program:
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r5=>0x0})
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)={0x30, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8}, @NL80211_ATTR_CQM_RSSI_THOLD={0x5, 0x1, [0x0]}]}]}, 0x30}}, 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dcbeec0696c37b64e3b24da3183dbe97e805165c0f63cdc2e82818254950ee03568b88091e6a86450545c0e18e09"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r8, r7, 0x2}, 0x10)
socket$l2tp(0x2, 0x2, 0x73)
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2)
socket(0x10, 0x803, 0x0)
set_mempolicy(0x1, &(0x7f00000001c0)=0xf, 0x2)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'pim6reg0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r11, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r11, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r11, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0xffffffffff600000)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_debug_messages', 0x1a1081, 0x18)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)

[   74.798480][ T4690] Bluetooth: hci0: command tx timeout
[   75.278436][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.464080][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.467898][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.858854][ T4690] Bluetooth: hci0: command tx timeout
[   77.767120][    C0] 
[   77.769142][    C0] =============================
[   77.772566][    C0] [ BUG: Invalid wait context ]
[   77.775740][    C0] 6.16.0-rc4-syzkaller-00348-g772b78c2abd8 #0 Not tainted
[   77.779693][    C0] -----------------------------
[   77.782324][    C0] swapper/0/0 is trying to lock:
[   77.785273][    C0] ffffc90001a27410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.791102][    C0] other info that might help us debug this:
[   77.794672][    C0] context-{2:2}
[   77.796928][    C0] 1 lock held by swapper/0/0:
[   77.799741][    C0]  #0: ffffc90001a27960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   77.808126][    C0] stack backtrace:
[   77.810292][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-syzkaller-00348-g772b78c2abd8 #0 PREEMPT(full) 
[   77.810305][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.810311][    C0] Call Trace:
[   77.810317][    C0]  <IRQ>
[   77.810322][    C0]  dump_stack_lvl+0x189/0x250
[   77.810336][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   77.810344][    C0]  ? __pfx__printk+0x10/0x10
[   77.810353][    C0]  ? print_lock_name+0xde/0x100
[   77.810362][    C0]  __lock_acquire+0xbcb/0xd20
[   77.810370][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.810376][    C0]  lock_acquire+0x120/0x360
[   77.810382][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.810390][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   77.810450][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.810457][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   77.810465][    C0]  ? xa_load+0x1ea/0x210
[   77.810472][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   77.810479][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   77.810487][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.810495][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   77.810502][    C0]  xen_timer_callback+0x109/0x220
[   77.810508][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   77.810514][    C0]  __hrtimer_run_queues+0x4dd/0xc60
[   77.810584][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   77.810592][    C0]  ? rcu_is_watching+0x15/0xb0
[   77.810601][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   77.810611][    C0]  __sysvec_apic_timer_interrupt+0x10b/0x410
[   77.810620][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   77.810631][    C0]  </IRQ>
[   77.810633][    C0]  <TASK>
[   77.810636][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   77.810643][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   77.810653][    C0] Code: 03 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 26 19 00 f3 0f 1e fa fb f4 <e9> d8 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   77.810659][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[   77.810668][    C0] RAX: db13c2636555f100 RBX: ffffffff81975c78 RCX: db13c2636555f100
[   77.810672][    C0] RDX: 0000000000000001 RSI: ffffffff8d99765e RDI: ffffffff8be29640
[   77.810677][    C0] RBP: ffffffff8de07ea8 R08: ffff88801fc32f5b R09: 1ffff11003f865eb
[   77.810681][    C0] R10: dffffc0000000000 R11: ffffed1003f865ec R12: ffffffff8fa1e5f0
[   77.810686][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50
[   77.810690][    C0]  ? do_idle+0x1e8/0x510
[   77.810700][    C0]  default_idle+0x13/0x20
[   77.810706][    C0]  default_idle_call+0x74/0xb0
[   77.810712][    C0]  do_idle+0x1e8/0x510
[   77.810720][    C0]  ? __pfx_do_idle+0x10/0x10
[   77.810726][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   77.810735][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   77.810743][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   77.810752][    C0]  cpu_startup_entry+0x44/0x60
[   77.810759][    C0]  rest_init+0x2de/0x300
[   77.810765][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[   77.810798][    C0]  start_kernel+0x47d/0x500
[   77.810809][    C0]  x86_64_start_reservations+0x24/0x30
[   77.810824][    C0]  x86_64_start_kernel+0x143/0x1c0
[   77.810833][    C0]  common_startup_64+0x13e/0x147
[   77.810845][    C0]  </TASK>
[   77.998058][    T9] usb 5-1: string descriptor 0 read error: -71
[   78.016776][    T9] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   78.027803][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3