program:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000000000098020000000000000004000000000000dd7b12dae354c39b181cf13edab9b6037e560aefaf8c432c9b31d1f1b123270b8a8c7a73d0ba840385b7facd8a864d9d7b641340f2bb3256068d8daa876e478310273df10239e3568832f7215f7f12a3dfea49c178bc826a397b4f971561442cceb6105c91f309d78ca8e348ea8deafb91fff052f8a0369213ad1aac241a4458351f1977894bf9e05ef929e68065a8224148d853124ddc1d1034320922eb96046b3b668285ccdf2ea511792f64eda5df5fa360b8deef0e2acc2938157c3d40ae826ee30b25e3f77459c677a1075e19"]) (async)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000000000098020000000000000004000000000000dd7b12dae354c39b181cf13edab9b6037e560aefaf8c432c9b31d1f1b123270b8a8c7a73d0ba840385b7facd8a864d9d7b641340f2bb3256068d8daa876e478310273df10239e3568832f7215f7f12a3dfea49c178bc826a397b4f971561442cceb6105c91f309d78ca8e348ea8deafb91fff052f8a0369213ad1aac241a4458351f1977894bf9e05ef929e68065a8224148d853124ddc1d1034320922eb96046b3b668285ccdf2ea511792f64eda5df5fa360b8deef0e2acc2938157c3d40ae826ee30b25e3f77459c677a1075e19"])
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="3400000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="29cf626f6e64000000000400028000"/28], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x0)
write(r0, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000490000000000000008000f0001000000", 0x24) (async)
write(r0, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000490000000000000008000f0001000000", 0x24)
r5 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r5, 0x0, 0x0)
capset(0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) (async)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000200)='net/ipv6_route\x00')
socket$kcm(0x10, 0x2, 0x0) (async)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="d80000001800eb054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f00060004010c00080008000c4004000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cb8b4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e002c2a73ae028d1b34ff4f8cc430bb5a360db598262f3d40fad9e3bb9ad809d5e1cace81ed0bffece8b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d930000", 0xd8}], 0x1}, 0x0) (async)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="d80000001800eb054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f00060004010c00080008000c4004000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cb8b4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e002c2a73ae028d1b34ff4f8cc430bb5a360db598262f3d40fad9e3bb9ad809d5e1cace81ed0bffece8b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d930000", 0xd8}], 0x1}, 0x0)
read$FUSE(r6, &(0x7f0000003080)={0x2020}, 0x2020)
gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f00000001c0)="529f22eee946b01c8c83e91d0b8e42a092", &(0x7f00000004c0)="0e21bae59eb340445a7a91fd48cd106a2a09cbc8e9bd561a4685925651e6d3b07f8c335fb8e858a38d10aa289eb86449ca57515115ab635d201bc993854243f91c60b2771af6f983050d59d5449bc4755f062b0a00b70817673a198a6fab13ab9c374d55c069ad7a0b34901a1ad8ef96ae8a5a91811f681dde8c884b5356a32141875d25bdb413611ecb2be1a60beca19f6145d7a5fb94ec99e60ca696489601099fe166381e00a194dea351c7cf21d5f60d5925ec167b944350558a485f38065ee638d16b245f146aa5"}}, &(0x7f0000bbdffc))
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000300)='wg0\x00', 0x4) (async)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000300)='wg0\x00', 0x4)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xc}]}}}]}]}], {0x14}}, 0x74}}, 0x0)
pipe2(&(0x7f00000000c0), 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, 0x0)

[  108.322729][ T5311] Bluetooth: hci0: command tx timeout
[  108.441224][ T5324] netlink: 20 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.449503][ T5325] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.452821][ T5324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.460902][ T5324] netlink: 'syz.0.0': attribute type 21 has an invalid length.
[  108.463990][ T5324] netlink: 156 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.467735][ T5325] netlink: 'syz.0.0': attribute type 21 has an invalid length.
[  108.471669][ T5325] netlink: 156 bytes leftover after parsing attributes in process `syz.0.0'.
[  108.697938][    C0] 
[  108.698851][    C0] =============================
[  108.700541][    C0] [ BUG: Invalid wait context ]
[  108.702209][    C0] 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted
[  108.704559][    C0] -----------------------------
[  108.706268][    C0] syz.0.0/5323 is trying to lock:
[  108.708233][    C0] ffff88801fc3aaf0 (batched_entropy_u8.lock){-.-.}-{3:3}, at: get_random_u8+0x1a0/0xaa0
[  108.711852][    C0] other info that might help us debug this:
[  108.713932][    C0] context-{2:2}
[  108.715165][    C0] 1 lock held by syz.0.0/5323:
[  108.717049][    C0]  #0: ffff88801ac6a9e0 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0xaa/0x120
[  108.720746][    C0] stack backtrace:
[  108.722212][    C0] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0
[  108.722224][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  108.722230][    C0] Call Trace:
[  108.722237][    C0]  <IRQ>
[  108.722242][    C0]  dump_stack_lvl+0x241/0x360
[  108.722258][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  108.722268][    C0]  ? __pfx__printk+0x10/0x10
[  108.722284][    C0]  __lock_acquire+0x15a8/0x2100
[  108.722302][    C0]  lock_acquire+0x1ed/0x550
[  108.722312][    C0]  ? get_random_u8+0x1a0/0xaa0
[  108.722324][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  108.722339][    C0]  get_random_u8+0x1bd/0xaa0
[  108.722349][    C0]  ? get_random_u8+0x1a0/0xaa0
[  108.722359][    C0]  ? get_random_u8+0x1a0/0xaa0
[  108.722370][    C0]  ? __pfx_get_random_u8+0x10/0x10
[  108.722382][    C0]  ? is_bpf_text_address+0x285/0x2a0
[  108.722394][    C0]  ? is_bpf_text_address+0x26/0x2a0
[  108.722404][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  108.722416][    C0]  ? kernel_text_address+0xa7/0xe0
[  108.722425][    C0]  ? __kernel_text_address+0xd/0x40
[  108.722434][    C0]  ? unwind_get_return_address+0x4d/0x90
[  108.722448][    C0]  ? arch_stack_walk+0xfd/0x150
[  108.722464][    C0]  kfence_guarded_alloc+0x9c/0xcd0
[  108.722479][    C0]  ? __pfx_kfence_guarded_alloc+0x10/0x10
[  108.722491][    C0]  ? __irq_work_queue_local+0x115/0x410
[  108.722503][    C0]  ? get_alloc_stack_hash+0x3c0/0x760
[  108.722515][    C0]  __kfence_alloc+0x344/0x370
[  108.722527][    C0]  ? __pfx___kfence_alloc+0x10/0x10
[  108.722538][    C0]  ? __kfence_alloc+0x274/0x370
[  108.722549][    C0]  ? __kmalloc_cache_noprof+0x2dd/0x390
[  108.722559][    C0]  ? __set_page_owner+0x55f/0x800
[  108.722569][    C0]  ? post_alloc_hook+0x1f3/0x230
[  108.722579][    C0]  ? get_page_from_freelist+0x365c/0x37a0
[  108.722590][    C0]  ? __alloc_pages_noprof+0x292/0x710
[  108.722601][    C0]  ? alloc_pages_mpol_noprof+0x3e1/0x780
[  108.722615][    C0]  ? stack_depot_save_flags+0x72d/0x940
[  108.722624][    C0]  ? kasan_save_stack+0x4f/0x60
[  108.722635][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[  108.722645][    C0]  ? task_work_add+0xd9/0x490
[  108.722657][    C0]  ? run_posix_cpu_timers+0x6ac/0x810
[  108.722667][    C0]  ? tick_nohz_handler+0x37c/0x500
[  108.722677][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[  108.722689][    C0]  ? hrtimer_interrupt+0x403/0xa40
[  108.722701][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  108.722714][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[  108.722768][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.722780][    C0]  ? lock_acquire+0x264/0x550
[  108.722791][    C0]  ? __might_fault+0xc6/0x120
[  108.722802][    C0]  ? __rseq_handle_notify_resume+0x120/0x14e0
[  108.722814][    C0]  ? syscall_exit_to_user_mode+0x115/0x340
[  108.722824][    C0]  ? do_syscall_64+0x100/0x230
[  108.722835][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.722853][    C0]  ? __pfx_lock_release+0x10/0x10
[  108.722863][    C0]  ? alloc_pages_mpol_noprof+0x3e1/0x780
[  108.722876][    C0]  ? kasan_save_stack+0x4f/0x60
[  108.722886][    C0]  ? task_work_add+0xd9/0x490
[  108.722900][    C0]  __kmalloc_cache_noprof+0x2dd/0x390
[  108.722910][    C0]  ? __set_page_owner+0x55f/0x800
[  108.722922][    C0]  __set_page_owner+0x55f/0x800
[  108.722936][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  108.722949][    C0]  post_alloc_hook+0x1f3/0x230
[  108.722960][    C0]  get_page_from_freelist+0x365c/0x37a0
[  108.722982][    C0]  __alloc_pages_noprof+0x292/0x710
[  108.722995][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  108.723008][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  108.723019][    C0]  ? __kernel_text_address+0xd/0x40
[  108.723029][    C0]  ? unwind_get_return_address+0x4d/0x90
[  108.723042][    C0]  alloc_pages_mpol_noprof+0x3e1/0x780
[  108.723058][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  108.723071][    C0]  ? stack_trace_save+0x118/0x1d0
[  108.723082][    C0]  ? alloc_pages_noprof+0x43/0x170
[  108.723091][    C0]  stack_depot_save_flags+0x72d/0x940
[  108.723103][    C0]  kasan_save_stack+0x4f/0x60
[  108.723121][    C0]  ? kasan_save_stack+0x3f/0x60
[  108.723132][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[  108.723141][    C0]  ? task_work_add+0xd9/0x490
[  108.723153][    C0]  ? run_posix_cpu_timers+0x6ac/0x810
[  108.723161][    C0]  ? tick_nohz_handler+0x37c/0x500
[  108.723171][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[  108.723183][    C0]  ? hrtimer_interrupt+0x403/0xa40
[  108.723196][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  108.723208][    C0]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[  108.723217][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.723228][    C0]  ? lock_acquire+0x264/0x550
[  108.723239][    C0]  ? __might_fault+0xc6/0x120
[  108.723249][    C0]  ? __rseq_handle_notify_resume+0x120/0x14e0
[  108.723260][    C0]  ? syscall_exit_to_user_mode+0x115/0x340
[  108.723270][    C0]  ? do_syscall_64+0x100/0x230
[  108.723281][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.723299][    C0]  ? __phys_addr+0xba/0x170
[  108.723312][    C0]  __kasan_record_aux_stack+0xac/0xc0
[  108.723321][    C0]  task_work_add+0xd9/0x490
[  108.723334][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  108.723346][    C0]  ? __pfx_task_work_add+0x10/0x10
[  108.723359][    C0]  run_posix_cpu_timers+0x6ac/0x810
[  108.723397][    C0]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  108.723409][    C0]  ? sched_balance_trigger+0x51/0x890
[  108.723423][    C0]  tick_nohz_handler+0x37c/0x500
[  108.723434][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  108.723445][    C0]  __hrtimer_run_queues+0x551/0xd30
[  108.723459][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  108.723467][    C0]  ? kvm_clock_get_cycles+0x52/0x70
[  108.723473][    C0]  ? ktime_get_update_offsets_now+0x38e/0x3b0
[  108.723482][    C0]  hrtimer_interrupt+0x403/0xa40
[  108.723492][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[  108.723500][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[  108.723510][    C0]  </IRQ>
[  108.723513][    C0]  <TASK>
[  108.723516][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  108.723528][    C0] RIP: 0010:lock_acquire+0x264/0x550
[  108.723542][    C0] Code: 2b 00 74 08 4c 89 f7 e8 ca 40 8b 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  108.723549][    C0] RSP: 0018:ffffc9000d38fc00 EFLAGS: 00000206
[  108.723560][    C0] RAX: 0000000000000001 RBX: 1ffff92001a71f8c RCX: ffff88801f46d358
[  108.723566][    C0] RDX: dffffc0000000000 RSI: ffffffff8c0aa400 RDI: ffffffff8c602960
[  108.723572][    C0] RBP: ffffc9000d38fd58 R08: ffffffff942f987f R09: 1ffffffff285f30f
[  108.723580][    C0] R10: dffffc0000000000 R11: fffffbfff285f310 R12: 1ffff92001a71f88
[  108.723586][    C0] R13: dffffc0000000000 R14: ffffc9000d38fc60 R15: 0000000000000246
[  108.723597][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  108.723609][    C0]  ? __pfx___might_resched+0x10/0x10
[  108.723620][    C0]  ? __asan_memset+0x23/0x50
[  108.723631][    C0]  ? __hrtimer_init+0x170/0x250
[  108.723644][    C0]  ? hrtimer_nanosleep+0x350/0x410
[  108.723653][    C0]  ? __might_fault+0xc6/0x120
[  108.723664][    C0]  ? __might_fault+0xaa/0x120
[  108.723674][    C0]  __might_fault+0xc6/0x120
[  108.723684][    C0]  ? __might_fault+0xaa/0x120
[  108.723694][    C0]  __rseq_handle_notify_resume+0x120/0x14e0
[  108.723707][    C0]  ? __pfx___rseq_handle_notify_resume+0x10/0x10
[  108.723720][    C0]  ? syscall_exit_to_user_mode+0xa3/0x340
[  108.723731][    C0]  syscall_exit_to_user_mode+0x115/0x340
[  108.723742][    C0]  do_syscall_64+0x100/0x230
[  108.723753][    C0]  ? clear_bhb_loop+0x35/0x90
[  108.723766][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.723778][    C0] RIP: 0033:0x7fd1319bf5e5
[  108.723788][    C0] Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8
[  108.723795][    C0] RSP: 002b:00007ffd8e71aa70 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  108.723805][    C0] RAX: 0000000000000000 RBX: 00007fd131ba5fa0 RCX: 00007fd1319bf5e5
[  108.723811][    C0] RDX: 00007ffd8e71aab0 RSI: 0000000000000000 RDI: 0000000000000000
[  108.723817][    C0] RBP: 00007fd131ba7ba0 R08: 0000000000000000 R09: 7fffffffffffffff
[  108.723823][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000001a94f
[  108.723829][    C0] R13: 00007fd131ba6080 R14: 0000000000000032 R15: ffffffffffffffff
[  108.723838][    C0]  </TASK>