program:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r0, &(0x7f00000003c0)='@', 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r7, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0x7, 0xffffffff, 0x2dc43c0faeff3249, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x8001, 0x27, 0x7, 0x7f}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x80000000, 0x0, 0x5, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7ff, 0xffffffff}, {0x80000008, 0x3bf, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]})
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void}, 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="80000000080211000001080211000001080211000000000000000000000000006400010005037c200825030002"], 0x64)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000280)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random=0x9, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val, @void, @void, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0xffffffffffffffff, 0x1, 0x1, 0x0, 0x4, 0x21}}}, 0x3f)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB="80000000ffffffffffff080211000000080211"], 0x32)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x7b, &(0x7f0000000000)=@assoc_value={<r8=>0x0}, &(0x7f0000000080)=0x8)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r9, 0x80186e82, &(0x7f0000000080)={@id={0x20000000, 0x0, @auto="660000003800a73e1baeff79da3b89f5"}})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x8, '\x00', 0x0, r9, 0x3, 0x3, 0x1}, 0x50)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r8, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, &(0x7f0000000180)=0x9c)
r10 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {0xa, 0x10, 0x0, 0x0, 0x1f}, [@FRA_DST={0x14, 0x1, @empty}, @FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'lo\x00'}]}, 0x44}}, 0x0)
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r11, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)

[   85.456716][ T4708] Bluetooth: hci0: command tx timeout
[   85.616961][ T5369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.645827][   T10] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01)
[   85.649568][   T10] wlan1: send auth to 08:02:11:00:00:00 (try 1/3)
[   85.675869][ T1044] wlan1: authenticated
[   85.678009][ T5371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.684439][ T1044] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1)
[   85.688247][ T5369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.694610][ T1044] wlan1: associated
[   85.703159][ T5369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.709990][ T5369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   85.718131][ T5369] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   86.514470][  T795] cfg80211: failed to load regulatory.db
[   87.533210][ T4708] Bluetooth: hci0: command tx timeout
[   88.524779][    C0] 
[   88.526010][    C0] =============================
[   88.528415][    C0] [ BUG: Invalid wait context ]
[   88.530666][    C0] syzkaller #0 Not tainted
[   88.532666][    C0] -----------------------------
[   88.534842][    C0] kworker/u4:1/14 is trying to lock:
[   88.537071][    C0] ffff888052eb5410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   88.541029][    C0] other info that might help us debug this:
[   88.543462][    C0] context-{2:2}
[   88.545062][    C0] 3 locks held by kworker/u4:1/14:
[   88.547243][    C0]  #0: ffff88803ee3f948 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[   88.552229][    C0]  #1: ffffc9000040fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[   88.558197][    C0]  #2: ffff888052eb5960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   88.562537][    C0] stack backtrace:
[   88.564197][    C0] CPU: 0 UID: 0 PID: 14 Comm: kworker/u4:1 Not tainted syzkaller #0 PREEMPT(full) 
[   88.564212][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   88.564220][    C0] Workqueue: bat_events batadv_nc_worker
[   88.564277][    C0] Call Trace:
[   88.564284][    C0]  <IRQ>
[   88.564289][    C0]  dump_stack_lvl+0x189/0x250
[   88.564303][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.564312][    C0]  ? __pfx__printk+0x10/0x10
[   88.564324][    C0]  ? print_lock_name+0xde/0x100
[   88.564337][    C0]  __lock_acquire+0xbcb/0xd20
[   88.564350][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   88.564359][    C0]  lock_acquire+0x120/0x360
[   88.564370][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   88.564379][    C0]  _raw_read_lock_irqsave+0xaf/0x100
[   88.564391][    C0]  ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   88.564400][    C0]  ? __pfx__raw_read_lock_irqsave+0x10/0x10
[   88.564412][    C0]  ? xa_load+0x1ea/0x210
[   88.564422][    C0]  kvm_xen_set_evtchn_fast+0x1fb/0x9b0
[   88.564430][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   88.564441][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.564453][    C0]  ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0
[   88.564461][    C0]  xen_timer_callback+0x109/0x220
[   88.564470][    C0]  ? __pfx_xen_timer_callback+0x10/0x10
[   88.564478][    C0]  __hrtimer_run_queues+0x4e0/0xc60
[   88.564491][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[   88.564503][    C0]  hrtimer_interrupt+0x45b/0xaa0
[   88.564517][    C0]  __sysvec_apic_timer_interrupt+0x108/0x410
[   88.564530][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[   88.564544][    C0]  </IRQ>
[   88.564547][    C0]  <TASK>
[   88.564550][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   88.564558][    C0] RIP: 0010:__local_bh_disable_ip+0xdc/0x190
[   88.564566][    C0] Code: 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 0f 85 a4 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 8b 05 b4 5a 1c 11 <25> ff ff ff 7f 39 d8 75 42 48 8b 5d 08 48 89 df e8 7f 07 19 00 85
[   88.564572][    C0] RSP: 0018:ffffc9000040f8c0 EFLAGS: 00000206
[   88.564578][    C0] RAX: 0000000080000201 RBX: 0000000000000201 RCX: 0000000000046400
[   88.564583][    C0] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff8b4a0117
[   88.564587][    C0] RBP: ffffc9000040f960 R08: ffffffff8fa3c037 R09: 1ffffffff1f47806
[   88.564692][    C0] R10: dffffc0000000000 R11: fffffbfff1f47807 R12: 1ffff92000081f18
[   88.564698][    C0] R13: dffffc0000000000 R14: 0000000000000246 R15: dffffc0000000000
[   88.564706][    C0]  ? batadv_nc_purge_paths+0xe7/0x3b0
[   88.564722][    C0]  ? __pfx___local_bh_disable_ip+0x10/0x10
[   88.564731][    C0]  ? __local_bh_enable_ip+0x12d/0x1c0
[   88.564739][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   88.564748][    C0]  ? do_raw_spin_unlock+0x4d/0x240
[   88.564760][    C0]  ? batadv_nc_purge_paths+0xe7/0x3b0
[   88.564771][    C0]  _raw_spin_lock_bh+0x1c/0x50
[   88.564783][    C0]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[   88.564795][    C0]  batadv_nc_purge_paths+0xe7/0x3b0
[   88.564810][    C0]  batadv_nc_worker+0x369/0x610
[   88.564823][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[   88.564831][    C0]  process_scheduled_works+0xae1/0x17b0
[   88.564844][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[   88.564856][    C0]  worker_thread+0x8a0/0xda0
[   88.564871][    C0]  kthread+0x70e/0x8a0
[   88.564883][    C0]  ? __pfx_worker_thread+0x10/0x10
[   88.564892][    C0]  ? __pfx_kthread+0x10/0x10
[   88.564902][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[   88.564914][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.564927][    C0]  ? __pfx_kthread+0x10/0x10
[   88.564937][    C0]  ret_from_fork+0x3fc/0x770
[   88.564948][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   88.564959][    C0]  ? __pfx_kthread+0x10/0x10
[   88.564968][    C0]  ret_from_fork_asm+0x1a/0x30
[   88.564990][    C0]  </TASK>