=============================
[ BUG: Invalid wait context ]
6.15.0-syzkaller-08297-ge0797d3b91de #0 Not tainted
-----------------------------
dhcpcd/5648 is trying to lock:
ffffc9000638a410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
3 locks held by dhcpcd/5648:
 #0: ffff888025f8d7e0 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_downgrade include/linux/mmap_lock.h:179 [inline]
 #0: ffff888025f8d7e0 (&mm->mmap_lock){++++}-{4:4}, at: vms_complete_munmap_vmas+0x702/0x970 mm/vma.c:1228
 #1: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #1: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #1: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: page_ext_get+0x25/0x1a0 mm/page_ext.c:538
 #2: ffffc9000638a960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #2: ffffc9000638a960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #2: ffffc9000638a960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x23a/0xeb0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 2 UID: 101 PID: 5648 Comm: dhcpcd Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4833 [inline]
 check_wait_context kernel/locking/lockdep.c:4905 [inline]
 __lock_acquire+0xa12/0x1c90 kernel/locking/lockdep.c:5190
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x5ed/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rcu_rnp_online_cpus kernel/rcu/tree.c:3951 [inline]
RIP: 0010:rcu_rdp_cpu_online kernel/rcu/tree.c:3961 [inline]
RIP: 0010:rcu_lockdep_current_cpu_online+0xb0/0x150 kernel/rcu/tree.c:4002
Code: 03 80 3c 02 00 0f 85 8b 00 00 00 48 8d 7b 20 48 8b 6b 28 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 76 <48> b8 00 00 00 00 00 fc ff df 48 8b 5b 20 48 8d 7b 70 48 89 fa 48
RSP: 0018:ffffc90003867460 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: ffff88806a63cd00 RCX: ffffffff822db961
RDX: 1ffff1100d4c79a4 RSI: ffffffff8bf52e00 RDI: ffff88806a63cd20
RBP: 0000000000000004 R08: 0000000000000006 R09: 0000000000001000
R10: 0000000000000000 R11: 0000000000000001 R12: ffff88801c100000
R13: ffff88817ffef400 R14: 0000000000000000 R15: ffffea0000da1900
 rcu_read_lock_held_common kernel/rcu/update.c:113 [inline]
 rcu_read_lock_held+0x27/0x50 kernel/rcu/update.c:349
 lookup_page_ext+0x10d/0x1d0 mm/page_ext.c:254
 page_ext_get+0x58/0x1a0 mm/page_ext.c:539
 __reset_page_owner+0x2b/0x1a0 mm/page_owner.c:294
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1254 [inline]
 free_unref_folios+0xa65/0x1800 mm/page_alloc.c:2774
 folios_put_refs+0x56f/0x740 mm/swap.c:992
 free_pages_and_swap_cache+0x245/0x4a0 mm/swap_state.c:266
 __tlb_batch_free_encoded_pages+0xf9/0x290 mm/mmu_gather.c:136
 tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]
 tlb_flush_mmu_free mm/mmu_gather.c:397 [inline]
 tlb_flush_mmu mm/mmu_gather.c:404 [inline]
 tlb_finish_mmu+0x168/0x7c0 mm/mmu_gather.c:496
 vms_clear_ptes+0x55e/0x770 mm/vma.c:1191
 vms_complete_munmap_vmas+0x1ca/0x970 mm/vma.c:1233
 do_vmi_align_munmap+0x43b/0x7d0 mm/vma.c:1492
 __do_sys_brk+0x8d3/0xaa0 mm/mmap.c:176
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc8b1e636c7
Code: 4d 85 ed 74 e0 4d 85 e4 74 0b 48 89 ef 41 ff d4 4c 89 ee eb da 48 89 f7 e8 e6 1c f3 ff eb f1 0f 1f 40 00 b8 0c 00 00 00 0f 05 <48> 8b 15 6a a7 0d 00 48 89 02 48 39 f8 72 0a 31 c0 c3 0f 1f 80 00
RSP: 002b:00007fff6959d778 EFLAGS: 00000206 ORIG_RAX: 000000000000000c
RAX: ffffffffffffffda RBX: fffffffffff01000 RCX: 00007fc8b1e636c7
RDX: fffffffffffff000 RSI: 000055fa76fea610 RDI: 000055fa7700b000
RBP: 000055fa7710a000 R08: 0000000000020e40 R09: 0000000000000000
R10: 0000000000000790 R11: 0000000000000206 R12: 00007fc8b1f45e50
R13: 0000000000000009 R14: 0000000000001081 R15: 00007fc8b1f3eac0
 </TASK>
----------------
Code disassembly (best guess):
   0:	03 80 3c 02 00 0f    	add    0xf00023c(%rax),%eax
   6:	85 8b 00 00 00 48    	test   %ecx,0x48000000(%rbx)
   c:	8d 7b 20             	lea    0x20(%rbx),%edi
   f:	48 8b 6b 28          	mov    0x28(%rbx),%rbp
  13:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1a:	fc ff df
  1d:	48 89 fa             	mov    %rdi,%rdx
  20:	48 c1 ea 03          	shr    $0x3,%rdx
  24:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
  28:	75 76                	jne    0xa0
* 2a:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax <-- trapping instruction
  31:	fc ff df
  34:	48 8b 5b 20          	mov    0x20(%rbx),%rbx
  38:	48 8d 7b 70          	lea    0x70(%rbx),%rdi
  3c:	48 89 fa             	mov    %rdi,%rdx
  3f:	48                   	rex.W