program:
inotify_init1(0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=@newqdisc={0x24, 0x24, 0x0, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {}, {0x1}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x70bd26, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x7, 0xf, 0x1, 0x1000, 0x400000d}, 0x1}}]}, {0x4}, {0xc, 0x4, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000050}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]})
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_80211_inject_frame(0x0, &(0x7f00000000c0)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x54e}}, 0x0, @default, 0x1, @void, @val, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @void}, 0x29)
r5 = creat(&(0x7f0000000180)='./file1\x00', 0xd)
write$P9_RUNLINKAT(r5, &(0x7f00000000c0)={0x7, 0x4d, 0x1}, 0xfff2)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4, 0x11, r6, 0x0)
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x800, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc32, &(0x7f00000018c0)="$eJzs3U9sHNd9B/DfGy3Fpd3WTJwoThoXm7ZIZcZy9S+mYhXuqqbZBpBlIhRzM8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUlRESOSEmV9Pjb13Z15b+a9meWMRPDNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4g9evXDyVHrYrQAAHqRL4185edr9HwAeK5f9+x8AAAAAAAAAAAAAAA67FEU8HSnmL62nyep9R/1iu+/mrYmR0R1rDeQ8UpUvv+qnTp85+8UXh89182J79u71991n4vXxyxcar8zdmF+YXlycnmpMzLavzk1N73oLe62/3VB1ABo33rw5de3aYuP0C2e2rL41+GH/k8cGzw8/d+LZbtmJkdHR8c0i9d7ytftuSMfdRngcjSJORIrnv/Pj1IqIIvZ+LOoP9txvN1B1YqjqxMTIaNWRmXZrdqlcOdY9EEVEo6dSc8sxuuNcRK3vQTX/HpoRy2XzywYPld0bn28ttK7MTDfGWgtL7aX23OxY6rS27E8jijiXIlYiYq3/zs31RRG1SPGtp9bTleo7Oh+HL1QDg+/ejuIA+7gLZTsbfRErxeb32qE9Z4dYfxTxWqT4yXvH42q+zlTXms9HvFbm9yLeKfPliFR+MM5GfLDD54hHUy2K+Mvy/J9fT1PV9aB7Xbn41caXZ6/N9ZTtXld+yfvDHVeKh3R/GNiWD8YhvzbVo4hWdcVfT/f/lx0AAAAAAAAAAAAAAAAA9ttAFPHpSPHqf/xJNa44qnHpT50f/sPBX+0dM/7MPbZTln0hIpaL3Y3JPZoHBo6lsZQe8ljix1k9ivjTPP7vGw+7MQAAAAAAAAAAAAAAAAAAAI+1In4UKV56/3haid45xduz1xuXW1dmOrPCduf+7c6ZvrGxsdFInWzmnMy5nHMl52rOtZxR5Po5mzkncy7nXMm5mnMtZxzJ9XM2c07mXM65knM151rOqOX6OZs5J3Mu51zJuZpzLWcckrl7AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Sooo4meR4ptfW0+RIqIZMRmdXO1/2K0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEr9qYjvRorGHzVvL6tFRKr+7zhe/nE2mkfL/Hg0h8t8OZoXcraqrDW/8RDaz970pSJ+GCn66+/ePuH5/Pd13t3+GMQ7X99895laJ490Vw5+2P/ksafOD4/+xjN3e512asDQxfbszVuNiZHR0fGexbW894/3LBvM+y32p+tExOJbb7/ZmpmZXrj/F+VHYA/VH6EXqfa49NSL6kXUDkUzHk7feQyU9/8PIsXvvv+f3Rt+5/5fj1/pvLt9h4+f/tnm/f+l7Rva5f2/tr1evv+X9/Sd7v9P9yx7Kf9tpK8WUV+6Md93LKK++NbbJ9o3Wtenr0/Pnj158kvDw186c7LvaET9WntmuufVvhwuAAAAAAAAAAAAAAAAgAcnFfH7kaL1w/XUiIhb1XitwfPDz5149kgcqcZbbRm3/fr45QuNV+ZuzC9MLy5OTzUmZttX56amd7u7ejXca2Jk9EA6c08DB9z+gforc/NvLbSv//HSjuufqF+4sri00Lq68+oYiCKi2btkqGrwxMho1eiZdmu2qjq242D6X15fKuK/IsXVs430ubwsj//fPsJ/y/j/5e0bOqDx/x/rWVbuM6UifhopfuevnonPRQy+kdc1t222LPd3kWLo3GfLcmW7j5bHttuGznMFOiMDy7L/Fyn+6Wdby3bHQz69WfbUrg7qI6Q8/09Fiu/+xbfjN/Oyrc9/2Pn8P7F9Qwd0/j/Rs+yJLc8r2HPXyef/RKR4+el347fysl/0/I/uszeO58K3n89xQOf/kz3LBvN+f3t/ug4AAAAAAAAAAPBI60tF/H2k+P5oLb2Yl+3m9/+mtm/ogH7/61M9y6b2Z76ie77Y80EFAAAAgEOiLxXxo0hxfend22Oot47/7hn/+Xub4z9H0ra11c/5fq16bsB+/vyv12De7+Teuw0AAAAAAAAAAAAAAAAAAACHSkpFvJjnU5+sxvNPxR1z0Odyq5Hi1f95PpdLx8py3XngB6s/65fmZk9cmJmZu9paal2ZmW6Mz7fq3S3E+t9+NtctqvnVu/PNd+Z435yLfSFSjP5Dt2xnLvbu3OSf2Cx7qiz7sUjx3/+4tWx3HutPbpY9XZb9m0jxxr/sXPbYZtkzZdlvR4ofvNHoln2iLNt9PuqnNsu+cHWu2OczAgAAAAAAAAAAAAAAAAAAwOOoLxXx55Hif2+s3B7Ln+f/7+t5W3nn6z3z/W9zq5rnf7Ca//9ur+9n/v/quQLLd9srAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8NKUo4u1IMX9pPa32l+876hfbszdvTYyM7lxtIFU1j1Tly6/6qdNnzn7xxeFz3fzF9ffbp+P18csXGq/M3ZhfmF5cnJ5qTMy2r85NTe96C3utv91QdQAaN968OXXt2mLj9Atntqy+Nfhh/5PHBs8PP3fi2W7ZiZHR0fGeMrW++977HdJdlh+NIv46Ujz/nR+n7/dHFLH3Y3GPz85BG6g6MVR1YmJktOrITLs1u1SuHOseiCKi0VOp2T1GD+Bc7EkzYrlsftngobJ74/OthdaVmenGWGthqb3UnpsdS53Wlv1pRBHnUsRKRKz137m5vijizUjxrafW07/2RxzpHocvXBr/ysnTd29HcYB93IWynY2+iJXiEThnh1h/FPHPkeIn7x2Pf+uPqEXnKz4f8VqZ34t4JzrnO5UfjLMRH+zwOeLRVIsi/r88/+fX03v95fWge125+NXGl2evzfWU7V5XHvn7w4N0yK9N9SjiB9UVfz39u+9rAAAAAAAAAAAAAAAAgEOkiF+PFC+9fzxV44Nvjyluz15vXG5dmekM6+uO/euOmd7Y2NhopE42c07mXM65knM151rOKHL9nM0y6xsbk/n9cs6VnKs513LGkVw/ZzPnZM7lnCs5V3Ou5Yxarp+zmXMy53LOlZyrOddyxiEZuwcAAAAAAAAAAAAAAAAAAHy0FNV/Kb75tfW00d+ZX3oyOrlqPtCPvJ8HAAD//6BZ9m0=")
r7 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r7)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0xdb, 0x9d, 0x1b, 0x8, 0x12d1, 0xfae2, 0x708b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x4, 0x1a}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r7, 0x4004550e, &(0x7f00000000c0)=0x80000001)
r8 = openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
getdents64(r8, &(0x7f0000000140)=""/46, 0x2e)
getdents64(r8, 0xfffffffffffffffe, 0x29)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ff4000/0x3000)=nil, &(0x7f0000003000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff4000/0x9000)=nil, &(0x7f0000004000/0x2000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000003000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, 0x0}, 0x68)

[   73.896603][ T4705] Bluetooth: hci0: command tx timeout
[   73.982478][   T26] audit: type=1800 audit(1754476922.003:2): pid=5356 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="tmpfs" ino=18 res=0 errno=0
[   74.008661][ T5356] loop0: detected capacity change from 0 to 2048
[   74.526561][ T5349] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   74.656763][ T5349] usb 5-1: device descriptor read/64, error -71
[   74.896531][ T5349] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   75.036429][ T5349] usb 5-1: device descriptor read/64, error -71
[   75.147035][ T5349] usb usb5-port1: attempt power cycle
[   75.486832][ T5349] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   75.507910][ T5349] usb 5-1: device descriptor read/8, error -71
[   75.746477][ T5349] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   75.768414][ T5349] usb 5-1: device descriptor read/8, error -71
[   75.877885][ T5349] usb usb5-port1: unable to enumerate USB device
[   75.927099][ T4705] Bluetooth: hci0: command tx timeout
[   76.489829][ T1315] ieee802154 phy0 wpan0: encryption failed: -22
[   76.493057][ T1315] ieee802154 phy1 wpan1: encryption failed: -22
[   76.877636][    C0] 
[   76.878918][    C0] =============================
[   76.880996][    C0] [ BUG: Invalid wait context ]
[   76.883161][    C0] 6.16.0-syzkaller-11852-g479058002c32 #0 Not tainted
[   76.886026][    C0] -----------------------------
[   76.888042][    C0] swapper/0/0 is trying to lock:
[   76.890139][    C0] ffff8880523f5410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.894307][    C0] other info that might help us debug this:
[   76.897127][    C0] context-{2:2}
[   76.898912][    C0] 1 lock held by swapper/0/0:
[   76.901176][    C0]  #0: ffff8880523f5960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   76.905370][    C0] stack backtrace:
[   76.907001][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-syzkaller-11852-g479058002c32 #0 PREEMPT(full) 
[   76.907013][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.907019][    C0] Call Trace:
[   76.907026][    C0]  <IRQ>
[   76.907033][    C0]  dump_stack_lvl+0x189/0x250
[   76.907049][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   76.907059][    C0]  ? __pfx__printk+0x10/0x10
[   76.907073][    C0]  ? print_lock_name+0xde/0x100
[   76.907083][    C0]  __lock_acquire+0xbcb/0xd20
[   76.907134][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.907140][    C0]  lock_acquire+0x120/0x360
[   76.907147][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.907154][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   76.907184][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.907190][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   76.907195][    C0]  ? xa_load+0x1ea/0x210
[   76.907217][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   76.907225][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   76.907239][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.907247][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   76.907256][    C0]  xen_timer_callback+0x109/0x220
[   76.907266][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   76.907278][    C0]  __hrtimer_run_queues+0x4e0/0xc60
[   76.907292][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   76.907302][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   76.907318][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[   76.907330][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   76.907341][    C0]  </IRQ>
[   76.907344][    C0]  <TASK>
[   76.907348][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   76.907361][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[   76.907372][    C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 a7 0d 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[   76.907379][    C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2
[   76.907390][    C0] RAX: 3b5278a497da7d00 RBX: ffffffff81968308 RCX: 3b5278a497da7d00
[   76.907397][    C0] RDX: 0000000000000001 RSI: ffffffff8d9b70c1 RDI: ffffffff8be33800
[   76.907402][    C0] RBP: ffffffff8de07eb8 R08: ffff88801fc32f9b R09: 1ffff11003f865f3
[   76.907409][    C0] R10: dffffc0000000000 R11: ffffed1003f865f4 R12: ffffffff8fa36230
[   76.907416][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20
[   76.907423][    C0]  ? do_idle+0x1e8/0x510
[   76.907434][    C0]  default_idle+0x13/0x20
[   76.907445][    C0]  default_idle_call+0x74/0xb0
[   76.907455][    C0]  do_idle+0x1e8/0x510
[   76.907464][    C0]  ? __pfx_do_idle+0x10/0x10
[   76.907473][    C0]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   76.907482][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   76.907492][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   76.907502][    C0]  cpu_startup_entry+0x44/0x60
[   76.907510][    C0]  rest_init+0x2de/0x300
[   76.907522][    C0]  start_kernel+0x3a9/0x410
[   76.907575][    C0]  x86_64_start_reservations+0x24/0x30
[   76.907588][    C0]  x86_64_start_kernel+0x143/0x1c0
[   76.907600][    C0]  common_startup_64+0x13e/0x147
[   76.907616][    C0]  </TASK>
[   77.069934][ T5356] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium