecd9112e76d9522659902d8a1ade8661812d7218939e27a675cbc1bffa9bba8be9b7ee89eedde1e6fb018e1cb7c53bc4b548958fb31372ab7ba0df2289a861c6f173efb41946bdbc72fff6c42c65b851d2c6e373cf084ef75791e035b563a0563426d54105556c2c7a7a0fb427fe745f95a20e134a8e92997321c5f84849b1cc9bb89ea73a44f5eacaff16004a638986f33fc27aa5c24d5d1b"}, @wireless={0xb, 0x10, 0x1, 0x10, 0x4d, 0x8, 0x4f, 0x3, 0x2}, @ext_cap={0x7, 0x10, 0x2, 0x16, 0x1, 0x2, 0x8}, @ptm_cap={0x3}]}, 0x2, [{0x88, &(0x7f0000000700)=@string={0x88, 0x3, "8ab23491447684cb1da454145af2031dde129c07beca3ec71bcb1dc4eab2a9b7607dfe429291dd15a51b7870ba3b8b3157886bff1dc493903c412da5ee715ea9be3b6aa7aa0a7d40476206afbca158cdbbc58f631fe12f5d7a70711485cf0170f543387f20af16189e24a53cf81f8cfca9df26252cdad6da4c69b1d5d8a3aa36adbce3cc5f56"}}, {0x9, &(0x7f0000000280)=@string={0x9, 0x3, "bc6e2cdd57cc78"}}]})
syz_usb_control_io$uac1(r1, &(0x7f0000000480)={0x14, &(0x7f0000000b80)={0x0, 0x31, 0xae, {0xae, 0xb, "77838c2772161bd85e83194ed740a2699ee96c74e5cde1147398afe66c9d237c53135368f02f3056623740f8e822d7ad01d1a7231a7b46c7944f796ac088759d4e4a469eb853fabb4e1de365ef760b05c900d5311e0766ca0bcef625c2991dbfbd3e7624b8ee4c9c90e718824f59562607df5ec95c092e6048161ef1054a532a6daa4f4e4a9a21bec2fea81083aeecd936eb02b359a85f5c515bc2536382976478516949fb9e7a516df9aa35"}}, &(0x7f0000001080)={0x0, 0x3, 0xd2, @string={0xd2, 0x3, "751e46855dedd93acce83f9f54a79fa09296ba8184d3009e9f9fad87d17770aa98b34e3dbe13f066fcf2ba4688939715ae1ab7b8c0476b3ff28f68e6fb6204785c1269737e1a8d9b90b685b9926abb90b00b625b592b8cb15cad1451db3aa8a4eb5395766a6eacb893397cef2e75c83fdfeec1e111475b2327c0ae5bcb33c68a675de1fa8aa3511b5b7f89aab5bd904ca90cec19054546de949addf3477cb55fc8ef09ec166f45316df9582edc52cf2624ca4dfe53cb89e5d0dc56dfd0d6c64c8f30b919230c89db66ed08617cebe0a3"}}}, &(0x7f0000000e00)={0x44, &(0x7f0000001180)={0x0, 0x17, 0xf1, "8f8f895dce6e02a28cee84a96b6f00aed5c03d73300b11ee981639e13e5f668a8f27459521ca597f97fe84411094bf34a81c6adcfae9632ab202332dcf051db2f0af5d6ad05dd54da198ea5148560e04d0b9023c75c9f3593783aba2882412cef392b4da42abf3f9eeec5ab0503827216509af82d953b0d684c9493ce883417e21cdda71df68dcccca3f11805e1e0a9513bac953026b349a0faaa5d7203626cf549af419b6c90d4ac21d34c7d2f75b17aeff25e1682f7fe746117ef9b34b02f256b9816846a9a5a6c0dcc78d2d2446d507f338ecef611f07eecdc94abcd199d145f1b89298af1adf673f2294b749f4034c"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0xfd}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000980)={0x20, 0x81, 0x1, ')'}, &(0x7f0000000c40)={0x20, 0x82, 0x1, "b4"}, &(0x7f0000000cc0)={0x20, 0x83, 0x2, "d07f"}, &(0x7f0000000d00)={0x20, 0x84, 0x1, "a2"}, &(0x7f0000000d40)={0x20, 0x85, 0x3, "87c2fd"}})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'})
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r5, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
write$binfmt_elf32(r5, &(0x7f00000014c0)=ANY=[], 0x46b)
sendmmsg$inet(r5, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)
recvmsg(r4, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000040)=""/50, 0x32}], 0x1, 0x0, 0x0, 0xb7}, 0x40000110)
r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYBLOB="070000000000000007000000ffffffff4932ffae000000000600000006000000020000000000000000000000000000000700008004000000000000000180000027000000070000007f00000000000000000000000000000001000040080000000000000003000000ffffff7f05000000ffff00000000000000000000000000000b0000005f0e00000100000007000000f40d000006000000ffffff7f000000000000000000000000000000800000000005000000060000000000008000000000ffffffff0000000000000000000000000d000000bb020000010000000d00000003000000ff0900000000000000000000000000000000000008000080bf03000000000002f90000005ca1ffff24a50000070000000000000000000000000000000342c3dd1b53e0c9c759fd6726f7abcc1f11ce6da9ef8b3da12b03c365f37dc070531024663004b26a530057399ffcdfc7fc9b86e6d9b44e478fe968be"])
gettid()
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000003a0000012bbd7000fbdbdf250b000000"], 0x14}}, 0x20000)

[   76.015237][ T5303] Bluetooth: hci0: command tx timeout
[   76.408755][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[   76.416033][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[   78.089160][ T5303] Bluetooth: hci0: command tx timeout
[   79.085415][    C0] 
[   79.086561][    C0] =============================
[   79.088652][    C0] [ BUG: Invalid wait context ]
[   79.090930][    C0] 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 Not tainted
[   79.094234][    C0] -----------------------------
[   79.096512][    C0] kworker/u4:1/13 is trying to lock:
[   79.099012][    C0] ffffc900019cf410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   79.103288][    C0] other info that might help us debug this:
[   79.105824][    C0] context-{2:2}
[   79.107557][    C0] 6 locks held by kworker/u4:1/13:
[   79.109997][    C0]  #0: ffff88801a479148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   79.115097][    C0]  #1: ffffc900001f7bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   79.121111][    C0]  #2: ffff888052d8e250 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xb80
[   79.125809][    C0]  #3: ffff88803fe4fce0 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1a9/0xb80
[   79.130735][    C0]  #4: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa5/0x2390
[   79.135112][    C0]  #5: ffffc900019cf960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   79.139600][    C0] stack backtrace:
[   79.142799][    C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u4:1 Not tainted 6.16.0-rc2-syzkaller-00087-g24770983ccfe #0 PREEMPT(full) 
[   79.142816][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.142825][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[   79.142845][    C0] Call Trace:
[   79.142853][    C0]  <IRQ>
[   79.142860][    C0]  dump_stack_lvl+0x189/0x250
[   79.142879][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.142892][    C0]  ? __pfx__printk+0x10/0x10
[   79.142903][    C0]  ? print_lock_name+0xde/0x100
[   79.142913][    C0]  __lock_acquire+0xbcb/0xd20
[   79.142930][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   79.142942][    C0]  lock_acquire+0x120/0x360
[   79.142953][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   79.142968][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   79.143029][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   79.143040][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   79.143052][    C0]  ? xa_load+0x1ea/0x210
[   79.143063][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   79.143075][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   79.143087][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.143098][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   79.143108][    C0]  xen_timer_callback+0x109/0x220
[   79.143120][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   79.143132][    C0]  __hrtimer_run_queues+0x4e0/0xc60
[   79.143150][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   79.143165][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   79.143183][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[   79.143202][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   79.143217][    C0]  </IRQ>
[   79.143220][    C0]  <TASK>
[   79.143224][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   79.143236][    C0] RIP: 0010:lock_acquire+0x175/0x360
[   79.143250][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 3b bd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[   79.143259][    C0] RSP: 0018:ffffc900001f7398 EFLAGS: 00000206
[   79.143269][    C0] RAX: f4aec07f7a707100 RBX: 0000000000000000 RCX: f4aec07f7a707100
[   79.143277][    C0] RDX: 0000000000000000 RSI: ffffffff8db6f0d7 RDI: ffffffff8be28b80
[   79.143284][    C0] RBP: ffffffff81729af5 R08: 0000000000000000 R09: ffffffff81729af5
[   79.143290][    C0] R10: ffffc900001f7558 R11: ffffffff81acf690 R12: 0000000000000002
[   79.143297][    C0] R13: ffffffff8e13eda0 R14: 0000000000000000 R15: 0000000000000246
[   79.143303][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143318][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   79.143328][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143344][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143357][    C0]  ? kmalloc_reserve+0x136/0x290
[   79.143367][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143378][    C0]  unwind_next_frame+0xc2/0x2390
[   79.143390][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143403][    C0]  ? unwind_next_frame+0xa5/0x2390
[   79.143416][    C0]  ? __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   79.143468][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   79.143478][    C0]  arch_stack_walk+0x11c/0x150
[   79.143488][    C0]  ? kmalloc_reserve+0x136/0x290
[   79.143500][    C0]  stack_trace_save+0x9c/0xe0
[   79.143510][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[   79.143520][    C0]  ? stack_depot_save_flags+0x40/0x900
[   79.143533][    C0]  kasan_save_track+0x3e/0x80
[   79.143547][    C0]  ? kasan_save_track+0x3e/0x80
[   79.143558][    C0]  ? __kasan_kmalloc+0x93/0xb0
[   79.143566][    C0]  ? __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   79.143575][    C0]  ? kmalloc_reserve+0x136/0x290
[   79.143593][    C0]  ? __alloc_skb+0x142/0x2d0
[   79.143603][    C0]  __kasan_kmalloc+0x93/0xb0
[   79.143612][    C0]  __kmalloc_node_track_caller_noprof+0x271/0x4e0
[   79.143621][    C0]  ? __alloc_skb+0x142/0x2d0
[   79.143630][    C0]  ? __alloc_skb+0x142/0x2d0
[   79.143639][    C0]  kmalloc_reserve+0x136/0x290
[   79.143680][    C0]  __alloc_skb+0x142/0x2d0
[   79.143690][    C0]  nsim_dev_trap_report_work+0x29a/0xb80
[   79.143705][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[   79.143719][    C0]  process_scheduled_works+0xae1/0x17b0
[   79.143737][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[   79.143752][    C0]  worker_thread+0x8a0/0xda0
[   79.143766][    C0]  kthread+0x70e/0x8a0
[   79.143778][    C0]  ? __pfx_worker_thread+0x10/0x10
[   79.143789][    C0]  ? __pfx_kthread+0x10/0x10
[   79.143798][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   79.143811][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.143823][    C0]  ? __pfx_kthread+0x10/0x10
[   79.143833][    C0]  ret_from_fork+0x3f9/0x770
[   79.143847][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   79.143860][    C0]  ? __pfx_kthread+0x10/0x10
[   79.143870][    C0]  ret_from_fork_asm+0x1a/0x30
[   79.143882][    C0]  </TASK>