program:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]})
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040))
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
syz_mount_image$hfs(&(0x7f0000000740), &(0x7f0000000500)='./file0\x00', 0x1000000, &(0x7f0000000f80)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303031363430342c6469725f756d61736b3d30303030303030303030303030303030303030303030362c756d61736b3d30303030303030303030303030303030303030303030362c636f6465706167653d69736f383835392d31352c696f636861727365743d6b6f69382d72752c756d61736b3d30303030303030303030303030303034303030323030312c004c6f50c2bd01aefd66eb6bed6e75012bf385a8da12991904730f4f53eaa3a7b28c96604358941e91adac010f50ac2ec1e9ffbd8f9b3a42fc94db6f71621e4c830322a0f5a021cb2b5390f20c753380e3a5bd2070ea67b0612d49bd6b490f3dd5803412e4997cdb6a0a204a836d2cd054724cf93a277edfa6c4ef5ebe3095e6cde68241fe2b85198199f321323296b004dc39eef0d65e4915629c787e6a1522cd0157014bb46d0410a0ae4ecac4d6013340fcadfe1a6aba51668a84ba72f618", @ANYBLOB="69b9a83f85916a8c52e7be462eac6ab8670408e9a43303e503523b064c331e11b3b4caa9f8c5332db6c647d1b663824afdc497a553e16268257bbea919b1ec50b5d98bd05250a722", @ANYBLOB="0db9c267b6af2dc87e93cc52b64365e318aba650a9457f2c73a71cc8375e62a23420f91521237203740008133f0e37ae84813c0b3e7a1862583ff78b277014e97d68290a9aee6e00b0d122f3e3f9afef2c7c8f268b0212b837c97085fbc74e5a2c18b9d5170d29bede925b81845b4c831804893462742b8b6e916d33278c6c4943e65d2e01b33879bcd27849ab515df9814208a27b51bb9ae30c85777b9eb8481fcbd2a84502578c129b6d0bc6b06ce0dab7e1a28163a29ad74e", @ANYRES64], 0x11, 0x2fa, &(0x7f00000001c0)="$eJzs3U1rE0Ecx/HfbBKbPlDXtiJ4UWoLehHrA4gIFclNevckapNCMVRsK6iXVvGm+AK8efAt+CI8qHjzpCdPvoDeVmYySXfbzaax3W5bvx9o2ExmZv/L7Gbmv5CuAPy3btd+frzy2/4ZqaSSpBtSIKkqlSWd1Knq06XVxdVmo57VUcm1sH9GrZZmW535pUZaU9vOtfBC+66skXgZ8hFF0a1fRQeBwrmrP0UgDfjr0H1e3ee48rIunSk6hv0WH2CzoQ0902iB4QAADgA//wd+mhhxRUZBIE3Hp/2jMv9vFB3A3rra3FYUZTZw8/+PodF25hUZO+7H3Ueb+Z5L4eznQTtL3EkwlS3vj6l1ZiUWmKZXVuliCQYXFsu6OP9S9UCvNOvFqk2413rr1G3rEe1kSm6aoXtvFc0NtY7GrSi3aoe0sNhsDNiNlPjH+9vj7ryxoX4238w9E+q96p31XzkydpjcSIVbRiqo2Pgvde912LWyteTT/llFQaLKCbeT034PXo+jrKZnJPE+2zcI1jsRZMXp9j2m5G2F1tHN9Gg1ntYq7Lzr0moi0aoUuyeSeSslH+1DNO/MXTOpP/qkWmz9H9j4phW7MrO+6o2r6c+M+cfNenJkY8quZrht5ti8XM52IvAG+j42SH3eLXurh7qu0ZXnLx6Vms3Gst14kLLxZGTZ+JLKaym1Tv4bJWXU0fpmSWStRdFOe47yDP7CnnZovz86JfbySatsr7JOSdCj5/ZEXcyY5rWx5o8qx13UvirrhDw8G1EkJUrmbn7xH+359xMOoBVjxzo2dQwWGQ0KYNddppX/uZW8X9W5pap9CTPW6dlJphI9znQyuORScMy9DvWVwQ13z+Bie7zcJWd0Ode589JUrNDI73EttdvQx3lEmJq+6z73/wEAAAAAAAAAAAAAAAAAAA6bnfxUINjlT0SKPkYAAAAAAAAAAAAAAAAAAAAAAA67f3r+b9r/iHfP/w3Tnv/74drUndYWz/8FDpS/AQAA//8qfm8q")
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffe, 0x2})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r5, 0xc06c4124, &(0x7f00000003c0))
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]}) (async)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) (async)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) (async)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) (async)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) (async)
syz_mount_image$hfs(&(0x7f0000000740), &(0x7f0000000500)='./file0\x00', 0x1000000, &(0x7f0000000f80)=ANY=[@ANYBLOB="756d61736b3d30303030303030303030303030303030303031363430342c6469725f756d61736b3d30303030303030303030303030303030303030303030362c756d61736b3d30303030303030303030303030303030303030303030362c636f6465706167653d69736f383835392d31352c696f636861727365743d6b6f69382d72752c756d61736b3d30303030303030303030303030303034303030323030312c004c6f50c2bd01aefd66eb6bed6e75012bf385a8da12991904730f4f53eaa3a7b28c96604358941e91adac010f50ac2ec1e9ffbd8f9b3a42fc94db6f71621e4c830322a0f5a021cb2b5390f20c753380e3a5bd2070ea67b0612d49bd6b490f3dd5803412e4997cdb6a0a204a836d2cd054724cf93a277edfa6c4ef5ebe3095e6cde68241fe2b85198199f321323296b004dc39eef0d65e4915629c787e6a1522cd0157014bb46d0410a0ae4ecac4d6013340fcadfe1a6aba51668a84ba72f618", @ANYBLOB="69b9a83f85916a8c52e7be462eac6ab8670408e9a43303e503523b064c331e11b3b4caa9f8c5332db6c647d1b663824afdc497a553e16268257bbea919b1ec50b5d98bd05250a722", @ANYBLOB="0db9c267b6af2dc87e93cc52b64365e318aba650a9457f2c73a71cc8375e62a23420f91521237203740008133f0e37ae84813c0b3e7a1862583ff78b277014e97d68290a9aee6e00b0d122f3e3f9afef2c7c8f268b0212b837c97085fbc74e5a2c18b9d5170d29bede925b81845b4c831804893462742b8b6e916d33278c6c4943e65d2e01b33879bcd27849ab515df9814208a27b51bb9ae30c85777b9eb8481fcbd2a84502578c129b6d0bc6b06ce0dab7e1a28163a29ad74e", @ANYRES64], 0x11, 0x2fa, &(0x7f00000001c0)="$eJzs3U1rE0Ecx/HfbBKbPlDXtiJ4UWoLehHrA4gIFclNevckapNCMVRsK6iXVvGm+AK8efAt+CI8qHjzpCdPvoDeVmYySXfbzaax3W5bvx9o2ExmZv/L7Gbmv5CuAPy3btd+frzy2/4ZqaSSpBtSIKkqlSWd1Knq06XVxdVmo57VUcm1sH9GrZZmW535pUZaU9vOtfBC+66skXgZ8hFF0a1fRQeBwrmrP0UgDfjr0H1e3ee48rIunSk6hv0WH2CzoQ0902iB4QAADgA//wd+mhhxRUZBIE3Hp/2jMv9vFB3A3rra3FYUZTZw8/+PodF25hUZO+7H3Ueb+Z5L4eznQTtL3EkwlS3vj6l1ZiUWmKZXVuliCQYXFsu6OP9S9UCvNOvFqk2413rr1G3rEe1kSm6aoXtvFc0NtY7GrSi3aoe0sNhsDNiNlPjH+9vj7ryxoX4238w9E+q96p31XzkydpjcSIVbRiqo2Pgvde912LWyteTT/llFQaLKCbeT034PXo+jrKZnJPE+2zcI1jsRZMXp9j2m5G2F1tHN9Gg1ntYq7Lzr0moi0aoUuyeSeSslH+1DNO/MXTOpP/qkWmz9H9j4phW7MrO+6o2r6c+M+cfNenJkY8quZrht5ti8XM52IvAG+j42SH3eLXurh7qu0ZXnLx6Vms3Gst14kLLxZGTZ+JLKaym1Tv4bJWXU0fpmSWStRdFOe47yDP7CnnZovz86JfbySatsr7JOSdCj5/ZEXcyY5rWx5o8qx13UvirrhDw8G1EkJUrmbn7xH+359xMOoBVjxzo2dQwWGQ0KYNddppX/uZW8X9W5pap9CTPW6dlJphI9znQyuORScMy9DvWVwQ13z+Bie7zcJWd0Ode589JUrNDI73EttdvQx3lEmJq+6z73/wEAAAAAAAAAAAAAAAAAAA6bnfxUINjlT0SKPkYAAAAAAAAAAAAAAAAAAAAAAA67f3r+b9r/iHfP/w3Tnv/74drUndYWz/8FDpS/AQAA//8qfm8q") (async)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x0) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224"], 0x0) (async)
syz_usb_control_io$hid(r6, 0x0, 0x0) (async)
syz_usb_control_io$hid(r6, 0x0, 0x0) (async)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r5, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffe, 0x2}) (async)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r5, 0xc06c4124, &(0x7f00000003c0)) (async)

[   85.152689][ T4668] Bluetooth: hci0: command tx timeout
[   85.294512][ T5324] loop0: detected capacity change from 0 to 64
[   85.321442][   T25] audit: type=1800 audit(1748689451.609:2): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="bus" dev="loop0" ino=21 res=0 errno=0
[   85.582298][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.736534][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   85.740608][   T10] usb 5-1: config 0 has no interfaces?
[   85.743618][   T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   85.747536][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.758165][   T10] usb 5-1: config 0 descriptor??
[   86.657553][   T54] cfg80211: failed to load regulatory.db
[   86.697977][   T54] usb 5-1: USB disconnect, device number 2
[   87.213629][ T4668] Bluetooth: hci0: command tx timeout
[   88.123589][    C0] 
[   88.124790][    C0] =============================
[   88.126867][    C0] [ BUG: Invalid wait context ]
[   88.129233][    C0] 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 Not tainted
[   88.132371][    C0] -----------------------------
[   88.134409][    C0] swapper/0/0 is trying to lock:
[   88.136621][    C0] ffffc900019df410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9a0
[   88.140410][    C0] other info that might help us debug this:
[   88.142963][    C0] context-{2:2}
[   88.144515][    C0] 1 lock held by swapper/0/0:
[   88.146830][    C0]  #0: ffffc900019df960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9a0
[   88.151252][    C0] stack backtrace:
[   88.152964][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[   88.152975][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.152980][    C0] Call Trace:
[   88.152987][    C0]  <IRQ>
[   88.152992][    C0]  dump_stack_lvl+0x189/0x250
[   88.153010][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.153022][    C0]  ? __pfx__printk+0x10/0x10
[   88.153035][    C0]  ? print_lock_name+0xde/0x100
[   88.153045][    C0]  __lock_acquire+0xbcb/0xd20
[   88.153058][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0
[   88.153066][    C0]  lock_acquire+0x120/0x360
[   88.153073][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0
[   88.153081][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   88.153144][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9a0
[   88.153155][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   88.153168][    C0]  ? xa_load+0x1ea/0x210
[   88.153180][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9a0
[   88.153191][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   88.153204][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.153216][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9a0
[   88.153226][    C0]  xen_timer_callback+0x109/0x220
[   88.153238][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   88.153249][    C0]  __hrtimer_run_queues+0x4dd/0xc60
[   88.153266][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   88.153278][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   88.153294][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[   88.153307][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   88.153323][    C0]  </IRQ>
[   88.153327][    C0]  <TASK>
[   88.153330][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   88.153342][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   88.153353][    C0] Code: 43 d5 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 a2 24 00 f3 0f 1e fa fb f4 <e9> 18 d5 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   88.153361][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6
[   88.153372][    C0] RAX: cdbf26d94f645100 RBX: ffffffff81975728 RCX: cdbf26d94f645100
[   88.153380][    C0] RDX: 0000000000000001 RSI: ffffffff8d96e6f6 RDI: ffffffff8be265c0
[   88.153386][    C0] RBP: ffffffff8de07ea8 R08: ffff88801fc32f5b R09: 1ffff11003f865eb
[   88.153393][    C0] R10: dffffc0000000000 R11: ffffed1003f865ec R12: ffffffff8fa0a9f0
[   88.153400][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a48
[   88.153407][    C0]  ? do_idle+0x1e8/0x510
[   88.153422][    C0]  default_idle+0x13/0x20
[   88.153432][    C0]  default_idle_call+0x74/0xb0
[   88.153442][    C0]  do_idle+0x1e8/0x510
[   88.153454][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.153464][    C0]  ? __pfx_do_idle+0x10/0x10
[   88.153476][    C0]  ? do_idle+0x4ed/0x510
[   88.153488][    C0]  cpu_startup_entry+0x44/0x60
[   88.153499][    C0]  rest_init+0x2de/0x300
[   88.153512][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[   88.153523][    C0]  start_kernel+0x478/0x500
[   88.153545][    C0]  x86_64_start_reservations+0x24/0x30
[   88.153557][    C0]  x86_64_start_kernel+0x143/0x1c0
[   88.153565][    C0]  common_startup_64+0x13e/0x147
[   88.153584][    C0]  </TASK>
[   89.292599][ T4668] Bluetooth: hci0: command tx timeout