=============================
[ BUG: Invalid wait context ]
6.15.0-syzkaller-08297-ge0797d3b91de #0 Not tainted
-----------------------------
syz.3.2056/14132 is trying to lock:
ffffc9000bd14410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x1fb/0x9a0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
2 locks held by syz.3.2056/14132:
 #0: ffff88805bec2428 (sb_writers#3){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 fs/splice.c:1157
 #1: ffffc9000bd14960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #1: ffffc9000bd14960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #1: ffffc9000bd14960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x1c3/0x9a0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 0 UID: 0 PID: 14132 Comm: syz.3.2056 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Call Trace:
 <IRQ>
 dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4833 [inline]
 check_wait_context kernel/locking/lockdep.c:4905 [inline]
 __lock_acquire+0xbcb/0xd20 kernel/locking/lockdep.c:5190
 lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5871
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0xaf/0x100 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x1fb/0x9a0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x109/0x220 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x4dd/0xc60 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x45b/0xaa0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x410 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__sanitizer_cov_trace_pc+0x46/0x70 kernel/kcov.c:222
Code: ff 00 74 11 81 fa 00 01 00 00 75 35 83 b9 3c 16 00 00 00 74 2c 8b 91 18 16 00 00 83 fa 02 75 21 48 8b 91 20 16 00 00 48 8b 32 <48> 8d 7e 01 8b 89 1c 16 00 00 48 39 cf 73 08 48 89 3a 48 89 44 f2
RSP: 0018:ffffc9000bf370a0 EFLAGS: 00000246
RAX: ffffffff8203dd54 RBX: ffffea0000cfba80 RCX: ffff88806e9b9e00
RDX: ffffc9000ce2c000 RSI: 000000000007ffff RDI: 0000000000000000
RBP: dffffc0000000000 R08: ffffea0000cfba47 R09: 1ffffd400019f748
R10: dffffc0000000000 R11: fffff9400019f749 R12: 0000000000000000
R13: ffffea0000cfba88 R14: ffff8881404ae000 R15: ffffea0000000000
 arch_static_branch arch/x86/include/asm/jump_label.h:36 [inline]
 page_fixed_fake_head include/linux/page-flags.h:206 [inline]
 _compound_head include/linux/page-flags.h:284 [inline]
 PageHuge include/linux/page-flags.h:1129 [inline]
 isolate_migratepages_block+0x894/0x3c70 mm/compaction.c:983
 isolate_migratepages mm/compaction.c:2167 [inline]
 compact_zone+0x22ab/0x4af0 mm/compaction.c:2659
 compact_node mm/compaction.c:2958 [inline]
 compact_nodes mm/compaction.c:2980 [inline]
 sysctl_compaction_handler+0x3a4/0x7b0 mm/compaction.c:3031
 proc_sys_call_handler+0x509/0x7c0 fs/proc/proc_sysctl.c:601
 iter_file_splice_write+0x937/0x1000 fs/splice.c:738
 do_splice_from fs/splice.c:935 [inline]
 direct_splice_actor+0xfe/0x160 fs/splice.c:1158
 splice_direct_to_actor+0x5a8/0xcc0 fs/splice.c:1102
 do_splice_direct_actor fs/splice.c:1201 [inline]
 do_splice_direct+0x181/0x270 fs/splice.c:1227
 do_sendfile+0x4da/0x7e0 fs/read_write.c:1370
 __do_sys_sendfile64 fs/read_write.c:1425 [inline]
 __se_sys_sendfile64+0xd9/0x190 fs/read_write.c:1417
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f7251b8e969
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f72529d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00007f7251db5fa0 RCX: 00007f7251b8e969
RDX: 00002000000000c0 RSI: 0000000000000007 RDI: 000000000000000a
RBP: 00007f7251c10ab1 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f7251db5fa0 R15: 00007ffc18549de8
 </TASK>
----------------
Code disassembly (best guess):
   0:	ff 00                	incl   (%rax)
   2:	74 11                	je     0x15
   4:	81 fa 00 01 00 00    	cmp    $0x100,%edx
   a:	75 35                	jne    0x41
   c:	83 b9 3c 16 00 00 00 	cmpl   $0x0,0x163c(%rcx)
  13:	74 2c                	je     0x41
  15:	8b 91 18 16 00 00    	mov    0x1618(%rcx),%edx
  1b:	83 fa 02             	cmp    $0x2,%edx
  1e:	75 21                	jne    0x41
  20:	48 8b 91 20 16 00 00 	mov    0x1620(%rcx),%rdx
  27:	48 8b 32             	mov    (%rdx),%rsi
* 2a:	48 8d 7e 01          	lea    0x1(%rsi),%rdi <-- trapping instruction
  2e:	8b 89 1c 16 00 00    	mov    0x161c(%rcx),%ecx
  34:	48 39 cf             	cmp    %rcx,%rdi
  37:	73 08                	jae    0x41
  39:	48 89 3a             	mov    %rdi,(%rdx)
  3c:	48                   	rex.W
  3d:	89                   	.byte 0x89
  3e:	44                   	rex.R
  3f:	f2                   	repnz