program:
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000400)=ANY=[@ANYBLOB="070000000000000007000000ffffffff4c32ffae000000000600000002000000020000000000000000000000000000000700008004000000000000000180000027000004070000007f00000800000000000000000000000001000040080000000000000003000000ffffff7f05000000ffff00000000000000000000000000000b0000005f0e00000100000007040000f40d000001000000a54d000000000000000000000000000000000080ffffffff05dfffff050000000000008000120000ffffffff0000000000000000000000000d000000bb020000010000000d00000003000000ff070000ffffffff00000000000000000000000008000080bf03000000000000f90000005ca1ffff24a5000007000000000000000000000000000000f631049fed57eb07410cb8114672ed7048704eadb5d4404832c728eabfb13e5502f77f694cdf"])
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f00000001c0)={@dev, @initdev}, &(0x7f00000003c0)=0xc)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='westwood\x00', 0x9)
setsockopt$inet_int(r3, 0x0, 0x13, &(0x7f0000000000)=0x4, 0x4)
syz_usb_connect$cdc_ecm(0x0, 0x5b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100f6010000862505a1a450000102d8ba09024900010100c8c0e754000002"], 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x100000020, 0x115042)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)=@usbdevfs_driver={0x5c, 0x5, &(0x7f00000000c0)="a3044b49a9cbedcfe441d3949cf617087424e3c3e7dd32ce40fdd03b7feab18caefaab9d491cac348146b52c6b3a67d5c1f9b4ec4489e69deca29612b4ad2dec9d46383b7cfd1f077eee2c943f7911b578dc6aca4f35f51ad6275e3420252b338e91992bf3c63df89002a526ff4826b3655560133bbabf433f52fcca2b4a7ac35fa91e18e48a0f4925edcf1501291a2d34c4c08132ea5a4e8ca1384f719eefbf15be708e3c1351c843fa8b3c891a9ff0a83fe051ca57724d69122854394a"})

[   75.217405][ T5335] Bluetooth: hci0: command tx timeout
[   75.558674][   T54] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   75.688582][   T54] usb 5-1: device descriptor read/64, error -71
[   75.928467][   T54] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   76.058738][   T54] usb 5-1: device descriptor read/64, error -71
[   76.169278][   T54] usb usb5-port1: attempt power cycle
[   76.382256][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[   76.385137][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[   76.508465][   T54] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   76.530086][   T54] usb 5-1: device descriptor read/8, error -71
[   76.768924][   T54] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   76.789427][   T54] usb 5-1: device descriptor read/8, error -71
[   76.902542][   T54] usb usb5-port1: unable to enumerate USB device
[   77.258555][ T5335] Bluetooth: hci0: command tx timeout
[   78.188936][    C0] 
[   78.190009][    C0] =============================
[   78.192127][    C0] [ BUG: Invalid wait context ]
[   78.194081][    C0] syzkaller #0 Not tainted
[   78.196014][    C0] -----------------------------
[   78.198194][    C0] kworker/u4:10/1081 is trying to lock:
[   78.200551][    C0] ffff888052abd410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   78.204524][    C0] other info that might help us debug this:
[   78.207006][    C0] context-{2:2}
[   78.208526][    C0] 4 locks held by kworker/u4:10/1081:
[   78.210803][    C0]  #0: ffff88803f219948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   78.215534][    C0]  #1: ffffc9000265fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   78.221191][    C0]  #2: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: batadv_nc_worker+0xd2/0x610
[   78.225309][    C0]  #3: ffff888052abd960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   78.229218][    C0] stack backtrace:
[   78.230770][    C0] CPU: 0 UID: 0 PID: 1081 Comm: kworker/u4:10 Not tainted syzkaller #0 PREEMPT(full) 
[   78.230784][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.230790][    C0] Workqueue: bat_events batadv_nc_worker
[   78.230802][    C0] Call Trace:
[   78.230809][    C0]  <IRQ>
[   78.230815][    C0]  dump_stack_lvl+0x189/0x250
[   78.230829][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.230839][    C0]  ? __pfx__printk+0x10/0x10
[   78.230852][    C0]  ? print_lock_name+0xde/0x100
[   78.230865][    C0]  __lock_acquire+0xbcb/0xd20
[   78.230882][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   78.230891][    C0]  lock_acquire+0x120/0x360
[   78.230905][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   78.230914][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   78.230924][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   78.230930][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   78.230940][    C0]  ? xa_load+0x1ea/0x210
[   78.230949][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   78.230959][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   78.230970][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   78.230982][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   78.230992][    C0]  xen_timer_callback+0x109/0x220
[   78.231003][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   78.231013][    C0]  __hrtimer_run_queues+0x4e0/0xc60
[   78.231025][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   78.231035][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   78.231048][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[   78.231061][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   78.231076][    C0]  </IRQ>
[   78.231079][    C0]  <TASK>
[   78.231084][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   78.231096][    C0] RIP: 0010:lock_acquire+0x175/0x360
[   78.231109][    C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 bb d1 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[   78.231114][    C0] RSP: 0018:ffffc9000265f980 EFLAGS: 00000206
[   78.231121][    C0] RAX: f0d7be597535b200 RBX: 0000000000000000 RCX: f0d7be597535b200
[   78.231125][    C0] RDX: 0000000000000000 RSI: ffffffff8dbaa9c9 RDI: ffffffff8be34a00
[   78.231130][    C0] RBP: ffffffff8b4945e2 R08: 0000000000000000 R09: ffffffff8b4945e2
[   78.231134][    C0] R10: dffffc0000000000 R11: ffffffff8b494510 R12: 0000000000000002
[   78.231138][    C0] R13: ffffffff8e139f20 R14: 0000000000000000 R15: 0000000000000246
[   78.231143][    C0]  ? batadv_nc_worker+0xd2/0x610
[   78.231150][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[   78.231157][    C0]  ? batadv_nc_worker+0xd2/0x610
[   78.231166][    C0]  ? batadv_nc_worker+0xd2/0x610
[   78.231174][    C0]  ? batadv_nc_worker+0xd2/0x610
[   78.231181][    C0]  batadv_nc_worker+0xef/0x610
[   78.231192][    C0]  ? batadv_nc_worker+0xd2/0x610
[   78.231201][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[   78.231213][    C0]  process_scheduled_works+0xae1/0x17b0
[   78.231227][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[   78.231239][    C0]  worker_thread+0x8a0/0xda0
[   78.231256][    C0]  kthread+0x70e/0x8a0
[   78.231267][    C0]  ? __pfx_worker_thread+0x10/0x10
[   78.231278][    C0]  ? __pfx_kthread+0x10/0x10
[   78.231289][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   78.231300][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   78.231314][    C0]  ? __pfx_kthread+0x10/0x10
[   78.231324][    C0]  ret_from_fork+0x3fc/0x770
[   78.231345][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   78.231356][    C0]  ? __pfx_kthread+0x10/0x10
[   78.231367][    C0]  ret_from_fork_asm+0x1a/0x30
[   78.231383][    C0]  </TASK>
[   79.339166][ T5335] Bluetooth: hci0: command tx timeout