=============================
[ BUG: Invalid wait context ]
6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 Not tainted
-----------------------------
ksoftirqd/0/15 is trying to lock:
ffffc90004704410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
2 locks held by ksoftirqd/0/15:
 #0: ffffffff8e3c14a0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3c14a0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2562 [inline]
 #0: ffffffff8e3c14a0 (rcu_callback){....}-{0:0}, at: rcu_core+0x73d/0x14e0 kernel/rcu/tree.c:2824
 #1: ffffc90004704958 (&kvm->srcu){.?.?}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #1: ffffc90004704958 (&kvm->srcu){.?.?}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #1: ffffc90004704958 (&kvm->srcu){.?.?}-{0:0}, at: kvm_xen_set_evtchn_fast+0x23a/0xeb0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.15.0-rc2-syzkaller-00042-g1a1d569a75f3 #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4831 [inline]
 check_wait_context kernel/locking/lockdep.c:4903 [inline]
 __lock_acquire+0x3ff/0x1ba0 kernel/locking/lockdep.c:5185
 lock_acquire kernel/locking/lockdep.c:5866 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5823
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x5ea/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1049
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:stack_trace_consume_entry+0xa7/0x170 kernel/stacktrace.c:93
Code: 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 98 00 00 00 8b 43 0c 85 c0 75 57 48 b8 00 00 00 00 00 fc ff df 48 89 da <48> c1 ea 03 80 3c 02 00 0f 85 9a 00 00 00 8d 45 01 89 43 10 48 8b
RSP: 0018:ffffc90000127848 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffffc90000127928 RCX: ffffc900001277bc
RDX: ffffc90000127928 RSI: ffffffff822081a1 RDI: ffffc90000127934
RBP: 0000000000000003 R08: ffffffff9128f2f6 R09: 0000000000000000
R10: 0000000000000001 R11: 00000000000120ae R12: ffffffff81a6fea0
R13: ffffc90000127928 R14: 0000000000000000 R15: ffff88801d2ec880
 arch_stack_walk+0x85/0x100 arch/x86/kernel/stacktrace.c:27
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 kasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576
 poison_slab_object mm/kasan/common.c:247 [inline]
 __kasan_slab_free+0x51/0x70 mm/kasan/common.c:264
 kasan_slab_free include/linux/kasan.h:233 [inline]
 slab_free_hook mm/slub.c:2389 [inline]
 slab_free mm/slub.c:4646 [inline]
 kmem_cache_free+0x2d4/0x4d0 mm/slub.c:4748
 rcu_do_batch kernel/rcu/tree.c:2568 [inline]
 rcu_core+0x799/0x14e0 kernel/rcu/tree.c:2824
 handle_softirqs+0x216/0x8e0 kernel/softirq.c:579
 run_ksoftirqd kernel/softirq.c:968 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:960
 smpboot_thread_fn+0x3f4/0xae0 kernel/smpboot.c:164
 kthread+0x3c2/0x780 kernel/kthread.c:464
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
vkms_vblank_simulate: vblank timer overrun
----------------
Code disassembly (best guess):
   0:	02 48 89             	add    -0x77(%rax),%cl
   3:	f8                   	clc
   4:	83 e0 07             	and    $0x7,%eax
   7:	83 c0 03             	add    $0x3,%eax
   a:	38 d0                	cmp    %dl,%al
   c:	7c 08                	jl     0x16
   e:	84 d2                	test   %dl,%dl
  10:	0f 85 98 00 00 00    	jne    0xae
  16:	8b 43 0c             	mov    0xc(%rbx),%eax
  19:	85 c0                	test   %eax,%eax
  1b:	75 57                	jne    0x74
  1d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  24:	fc ff df
  27:	48 89 da             	mov    %rbx,%rdx
* 2a:	48 c1 ea 03          	shr    $0x3,%rdx <-- trapping instruction
  2e:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  32:	0f 85 9a 00 00 00    	jne    0xd2
  38:	8d 45 01             	lea    0x1(%rbp),%eax
  3b:	89 43 10             	mov    %eax,0x10(%rbx)
  3e:	48                   	rex.W
  3f:	8b                   	.byte 0x8b