=============================
[ BUG: Invalid wait context ]
6.12.0-rc2-syzkaller #0 Not tainted
-----------------------------
kworker/u8:0/11 is trying to lock:
ffffc90001a6ecc8 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x103/0x620 arch/x86/kvm/xen.c:1765
other info that might help us debug this:
context-{2:2}
5 locks held by kworker/u8:0/11:
 #0: ffff888100aa2d48 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3204 [inline]
 #0: ffff888100aa2d48 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x2fc/0x8f0 kernel/workqueue.c:3310
 #1: ffffc90000063e48 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3205 [inline]
 #1: ffffc90000063e48 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x323/0x8f0 kernel/workqueue.c:3310
 #2: ffffffff85d636d8 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x59/0x5f0 net/core/net_namespace.c:580
 #3: ffffffff85d65658 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0x43/0x4f0 net/core/dev.c:11934
 #4: ffffc90001a6f130 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:151 [inline]
 #4: ffffc90001a6f130 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:250 [inline]
 #4: ffffc90001a6f130 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0xd2/0x620 arch/x86/kvm/xen.c:1763
stack backtrace:
CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.12.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: netns cleanup_net
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x12b/0x1d0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0xc89/0x2570 kernel/locking/lockdep.c:5176
 lock_acquire+0xeb/0x270 kernel/locking/lockdep.c:5849
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x69/0xa0 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x103/0x620 arch/x86/kvm/xen.c:1765
 xen_timer_callback+0x68/0xd0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1691 [inline]
 __hrtimer_run_queues+0x22c/0x5c0 kernel/time/hrtimer.c:1755
 hrtimer_interrupt+0x128/0x470 kernel/time/hrtimer.c:1817
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1026 [inline]
 __sysvec_apic_timer_interrupt+0x84/0x1c0 arch/x86/kernel/apic/apic.c:1043
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1037 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1037
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:lockdep_unregister_key+0x33c/0x380 kernel/locking/lockdep.c:6593
Code: 5b 62 04 00 74 61 89 c6 48 c7 c7 a0 2d 93 8a e8 ba f7 23 03 90 e9 0a fe ff ff e8 af cc 22 03 f7 c5 00 02 00 00 74 96 fb 84 db <75> 95 eb a6 90 e8 0a 83 ee 00 90 e9 63 ff ff ff 90 e8 fe 82 ee 00
RSP: 0018:ffffc90000063b88 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff87963474
RDX: 00000000000145ca RSI: ffffffff8558a7b6 RDI: ffffffff853cefc5
RBP: 0000000000000246 R08: ffffffff85a07e20 R09: 0000000000000000
R10: ffff888176036eb1 R11: ffffffff8131f910 R12: 0000000000001000
R13: ffff8881012f3800 R14: ffffffff888ea928 R15: ffff888179a5e698
 __qdisc_destroy+0xe4/0x270 net/sched/sch_generic.c:1079
 netdev_for_each_tx_queue include/linux/netdevice.h:2504 [inline]
 dev_shutdown+0x43/0x2e0 net/sched/sch_generic.c:1490
 unregister_netdevice_many_notify+0x3d9/0xbd0 net/core/dev.c:11392
 unregister_netdevice_many net/core/dev.c:11465 [inline]
 default_device_exit_batch+0x491/0x4f0 net/core/dev.c:11948
 ops_exit_list net/core/net_namespace.c:178 [inline]
 cleanup_net+0x3e6/0x5f0 net/core/net_namespace.c:626
 process_one_work kernel/workqueue.c:3229 [inline]
 process_scheduled_works+0x3a3/0x8f0 kernel/workqueue.c:3310
 worker_thread+0x35a/0x4b0 kernel/workqueue.c:3391
 kthread+0x114/0x140 kernel/kthread.c:389
 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
 </TASK>
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	04 00                	add    $0x0,%al
   2:	74 61                	je     0x65
   4:	89 c6                	mov    %eax,%esi
   6:	48 c7 c7 a0 2d 93 8a 	mov    $0xffffffff8a932da0,%rdi
   d:	e8 ba f7 23 03       	call   0x323f7cc
  12:	90                   	nop
  13:	e9 0a fe ff ff       	jmp    0xfffffe22
  18:	e8 af cc 22 03       	call   0x322cccc
  1d:	f7 c5 00 02 00 00    	test   $0x200,%ebp
  23:	74 96                	je     0xffffffbb
  25:	fb                   	sti
  26:	84 db                	test   %bl,%bl
* 28:	75 95                	jne    0xffffffbf <-- trapping instruction
  2a:	eb a6                	jmp    0xffffffd2
  2c:	90                   	nop
  2d:	e8 0a 83 ee 00       	call   0xee833c
  32:	90                   	nop
  33:	e9 63 ff ff ff       	jmp    0xffffff9b
  38:	90                   	nop
  39:	e8 fe 82 ee 00       	call   0xee833c