=============================
[ BUG: Invalid wait context ]
6.15.0-syzkaller-08486-gf66bc387efbe #0 Not tainted
-----------------------------
syz.0.682/8681 is trying to lock:
ffffc90005f94410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
1 lock held by syz.0.682/8681:
 #0: ffffc90005f94960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #0: ffffc90005f94960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #0: ffffc90005f94960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x23a/0xeb0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 1 UID: 0 PID: 8681 Comm: syz.0.682 Not tainted 6.15.0-syzkaller-08486-gf66bc387efbe #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4833 [inline]
 check_wait_context kernel/locking/lockdep.c:4905 [inline]
 __lock_acquire+0xa12/0x1c90 kernel/locking/lockdep.c:5190
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x5ed/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x80 kernel/locking/spinlock.c:194
Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 e6 d2 19 f6 48 89 df e8 ce 26 1a f6 f7 c5 00 02 00 00 75 23 9c 58 f6 c4 02 75 37 <bf> 01 00 00 00 e8 65 4e 0a f6 65 8b 05 2e 72 2c 08 85 c0 74 16 5b
RSP: 0018:ffffc90004d4f9a0 EFLAGS: 00000246
RAX: 0000000000000002 RBX: ffffffff9ad170c8 RCX: ffffffff81c39c7f
RDX: 0000000000000000 RSI: ffffffff8dc06ed3 RDI: ffffffff8bf52fc0
RBP: 0000000000000206 R08: 0000000000000001 R09: 0000000000000001
R10: ffffffff90877557 R11: 0000000000000001 R12: 0000000000000001
R13: ffffffff9ad170c8 R14: 0000000000000103 R15: 0000000000000001
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 avc_reclaim_node security/selinux/avc.c:488 [inline]
 avc_alloc_node+0x420/0x6a0 security/selinux/avc.c:507
 avc_insert security/selinux/avc.c:618 [inline]
 avc_compute_av+0x100/0x7f0 security/selinux/avc.c:993
 avc_perm_nonode+0xab/0x180 security/selinux/avc.c:1117
 avc_has_perm_noaudit+0x2de/0x3b0 security/selinux/avc.c:1160
 avc_has_perm+0xc0/0x1c0 security/selinux/avc.c:1195
 inode_has_perm+0x168/0x1d0 security/selinux/hooks.c:1681
 selinux_mmap_file+0x10a/0x1b0 security/selinux/hooks.c:3955
 security_mmap_file+0x82a/0x990 security/security.c:2982
 vm_mmap_pgoff+0xec/0x450 mm/util.c:573
 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:607
 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]
 __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]
 __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f192df8e9a3
Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7
RSP: 002b:00007ffc74b62c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
RAX: ffffffffffffffda RBX: 0000000000400000 RCX: 00007f192df8e9a3
RDX: 0000000000000003 RSI: 00000000003c0000 RDI: 0000001b2e260000
RBP: 0000001b2e260000 R08: 0000000000000004 R09: 0000000000040000
R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000a6
R13: 00000000000927c0 R14: 0000000000019cd0 R15: 00007ffc74b62f20
 </TASK>
----------------
Code disassembly (best guess):
   0:	f5                   	cmc
   1:	53                   	push   %rbx
   2:	48 8b 74 24 10       	mov    0x10(%rsp),%rsi
   7:	48 89 fb             	mov    %rdi,%rbx
   a:	48 83 c7 18          	add    $0x18,%rdi
   e:	e8 e6 d2 19 f6       	call   0xf619d2f9
  13:	48 89 df             	mov    %rbx,%rdi
  16:	e8 ce 26 1a f6       	call   0xf61a26e9
  1b:	f7 c5 00 02 00 00    	test   $0x200,%ebp
  21:	75 23                	jne    0x46
  23:	9c                   	pushf
  24:	58                   	pop    %rax
  25:	f6 c4 02             	test   $0x2,%ah
  28:	75 37                	jne    0x61
* 2a:	bf 01 00 00 00       	mov    $0x1,%edi <-- trapping instruction
  2f:	e8 65 4e 0a f6       	call   0xf60a4e99
  34:	65 8b 05 2e 72 2c 08 	mov    %gs:0x82c722e(%rip),%eax        # 0x82c7269
  3b:	85 c0                	test   %eax,%eax
  3d:	74 16                	je     0x55
  3f:	5b                   	pop    %rbx