program:
r0 = socket(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x10, 0x0)
landlock_restrict_self(r2, 0x0) (async)
r3 = getuid()
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=@delsa={0x10c, 0x11, 0x2, 0x70bd28, 0x25dfdbfb, {@in6=@ipv4={'\x00', '\xff\xff', @broadcast}, 0x4d4, 0x2, 0xff}, [@sa={0xe4, 0x6, {{@in=@empty, @in=@empty, 0x4e24, 0xfff, 0x4e20, 0x0, 0xa, 0x0, 0x80, 0x67, r1, r3}, {@in=@multicast2, 0x4d6, 0x2b}, @in=@broadcast, {0xfc3, 0x8000000000000000, 0x0, 0x6, 0x7, 0x5, 0x100000001, 0x3}, {0x6, 0x4, 0x6e2, 0x6}, {0x7, 0x28000, 0x5}, 0x70bd2c, 0x3503, 0xa, 0x2, 0x8, 0x14}}]}, 0x10c}, 0x1, 0x0, 0x0, 0x40050}, 0x80c0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) (async)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000640)={0x0, 0x8001, 0x0, [0x6, 0x6f91, 0x0, 0x10000, 0x4], [0x1ff, 0x100000000, 0x5, 0x3, 0x5, 0xfffffffffffffffb, 0x8000000000000001, 0x3, 0x0, 0xd, 0xfffffffffffffffb, 0xdc3, 0x4, 0x100000000, 0x299d, 0xf80, 0x1692, 0x7fff, 0x852, 0x5, 0x5, 0x1, 0x7f, 0x10ac, 0x3, 0x6, 0x1917, 0x5, 0x6, 0x200, 0x9, 0x10, 0xffffffff00000000, 0x5, 0x9, 0xbd6, 0x17c0, 0xd, 0xffffffffffff80de, 0x6cb, 0x0, 0x0, 0x0, 0x6, 0x2, 0x8000, 0x1ff, 0x3ff, 0x1fc00000000000, 0x2, 0x3, 0x8, 0x8, 0x80000000, 0xda0, 0xd, 0x5, 0xffffffffffffffff, 0xffffffff, 0x9, 0x7de, 0x3, 0xc4ff, 0x5, 0x80, 0x2, 0x6, 0xdd, 0x8, 0x1, 0x10000, 0x8, 0x347, 0x7, 0x83e5, 0x6938ab4d, 0xa34, 0x8, 0x931, 0x6, 0xf0, 0xd, 0x5, 0x1, 0xe8, 0x6, 0xaa, 0x1, 0x7, 0xebb0, 0x7, 0x3, 0x5, 0x5, 0x6, 0xe3, 0x0, 0x2, 0x6, 0x10001, 0x8, 0x8, 0x6, 0x38c5, 0x8001, 0x0, 0xc2, 0x40, 0x2, 0x3, 0x8a31, 0x7fffffff, 0xf, 0x2, 0x1, 0x0, 0xfffffffffffffff7, 0x8001, 0x23, 0x7, 0x1]}) (async)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={0x2, 0x2, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x50}}, 0x0)

[  116.867039][    C0] 
[  116.868208][    C0] =============================
[  116.870149][    C0] [ BUG: Invalid wait context ]
[  116.872046][    C0] 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted
[  116.874729][    C0] -----------------------------
[  116.876739][    C0] syz.0.0/5328 is trying to lock:
[  116.878736][    C0] ffffffff8ea70198 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x5cb/0x800
[  116.882608][    C0] other info that might help us debug this:
[  116.884861][    C0] context-{2:2}
[  116.886198][    C0] 1 lock held by syz.0.0/5328:
[  116.887895][    C0]  #0: ffff88801fc3e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  116.891557][    C0] stack backtrace:
[  116.893056][    C0] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0
[  116.893091][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  116.893099][    C0] Call Trace:
[  116.893130][    C0]  <TASK>
[  116.893135][    C0]  dump_stack_lvl+0x241/0x360
[  116.893151][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.893161][    C0]  ? __pfx__printk+0x10/0x10
[  116.893174][    C0]  ? stack_trace_save+0x118/0x1d0
[  116.893187][    C0]  __lock_acquire+0x15a8/0x2100
[  116.893204][    C0]  lock_acquire+0x1ed/0x550
[  116.893216][    C0]  ? __set_page_owner+0x5cb/0x800
[  116.893231][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  116.893246][    C0]  _raw_spin_lock_irqsave+0xd5/0x120
[  116.893283][    C0]  ? __set_page_owner+0x5cb/0x800
[  116.893295][    C0]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  116.893305][    C0]  ? __kmalloc_cache_noprof+0x243/0x390
[  116.893314][    C0]  ? __set_page_owner+0x55f/0x800
[  116.893327][    C0]  __set_page_owner+0x5cb/0x800
[  116.893341][    C0]  ? __pfx___set_page_owner+0x10/0x10
[  116.893354][    C0]  post_alloc_hook+0x1f3/0x230
[  116.893366][    C0]  get_page_from_freelist+0x365c/0x37a0
[  116.893386][    C0]  __alloc_pages_noprof+0x292/0x710
[  116.893399][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  116.893411][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  116.893422][    C0]  ? __kernel_text_address+0xd/0x40
[  116.893432][    C0]  ? unwind_get_return_address+0x4d/0x90
[  116.893445][    C0]  alloc_pages_mpol_noprof+0x3e1/0x780
[  116.893462][    C0]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  116.893475][    C0]  ? stack_trace_save+0x118/0x1d0
[  116.893487][    C0]  ? alloc_pages_noprof+0x43/0x170
[  116.893496][    C0]  stack_depot_save_flags+0x72d/0x940
[  116.893535][    C0]  kasan_save_stack+0x4f/0x60
[  116.893545][    C0]  ? kasan_save_stack+0x3f/0x60
[  116.893555][    C0]  ? __kasan_record_aux_stack+0xac/0xc0
[  116.893588][    C0]  ? task_work_add+0xd9/0x490
[  116.893600][    C0]  ? task_tick_fair+0x30d/0x4e0
[  116.893612][    C0]  ? sched_tick+0x21e/0x660
[  116.893620][    C0]  ? update_process_times+0x276/0x2f0
[  116.893632][    C0]  ? tick_nohz_handler+0x37c/0x500
[  116.893643][    C0]  ? __hrtimer_run_queues+0x551/0xd30
[  116.893655][    C0]  ? hrtimer_interrupt+0x403/0xa40
[  116.893668][    C0]  ? __sysvec_apic_timer_interrupt+0x110/0x420
[  116.893681][    C0]  ? sysvec_apic_timer_interrupt+0x52/0xc0
[  116.893690][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.893710][    C0]  ? __phys_addr+0xba/0x170
[  116.893723][    C0]  __kasan_record_aux_stack+0xac/0xc0
[  116.893734][    C0]  task_work_add+0xd9/0x490
[  116.893749][    C0]  ? __pfx_task_work_add+0x10/0x10
[  116.893761][    C0]  ? task_scan_start+0x14c/0x430
[  116.893774][    C0]  ? task_scan_start+0x14c/0x430
[  116.893787][    C0]  ? task_scan_start+0x3f5/0x430
[  116.893800][    C0]  task_tick_fair+0x30d/0x4e0
[  116.893814][    C0]  sched_tick+0x21e/0x660
[  116.893824][    C0]  update_process_times+0x276/0x2f0
[  116.893840][    C0]  tick_nohz_handler+0x37c/0x500
[  116.893851][    C0]  ? __pfx_tick_nohz_handler+0x10/0x10
[  116.893861][    C0]  __hrtimer_run_queues+0x551/0xd30
[  116.893875][    C0]  ? ktime_get_update_offsets_now+0x2d/0x3b0
[  116.893890][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  116.893905][    C0]  hrtimer_interrupt+0x403/0xa40
[  116.893922][    C0]  __sysvec_apic_timer_interrupt+0x110/0x420
[  116.893935][    C0]  sysvec_apic_timer_interrupt+0x52/0xc0
[  116.893946][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  116.893959][    C0] RIP: 0033:0x7f0ada46325c
[  116.894023][    C0] Code: 0a bf e8 03 00 00 e8 43 9a 12 00 48 8b 05 4c 25 e7 00 8b 40 08 85 c0 74 e8 bf 02 00 00 00 e8 9b ca fe ff 48 8b 15 4c ee 33 00 <48> 8b 02 48 83 f8 02 74 f7 48 8b 02 48 83 f8 03 0f 84 6a 0a 00 00
[  116.894032][    C0] RSP: 002b:00007fff26500c50 EFLAGS: 00000246
[  116.894041][    C0] RAX: 0000000000000002 RBX: 0000000000010000 RCX: 00007f0ada628097
[  116.894049][    C0] RDX: 00007f0ad91ff000 RSI: 00007f0ada62808d RDI: 00007f0ada5ead08
[  116.894056][    C0] RBP: 0000000000dffff0 R08: 0000000000000000 R09: 00007fff26500ae7
[  116.894062][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f0ada776f68
[  116.894068][    C0] R13: 00007f0ada776260 R14: 00007fff26500f00 R15: 00007fff26500f00
[  116.894077][    C0]  </TASK>
[  117.063810][ T5315] Bluetooth: hci0: command tx timeout