program: r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x8604, 0x0, 0x0, 0x3}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c0000001a01000000000000000000001c0000000000ff0000000000"], 0x1c}}, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000240)=ANY=[@ANYBLOB="070000000000000046000000ffffffff05000005000000000600000006000000020000000000000000000000000000000700008004000000000000003580000027000000070000007f0000000000000000000000000000000100fcf9ab3000000000000003000000ffffff7f05000000ffff00000000000000000000000000000b0000005f0e000001000000070000001300000006000000ffffff7f000000000000000000000000000000000000008005000000060000000300000000000000ffffffff0000000000000000000000000d000000bb020000010000000d00000003000000ff070000ffffffff00000000000000000000000000000000bf03000000000000f90000005ca1ffff000100000700"/288]) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113500000000008510000002000000b7000000000000009500c200000000000000e84a00001200"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x70) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x701c850, &(0x7f00000003c0), 0x3, 0x4c9, &(0x7f0000001040)="$eJzs3d9rW9cdAPDvvbYTJ3FmZ9tDFlgWtgwnbJHseEnMHjIPxvYUWJa9e54tG2PZMpacxCZsDvsDBmO/2J72tJfBnkuh5E8ohUD7XkppCW2SPvShrYrkqyZxZFshltVYnw8c6557r/z9Hgkd6egcdAPoWmciYiIieiLifEQMZvvTrMTGZqmd9+jhnelaSaJavfFREkm2r/G/kuz2WHa3/oj4za8ifp88H7e8tr4wVSwWVrJ6vrK4nC+vrV+YX5yaK8wVlibGRi+PXxm/ND6yZ229+ov3//7n//7y6hs/vvXu5Ifn/lBLayA79nQ7WrHR4nmbTe+rPxYNvRGx8iLBvsZ6svb0dToRAABaUvuM/82I+H5EPP5Xp7MBAAAA2qH6s4H4LImoAgAAAAdWWl8Dm6S5bC3AQKRpLre5hvfbcTQtlsqVH82WVpdmNtfKDkVfOjtfLIxka4WHoi+p1Ufr20/qF7fUxyLiRET8dfBIvZ6bLhVnOv3lBwAAAHSJY1vG/58Mbo7/AQAAgANmqNMJAAAAAG1n/A8AAAAH37bj/6R3fxMBAAAA2uHX167VSrVx/euZm2urC6WbF2YK5YXc4up0brq0spybK5Xm6r/Zt7jb/yuWSss/iaXV2/lKoVzJl9fWJxdLq0uVyfp1vScLrhMNAAAA++/E9+69k0TExk+P1EvNoexYC2P1ifZmB7RTGi+0xCdpXybAfuvpdAJAx1jgC93LfDywy8D+b1vqaTtzAQAA2mP4Oy81/28+EF5hBvLQvcz/Q/cy/w/dy/w/dLnDu5/Sv92BN/c4FwAAoG0G6iVJc9lc4ECkaS4Xcbx+WYC+ZHa+WBiJiG9ExNuDfYdr9dFOJw0AAAAAAAAAAAAAAAAAAAAAAAAAr5hqNYkqAAAAcKBFpB8k2YX8hwfPDmz9fuBQ8ulg/TYibv37xj9uT1UqK6O1/R9/tb/yz2z/xU58gwEAAABs1RinN8bxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALCXHj28M90o+xn3wc8jYqhZ/N5qtVqNiP7XBiPi6OMkep+6XxIRPXsQf+NuRJxsFj+ppRVD0V+vbY2fRsSRDsc/tgfxoZvdq/U/E81ef2mcqd82f/31ZuVlPTizXf+XZpH76/1cs/7veIsxTt3/f37b+HcjTvU2738a8ZOX7H9/99v19e2OVf8TMdz0/Sd5Jla+sricL6+tX5hfnJorzBWWxsZGL49fGb80PpKfnS8Wsr9NY/zlu69/sVP7j24Tf2iX9p9tsf2f37/98Fs7xD/3g+bP/8kd4tce+x9m7wO148ON7Y3N7aed/t9bp3dq/8w27X/++f/jM+0/12L7z1//03stngoA7IPy2vrCVLFYWLFhw8bB27ievdBf+O4d7pgAAIA99+RDf6czAQAAAAAAAAAAAAAAAAAAgO7V9h8hO/zsLwv0d66pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+jIAAP//L0rXdw==") r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, r4, 0x0, 0x2}, 0x50) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000580)={0x0, @empty, @broadcast}, &(0x7f00000005c0)=0xc) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000600), 0x240002, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000780)={0x1b, 0x0, 0x0, 0x40000, 0x0, r5, 0x0, '\x00', r6, 0x0, 0x4, 0x0, 0x5}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="182b04c8e11f7198e1735308000000000000000000000000000018110000868912e4cc01cc7d0f08cec3f97a7d15594023aa57fc2d95f06029b606d45e3de19bfa557775ec81f80ad4e2d0caae924e203646d12de1eafef7d5facf189c961a5220ca339548dda89e065a377809ae0000", @ANYRES32=r7, @ANYBLOB="0000000000000000b706000014000000b7030000000000008500000005000000bc690000000000003509010000000000950000000400000087060000000000007b9af8ff00000000b5090200000000007baaf0ff00000000bfa600000000000007080000f8ffffffbf6400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056040000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r8, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x0, @empty}, @in={0x106, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x44, 0x2, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x40008c4}, 0x4000) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(0xffffffffffffffff) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000680)='.\x00', 0x0, 0x14) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getsockopt$IP_SET_OP_VERSION(r4, 0x1, 0x53, &(0x7f0000000200), &(0x7f0000000380)=0x8) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r10, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) getdents(r9, &(0x7f00000000c0)=""/47, 0x2f) getdents64(r9, &(0x7f0000000040)=""/56, 0x38) sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084) [ 85.327542][ T4705] Bluetooth: hci0: command tx timeout [ 85.467521][ T5359] loop0: detected capacity change from 0 to 512 [ 85.484277][ C0] [ 85.485239][ C0] ============================= [ 85.486953][ C0] [ BUG: Invalid wait context ] [ 85.488643][ C0] 6.16.0-syzkaller-12288-g2b38afce25c4 #0 Not tainted [ 85.491324][ C0] ----------------------------- [ 85.493381][ C0] kworker/u4:10/3905 is trying to lock: [ 85.495623][ C0] ffff88805242d410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 85.499704][ C0] other info that might help us debug this: [ 85.501928][ C0] context-{2:2} [ 85.503207][ C0] 4 locks held by kworker/u4:10/3905: [ 85.505626][ C0] #0: ffff88803f13c148 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 85.511006][ C0] #1: ffffc9000e9b7bc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 85.516369][ C0] #2: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: batadv_nc_worker+0xd2/0x610 [ 85.520519][ C0] #3: ffff88805242d960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9b0 [ 85.524641][ C0] stack backtrace: [ 85.526320][ C0] CPU: 0 UID: 0 PID: 3905 Comm: kworker/u4:10 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) [ 85.526335][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.526350][ C0] Workqueue: bat_events batadv_nc_worker [ 85.526366][ C0] Call Trace: [ 85.526373][ C0] [ 85.526379][ C0] dump_stack_lvl+0x189/0x250 [ 85.526394][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.526404][ C0] ? __pfx__printk+0x10/0x10 [ 85.526416][ C0] ? print_lock_name+0xde/0x100 [ 85.526424][ C0] __lock_acquire+0xbcb/0xd20 [ 85.526436][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 85.526445][ C0] lock_acquire+0x120/0x360 [ 85.526457][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 85.526467][ C0] _raw_read_lock_irqsave+0xaf/0x100 [ 85.526478][ C0] ? kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 85.526487][ C0] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 85.526498][ C0] ? xa_load+0x1ea/0x210 [ 85.526512][ C0] kvm_xen_set_evtchn_fast+0x1fb/0x9b0 [ 85.526522][ C0] ? do_raw_spin_unlock+0x4d/0x240 [ 85.526532][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 85.526539][ C0] ? kvm_xen_set_evtchn_fast+0x1c3/0x9b0 [ 85.526544][ C0] xen_timer_callback+0x109/0x220 [ 85.526551][ C0] ? __pfx_xen_timer_callback+0x10/0x10 [ 85.526556][ C0] __hrtimer_run_queues+0x4e0/0xc60 [ 85.526565][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 85.526572][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 85.526580][ C0] __sysvec_apic_timer_interrupt+0x108/0x410 [ 85.526588][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 85.526597][ C0] [ 85.526599][ C0] [ 85.526601][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 85.526608][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 85.526617][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 eb 93 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 85.526622][ C0] RSP: 0018:ffffc9000e9b7980 EFLAGS: 00000206 [ 85.526628][ C0] RAX: c873ef343185ff00 RBX: 0000000000000000 RCX: c873ef343185ff00 [ 85.526633][ C0] RDX: 0000000000000000 RSI: ffffffff8dba8ee8 RDI: ffffffff8be34580 [ 85.526636][ C0] RBP: ffffffff8b48b2f2 R08: 0000000000000000 R09: ffffffff8b48b2f2 [ 85.526640][ C0] R10: dffffc0000000000 R11: ffffffff8b48b220 R12: 0000000000000002 [ 85.526644][ C0] R13: ffffffff8e139ee0 R14: 0000000000000000 R15: 0000000000000246 [ 85.526648][ C0] ? batadv_nc_worker+0xd2/0x610 [ 85.526654][ C0] ? __pfx_batadv_nc_worker+0x10/0x10 [ 85.526660][ C0] ? batadv_nc_worker+0xd2/0x610 [ 85.526667][ C0] ? batadv_nc_worker+0xd2/0x610 [ 85.526673][ C0] ? batadv_nc_worker+0xd2/0x610 [ 85.526678][ C0] batadv_nc_worker+0xef/0x610 [ 85.526684][ C0] ? batadv_nc_worker+0xd2/0x610 [ 85.526699][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 85.526705][ C0] process_scheduled_works+0xade/0x17b0 [ 85.526713][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.526721][ C0] worker_thread+0x8a0/0xda0 [ 85.526727][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 85.526736][ C0] ? __kthread_parkme+0x7b/0x200 [ 85.526743][ C0] kthread+0x70e/0x8a0 [ 85.526750][ C0] ? __pfx_worker_thread+0x10/0x10 [ 85.526756][ C0] ? __pfx_kthread+0x10/0x10 [ 85.526762][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.526768][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.526774][ C0] ? __pfx_kthread+0x10/0x10 [ 85.526781][ C0] ret_from_fork+0x3f9/0x770 [ 85.526788][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 85.526794][ C0] ? __pfx_kthread+0x10/0x10 [ 85.526800][ C0] ret_from_fork_asm+0x1a/0x30 [ 85.526810][ C0] [ 85.700745][ T5359] ======================================================= [ 85.700745][ T5359] WARNING: The mand mount option has been deprecated and [ 85.700745][ T5359] and is ignored by this kernel. Remove the mand [ 85.700745][ T5359] option from the mount to silence this warning. [ 85.700745][ T5359] ======================================================= [ 85.736865][ T5359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.742353][ T5359] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)