program:
r0 = socket$inet6(0xa, 0x40000080806, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_aout(r1, &(0x7f00000002c0)=ANY=[], 0xc1)
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r1, 0x0) (async)
io_uring_setup(0x1533, &(0x7f0000000000)={0x0, 0xeeac, 0x4000, 0x3, 0x142, 0x0, r1})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_LEN={0x8}, @NFTA_BYTEORDER_DREG={0x8}, @NFTA_BYTEORDER_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x88}}, 0x0) (async)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r3, &(0x7f0000006d40)=[{{&(0x7f0000001540)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001980)=[{&(0x7f0000001580)="bd7f", 0x2}], 0x1}}, {{&(0x7f0000001a80)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000003e40)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ssrr={0x83, 0x3, 0xd}]}}}], 0x18}}], 0x2, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) (async)
listen(r0, 0x400000001ffffffd)
r4 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
sendmmsg$inet6(r4, &(0x7f0000003480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[@flowinfo={{0x14}}], 0x18}}, {{0x0, 0x0, &(0x7f0000001c80)=[{&(0x7f00000017c0)="f6", 0x1}, {0x0}, {0x0, 0xffffff35}], 0x3}}, {{0x0, 0x0, &(0x7f0000003100)=[{0x0}, {0x0}], 0x2, &(0x7f0000003180)=[@rthdrdstopts={{0x38, 0x29, 0x37, {0x0, 0x3, '\x00', [@hao={0xc9, 0x10, @mcast2}, @generic, @calipso={0x7, 0x8}]}}}, @rthdr_2292={{0x18, 0x29, 0x39, {0x0, 0x2000000000000027}}}], 0x50}}], 0x3, 0x0)

[  116.869306][    C0] 
[  116.870353][    C0] =============================
[  116.872086][    C0] [ BUG: Invalid wait context ]
[  116.873847][    C0] 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted
[  116.876380][    C0] -----------------------------
[  116.878366][    C0] syz.0.0/5328 is trying to lock:
[  116.880512][    C0] ffffffff8ea70198 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x5cb/0x800
[  116.885007][    C0] other info that might help us debug this:
[  116.887754][    C0] context-{2:2}
[  116.889289][    C0] 1 lock held by syz.0.0/5328:
[  116.891420][    C0]  #0: ffff88801fc3e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  116.895128][    C0] stack backtrace:
[  116.896470][    C0] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0
[  116.896507][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.896520][    C0] Call Trace:
[  116.896552][    C0]  <TASK>
[  116.896557][    C0]  dump_stack_lvl+0x241/0x360
[  116.896573][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.896583][    C0]  ? __pfx__printk+0x10/0x10
[  116.896596][    C0]  ? stack_trace_save+0x118/0x1d0
[  116.896609][    C0]  __lock_acquire+0x15a8/0x2100
[  116.896626][    C0]  lock_acquire+0x1ed/0x550
[  116.896637][    C0]  ? __set_page_owner+0x5cb/0x800
[  116.896651][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  116.896666][    C0]  _raw_spin_lock_irqsave+0xd5/0x120
[  116.896704][    C0]  ? __set_page_owner+0x5cb/0x800
[  116.896715][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  116.896726][    C0]  ? __kmalloc_cache_noprof+0x243/0x390
[  116.896736][    C0]  ? __set_page_owner+0x55f/0x800
[  116.896748][    C0]  __set_page_owner+0x5cb/0x800
[  116.896762][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  116.896774][    C0]  post_alloc_hook+0x1f3/0x230
[  116.896786][    C0]  get_page_from_freelist+0x365c/0x37a0
[  116.896809][    C0]  __alloc_pages_noprof+0x292/0x710
[  116.896822][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  116.896835][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  116.896846][    C0]  ? __kernel_text_address+0xd/0x40
[  116.896855][    C0]  ? unwind_get_return_address+0x4d/0x90
[  116.896869][    C0]  alloc_pages_mpol_noprof+0x3e1/0x780
[  116.896885][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  116.896898][    C0]  ? stack_trace_save+0x118/0x1d0
[  116.896909][    C0]  ? alloc_pages_noprof+0x43/0x170
[  116.896918][    C0]  stack_depot_save_flags+0x72d/0x940
[  116.896957][    C0]  kasan_save_stack+0x4f/0x60
[  116.896969][    C0]  ? kasan_save_stack+0x3f/0x60
[  116.896980][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[  116.896990][    C0]  ? task_work_add+0xd9/0x490
[  116.897003][    C0]  ? task_tick_fair+0x30d/0x4e0
[  116.897015][    C0]  ? sched_tick+0x21e/0x660
[  116.897023][    C0]  ? update_process_times+0x276/0x2f0
[  116.897034][    C0]  ? tick_nohz_handler+0x37c/0x500
[  116.897044][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[  116.897057][    C0]  ? hrtimer_interrupt+0x403/0xa40
[  116.897069][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  116.897081][    C0]  ? sysvec_apic_timer_interrupt+0x52/0xc0
[  116.897091][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.897111][    C0]  ? __phys_addr+0xba/0x170
[  116.897123][    C0]  __kasan_record_aux_stack+0xac/0xc0
[  116.897133][    C0]  task_work_add+0xd9/0x490
[  116.897146][    C0]  ? __pfx_task_work_add+0x10/0x10
[  116.897159][    C0]  ? task_scan_start+0x14c/0x430
[  116.897170][    C0]  ? task_scan_start+0x14c/0x430
[  116.897183][    C0]  ? task_scan_start+0x3f5/0x430
[  116.897196][    C0]  task_tick_fair+0x30d/0x4e0
[  116.897209][    C0]  sched_tick+0x21e/0x660
[  116.897240][    C0]  update_process_times+0x276/0x2f0
[  116.897253][    C0]  tick_nohz_handler+0x37c/0x500
[  116.897264][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  116.897273][    C0]  __hrtimer_run_queues+0x551/0xd30
[  116.897286][    C0]  ? ktime_get_update_offsets_now+0x2d/0x3b0
[  116.897301][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  116.897316][    C0]  hrtimer_interrupt+0x403/0xa40
[  116.897334][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[  116.897346][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  116.897352][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.897360][    C0] RIP: 0033:0x7f0ada46325c
[  116.897412][    C0] Code: 0a bf e8 03 00 00 e8 43 9a 12 00 48 8b 05 4c 25 e7 00 8b 40 08 85 c0 74 e8 bf 02 00 00 00 e8 9b ca fe ff 48 8b 15 4c ee 33 00 <48> 8b 02 48 83 f8 02 74 f7 48 8b 02 48 83 f8 03 0f 84 6a 0a 00 00
[  116.897419][    C0] RSP: 002b:00007fff26500c50 EFLAGS: 00000246
[  116.897425][    C0] RAX: 0000000000000002 RBX: 0000000000010000 RCX: 00007f0ada628097
[  116.897429][    C0] RDX: 00007f0ad91ff000 RSI: 00007f0ada62808d RDI: 00007f0ada5ead08
[  116.897433][    C0] RBP: 0000000000dffff0 R08: 0000000000000000 R09: 00007fff26500ae7
[  116.897437][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f0ada776f68
[  116.897440][    C0] R13: 00007f0ada776260 R14: 00007fff26500f00 R15: 00007fff26500f00
[  116.897449][    C0]  </TASK>
[  117.060157][ T5315] Bluetooth: hci0: command tx timeout
[  117.087764][ T5329] Zero length message leads to an empty skb