program:
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@getchain={0x3c, 0x66, 0x200, 0x70bd25, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0xfff2, 0xc}, {0x1, 0x6}, {0xffe0, 0x2}}, [{0x8, 0xb, 0x8}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xb431}]}, 0x3c}}, 0x0) (async)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x598}, {&(0x7f00000007c0)=""/154, 0x4c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r1 = socket$inet(0x10, 0x5, 0x7)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'netdevsim0\x00'})
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async, rerun: 64)
r6 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300)={[{@dioread_nolock}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==") (rerun: 64)
truncate(&(0x7f0000000040)='./file1\x00', 0x7fff) (async, rerun: 32)
r7 = openat(r6, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) (rerun: 32)
ioctl$EXT4_IOC_MOVE_EXT(r7, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0x7, 0xfffffffd, 0x0, 0x7}) (async)
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r8, 0x4048aecb, &(0x7f0000001fc0)=ANY=[@ANYBLOB="0700000000fdff0007000000ffffffff4932ffae000000000600000006000000020000000000000000000000000000000700008004000000000000000180000027000000070000007f00000000000000000000000000000001000040080000000000000003000000ffffff7f05000000ffff00000000000000000000000000000b0000005f0e00000100000007000000f40d000006000000ffffff7f000000000000000000000000000000800000000005000000060000000000008000000000ffffffff000000000000000000000000010000c0bb020000010000000d00000003000000ff070000ffffffff00000000000000000000000008000080bf03000000000000001000005ca1ffff24a50000070000000000000000000000000000005356d6d2841833a7e5e912045fde5a8c96856a103ab131ada0229f548d922c14a00b4ff7dc0c1f320b0c149c45"]) (async, rerun: 32)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r9=>0x0}) (rerun: 32)
syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f00000002c0)='./file0\x00', 0xc80, &(0x7f0000020100)=ANY=[@ANYBLOB="00631dda01aef2456795dd9b26209f1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d2e660c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e900000100000149e6d308cbe315789f4baffe39bbced9b1d421d2e290e9fc563b62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e7854103f4bf2d3a0194983bc86cbd3d75ccef3c8ac4516dac102"], 0x1, 0x266, &(0x7f000001fe80)="$eJzs281OE1EYxvGHDwVBmCqKgjG+0Y1uJlCvoCGQGJtokBo/EpNBptp0aEmnwdQYYefW6yAu3ZkYb4CNV+DCHRuXLIxjmKnQlhrDQiba/29zXnJ4mnP6njZn0dl58Ha1XAzdoldXf59pUNrUrpRRvwaU6GuO/XF9Uq02dWMi/+XyvYePbufy+flFs4Xc0s2smY1f+fji1burn+qj99+PfxjSdubJzrfs1+3J7amdH0vPS6GVQqtU6+bZcrVa95YD31ZKYdk1uxv4XuhbqRL6tbb5YlBdW2uYV1kZG1mr+WFoXqVhZb9h9arVaw3znnmlirmua2Mjwp8UthYXvVzaq8DfVavlvDlJ04dmClupLAgAAKSK+38v4/7fC/bu/4+bn9923P8BAAAAAAAAAAAAAAAAAAAAAPgX7EaRE0WR82s8IcVP+ETNv09JGpE0Kum0pDFJ45IcSRlJZySdlTQh6Zyk85ImJV2QdFHSVMtrpb1XHEb/exv97230v7e1PLg7LK2+WS+sF5Ixmc8VVVIgXzNy9D3uZVNSL9zKz89YLKNLqxvN/MZ6YaA9Pytn78B0y88meWvPD8Xnbj+flbN3wLrls13zw7p+rSXvytHnp6oq0Ep8Jg/yr2fN5u7kO/LT8f/971zb17V/rvu7+SR/hPPR8f4Oanow3b1DChsvy14Q+DUKCgqK/SLtbyYch4Omp70SAAAAAAAAAAAAAAAAAMBRHMfPCdPeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnX4GAAD//5KSYE0=") (async, rerun: 32)
mkdir(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x44) (async, rerun: 32)
r10 = creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10) (async)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f00000000c0)={0x18, r9, 0x2, 0x0, &(0x7f0000000280)=[{0x7fff, 0xffffffffffffffff}, {0x0, 0x1542}]}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r9, 0x0, &(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000000000000})
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x1d, &(0x7f0000000000)={&(0x7f0000002300)=ANY=[@ANYBLOB="000000000000000000000000000000ee3037ad29e5ffd610429b748acd1991353c4ff5522d3718b07078759bc34c9e3d72974e01ea9de6fa7057950a8311237143e953fa053c5eac39b31df6c51a3e05", @ANYRES32=0x0, @ANYBLOB="2002000000000100200012800c0001006d6163766c616e00100002800a000900ffffffffffff000008000500", @ANYRESOCT=r5, @ANYBLOB="ff0462cb9fca54bf80be601dfe65f90eeeaae8e81e0be725a0e726f791cdba338c238e354604263bdc4a7428618746837c3e8a8a99b3a87ca13b69eed148ec736c4617e62bbf2947d99c9511b0a29e5dc83dcc9d36701e2df50a97860a5c58db521c438749d11692d35d56d4f2d24742a6d24612b9427954e83b5c468b942645f5633cb9f8df3f3906c9cc84d95deb2089578f1efb31e75bd121b37c0cadf8d92079e451f89b1cef77a94b0a932bfebc5ae0bc2b684a8b8ca9282d5f5cd1a1c3ea2e3fc8a7dcb1c96423466e9624742bf28a2cd0a1e465c5740f687285a91f0f905099f43f57f7bc5104aaa8071c2ff21d3d6c9b0beca981aaa229af07b88972673d88ef5f108a0b092512dc19354616c5cce0cb9c1f602a"], 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
r11 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION2(r10, 0x40a0ae49, &(0x7f0000000880)={0x3, 0x1, 0x100000, 0x2000, &(0x7f0000ffa000/0x2000)=nil, 0x0, r11}) (async)
ftruncate(r11, 0x800)
lseek(r11, 0x200, 0x0) (async)
r12 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
sendfile(r11, r12, 0x0, 0xf800)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r3, 0x3ba0, &(0x7f00000006c0)={0x48, 0x8, r11, 0x0, 0x6, 0x96, &(0x7f0000000540)="2ce7aa5591f13814554193b1fce72584a92011cf9813ea68d7e0f96ce51f5c0e99e382db5e36acc0cb93c49e3112c17c104bc65557f11608bb092e83641b396b4cfa0acc6c78099e187917617fe5ea5b5d0865b8e091865040013a95484276d5bd4882ea5c396b4bf3708942c24c95a70c1d5818c8096560d57b1d7c7fa7f42d4c0b0905c040ba60e19db640e8489ff75c65d1ff9d8e", 0x4})

[   74.304351][ T5304] Bluetooth: hci0: command tx timeout
[   74.416134][ T5326] loop0: detected capacity change from 0 to 512
[   74.464763][ T5326] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   74.470213][ T5326] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   74.526139][ T5326] EXT4-fs (loop0): 1 truncate cleaned up
[   74.535838][ T5326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.325059][ T5304] Bluetooth: hci0: command tx timeout
[   76.411229][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[   76.414236][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[   77.331402][    C0] 
[   77.332591][    C0] =============================
[   77.334797][    C0] [ BUG: Invalid wait context ]
[   77.336993][    C0] 6.15.0-syzkaller-13473-gc0c9379f235d #0 Not tainted
[   77.340056][    C0] -----------------------------
[   77.342595][    C0] swapper/0/0 is trying to lock:
[   77.345490][    C0] ffffc90002162410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.350044][    C0] other info that might help us debug this:
[   77.352696][    C0] context-{2:2}
[   77.354384][    C0] 1 lock held by swapper/0/0:
[   77.356898][    C0]  #0: ffffc90002162960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   77.362072][    C0] stack backtrace:
[   77.363833][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) 
[   77.363848][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.363854][    C0] Call Trace:
[   77.363862][    C0]  <IRQ>
[   77.363868][    C0]  dump_stack_lvl+0x189/0x250
[   77.363890][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.363905][    C0]  ? __pfx__printk+0x10/0x10
[   77.363916][    C0]  ? print_lock_name+0xde/0x100
[   77.363925][    C0]  __lock_acquire+0xbcb/0xd20
[   77.363939][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.363951][    C0]  lock_acquire+0x120/0x360
[   77.363963][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.363978][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   77.364045][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.364056][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   77.364067][    C0]  ? xa_load+0x1ea/0x210
[   77.364079][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.364090][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   77.364102][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.364114][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   77.364126][    C0]  xen_timer_callback+0x109/0x220
[   77.364139][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   77.364150][    C0]  __hrtimer_run_queues+0x4dd/0xc60
[   77.364169][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   77.364183][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   77.364203][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[   77.364214][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   77.364227][    C0]  </IRQ>
[   77.364230][    C0]  <TASK>
[   77.364234][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   77.364245][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   77.364297][    C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 45 22 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   77.364307][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[   77.364317][    C0] RAX: 4b7ef9447a61d200 RBX: ffffffff81976058 RCX: 4b7ef9447a61d200
[   77.364324][    C0] RDX: 0000000000000001 RSI: ffffffff8d98147d RDI: ffffffff8be28380
[   77.364330][    C0] RBP: ffffffff8de07ea8 R08: ffff88801fc32f5b R09: 1ffff11003f865eb
[   77.364336][    C0] R10: dffffc0000000000 R11: ffffed1003f865ec R12: ffffffff8fa112f0
[   77.364343][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[   77.364350][    C0]  ? do_idle+0x1e8/0x510
[   77.364362][    C0]  default_idle+0x13/0x20
[   77.364372][    C0]  default_idle_call+0x74/0xb0
[   77.364389][    C0]  do_idle+0x1e8/0x510
[   77.364399][    C0]  ? __pfx_do_idle+0x10/0x10
[   77.364407][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.364423][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.364436][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.364461][    C0]  cpu_startup_entry+0x44/0x60
[   77.364471][    C0]  rest_init+0x2de/0x300
[   77.364481][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[   77.364495][    C0]  start_kernel+0x47d/0x500
[   77.364509][    C0]  x86_64_start_reservations+0x24/0x30
[   77.364522][    C0]  x86_64_start_kernel+0x143/0x1c0
[   77.364533][    C0]  common_startup_64+0x13e/0x147
[   77.364547][    C0]  </TASK>