program:
r0 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000))
timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{}, {0x0, 0x9}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

[   57.799207][    C0] 
[   57.800605][    C0] =============================
[   57.802464][    C0] [ BUG: Invalid wait context ]
[   57.804290][    C0] 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0 Not tainted
[   57.806950][    C0] -----------------------------
[   57.808788][    C0] syz.0.0/5314 is trying to lock:
[   57.810919][    C0] ffff88805ffd7298 (&zone->lock){-.-.}-{3:3}, at: get_page_from_freelist+0xb3d/0x37a0
[   57.814587][    C0] other info that might help us debug this:
[   57.816550][    C0] context-{2:2}
[   57.817848][    C0] 2 locks held by syz.0.0/5314:
[   57.819569][    C0]  #0: ffff888040fded20 (&mm->mmap_lock){++++}-{4:4}, at: __mm_populate+0x1b0/0x460
[   57.822987][    C0]  #1: ffff88801fc44ad8 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d3/0x37a0
[   57.826680][    C0] stack backtrace:
[   57.828040][    C0] CPU: 0 UID: 0 PID: 5314 Comm: syz.0.0 Not tainted 6.13.0-rc7-syzkaller-00149-g9bffa1ad25b8 #0
[   57.831764][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   57.835952][    C0] Call Trace:
[   57.837193][    C0]  <IRQ>
[   57.838300][    C0]  dump_stack_lvl+0x241/0x360
[   57.840192][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   57.842205][    C0]  ? __pfx__printk+0x10/0x10
[   57.843937][    C0]  __lock_acquire+0x15a8/0x2100
[   57.845763][    C0]  lock_acquire+0x1ed/0x550
[   57.847565][    C0]  ? get_page_from_freelist+0xb3d/0x37a0
[   57.849737][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   57.851639][    C0]  ? mark_lock+0x9a/0x360
[   57.853269][    C0]  ? validate_chain+0x11e/0x5920
[   57.855186][    C0]  _raw_spin_lock_irqsave+0xd5/0x120
[   57.856999][    C0]  ? get_page_from_freelist+0xb3d/0x37a0
[   57.859050][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[   57.861305][    C0]  get_page_from_freelist+0xb3d/0x37a0
[   57.863344][    C0]  __alloc_pages_noprof+0x292/0x710
[   57.865415][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   57.867601][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   57.870086][    C0]  ? __kernel_text_address+0xd/0x40
[   57.872205][    C0]  ? unwind_get_return_address+0x4d/0x90
[   57.874594][    C0]  alloc_pages_mpol_noprof+0x3e1/0x780
[   57.876623][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   57.878897][    C0]  ? stack_trace_save+0x118/0x1d0
[   57.880769][    C0]  ? alloc_pages_noprof+0x43/0x170
[   57.882690][    C0]  stack_depot_save_flags+0x72d/0x940
[   57.885562][    C0]  kasan_save_stack+0x4f/0x60
[   57.887301][    C0]  ? kasan_save_stack+0x3f/0x60
[   57.889099][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[   57.890929][    C0]  ? task_work_add+0xd9/0x490
[   57.892738][    C0]  ? run_posix_cpu_timers+0x6ac/0x810
[   57.894909][    C0]  ? tick_nohz_handler+0x37c/0x500
[   57.897637][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[   57.899630][    C0]  ? hrtimer_interrupt+0x403/0xa40
[   57.901469][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[   57.903756][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[   57.905906][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   57.908206][    C0]  ? __pfx___rmqueue_pcplist+0x10/0x10
[   57.910274][    C0]  ? get_page_from_freelist+0x886/0x37a0
[   57.912335][    C0]  ? __alloc_pages_noprof+0x292/0x710
[   57.914426][    C0]  ? alloc_pages_mpol_noprof+0x3e1/0x780
[   57.916520][    C0]  ? folio_alloc_mpol_noprof+0x36/0x50
[   57.918624][    C0]  ? shmem_alloc_and_add_folio+0x4a0/0x1080
[   57.920964][    C0]  ? shmem_get_folio_gfp+0x621/0x1840
[   57.923061][    C0]  ? shmem_fault+0x220/0x5b0
[   57.924807][    C0]  ? __do_fault+0x135/0x390
[   57.926564][    C0]  ? handle_pte_fault+0x39eb/0x5ed0
[   57.928526][    C0]  ? handle_mm_fault+0x1106/0x1bb0
[   57.930583][    C0]  ? __get_user_pages+0x1c82/0x49e0
[   57.932507][    C0]  ? populate_vma_page_range+0x264/0x330
[   57.934577][    C0]  ? __mm_populate+0x27a/0x460
[   57.936407][    C0]  ? vm_mmap_pgoff+0x2c3/0x3d0
[   57.938351][    C0]  ? do_syscall_64+0xf3/0x230
[   57.940657][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.943389][    C0]  ? __phys_addr+0xba/0x170
[   57.945125][    C0]  __kasan_record_aux_stack+0xac/0xc0
[   57.947126][    C0]  task_work_add+0xd9/0x490
[   57.948837][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   57.950785][    C0]  ? __pfx_task_work_add+0x10/0x10
[   57.952630][    C0]  run_posix_cpu_timers+0x6ac/0x810
[   57.954615][    C0]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[   57.956626][    C0]  ? sched_balance_trigger+0x51/0x890
[   57.958640][    C0]  tick_nohz_handler+0x37c/0x500
[   57.960431][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[   57.962466][    C0]  __hrtimer_run_queues+0x551/0xd30
[   57.964398][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   57.966611][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[   57.968575][    C0]  ? ktime_get_update_offsets_now+0x393/0x3b0
[   57.970886][    C0]  hrtimer_interrupt+0x403/0xa40
[   57.972767][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[   57.975222][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   57.977322][    C0]  </IRQ>
[   57.978466][    C0]  <TASK>
[   57.979628][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   57.981931][    C0] RIP: 0010:__rmqueue_pcplist+0x0/0x2a90
[   57.984087][    C0] Code: c7 e0 77 a3 8e e8 b0 02 03 03 e9 dc fe ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <55> 41 57 41 56 41 55 41 54 53 48 81 ec 78 01 00 00 4d 89 cc 4d 89
[   57.991119][    C0] RSP: 0018:ffffc9000d256b70 EFLAGS: 00000202
[   57.993369][    C0] RAX: 0000000000000000 RBX: ffff88801fc44ac0 RCX: 0000000000000881
[   57.996295][    C0] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88805ffd6c80
[   57.999287][    C0] RBP: 0000000000000010 R08: ffff88801fc44ac0 R09: ffff88801fc44b30
[   58.002131][    C0] R10: dffffc0000000000 R11: fffffbfff2854b11 R12: 0000000000000001
[   58.004915][    C0] R13: 0000000000000000 R14: 0000000000003241 R15: ffff88802fffbc80
[   58.007981][    C0]  get_page_from_freelist+0x886/0x37a0
[   58.009972][    C0]  ? __pfx___might_resched+0x10/0x10
[   58.011951][    C0]  ? __lock_acquire+0x1397/0x2100
[   58.013799][    C0]  __alloc_pages_noprof+0x292/0x710
[   58.015818][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[   58.017946][    C0]  alloc_pages_mpol_noprof+0x3e1/0x780
[   58.019994][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[   58.022186][    C0]  ? __pfx_lock_release+0x10/0x10
[   58.024019][    C0]  folio_alloc_mpol_noprof+0x36/0x50
[   58.025984][    C0]  shmem_alloc_and_add_folio+0x4a0/0x1080
[   58.028285][    C0]  ? __pfx_filemap_get_entry+0x10/0x10
[   58.030367][    C0]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[   58.032706][    C0]  ? shmem_allowable_huge_orders+0x615/0x680
[   58.034872][    C0]  shmem_get_folio_gfp+0x621/0x1840
[   58.036909][    C0]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[   58.039049][    C0]  shmem_fault+0x220/0x5b0
[   58.040503][    C0]  ? __pfx_shmem_fault+0x10/0x10
[   58.042168][    C0]  ? __pfx_lock_release+0x10/0x10
[   58.044008][    C0]  ? handle_pte_fault+0x295a/0x5ed0
[   58.045856][    C0]  __do_fault+0x135/0x390
[   58.047412][    C0]  ? handle_pte_fault+0x295a/0x5ed0
[   58.049381][    C0]  handle_pte_fault+0x39eb/0x5ed0
[   58.051337][    C0]  ? __lock_acquire+0x1397/0x2100
[   58.053307][    C0]  ? __pfx_handle_pte_fault+0x10/0x10
[   58.055252][    C0]  ? __lock_acquire+0x1397/0x2100
[   58.057116][    C0]  ? __pfx_lock_acquire+0x10/0x10
[   58.059097][    C0]  ? count_memcg_event_mm+0x94/0x420
[   58.060952][    C0]  ? do_raw_spin_lock+0x14f/0x370
[   58.062812][    C0]  handle_mm_fault+0x1106/0x1bb0
[   58.064612][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[   58.066500][    C0]  ? follow_page_pte+0x97f/0x1ca0
[   58.068353][    C0]  ? __pfx_find_vma+0x10/0x10
[   58.070087][    C0]  ? vma_is_secretmem+0xd/0x50
[   58.071873][    C0]  ? check_vma_flags+0x4fa/0x5a0
[   58.073623][    C0]  __get_user_pages+0x1c82/0x49e0
[   58.075564][    C0]  ? __pfx___get_user_pages+0x10/0x10
[   58.077582][    C0]  ? __pfx_mt_find+0x10/0x10
[   58.079372][    C0]  populate_vma_page_range+0x264/0x330
[   58.081413][    C0]  ? __pfx_populate_vma_page_range+0x10/0x10
[   58.083621][    C0]  ? userfaultfd_unmap_complete+0x30c/0x360
[   58.085876][    C0]  ? do_mmap+0x9e2/0x10d0
[   58.087521][    C0]  __mm_populate+0x27a/0x460
[   58.089262][    C0]  ? __pfx___mm_populate+0x10/0x10
[   58.091221][    C0]  vm_mmap_pgoff+0x2c3/0x3d0
[   58.092991][    C0]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[   58.095092][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   58.097527][    C0]  ? do_syscall_64+0x100/0x230
[   58.099411][    C0]  ? ksys_mmap_pgoff+0xdf/0x720
[   58.101288][    C0]  ? __x64_sys_mmap+0x7f/0x140
[   58.103877][    C0]  do_syscall_64+0xf3/0x230
[   58.105592][    C0]  ? clear_bhb_loop+0x35/0x90
[   58.107391][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.109541][    C0] RIP: 0033:0x7f7971b85d29
[   58.111344][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.118603][    C0] RSP: 002b:00007f7972a9c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   58.121731][    C0] RAX: ffffffffffffffda RBX: 00007f7971d75fa0 RCX: 00007f7971b85d29
[   58.124697][    C0] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000000020000000
[   58.127358][    C0] RBP: 00007f7971c01b08 R08: ffffffffffffffff R09: 0000000000000000
[   58.130033][    C0] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[   58.133089][    C0] R13: 0000000000000000 R14: 00007f7971d75fa0 R15: 00007ffdffc5a528
[   58.136159][    C0]  </TASK>
[   58.145975][ T5301] Bluetooth: hci0: command tx timeout