=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G             L     
-----------------------------
syz-executor/5739 is trying to lock:
ffff888056f912d0 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
2 locks held by syz-executor/5739:
 #0: ffffffff8e40a098 (tasklist_lock){.+.+}-{3:3}, at: __do_wait+0x13b/0x8b0 kernel/exit.c:1679
 #1: ffff888056f91850 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
 #1: ffff888056f91850 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline]
 #1: ffff888056f91850 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x245/0xe80 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 2 UID: 0 PID: 5739 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
 check_wait_context kernel/locking/lockdep.c:4902 [inline]
 __lock_acquire+0xfa4/0x2630 kernel/locking/lockdep.c:5187
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x1b1/0x370 kernel/locking/lockdep.c:5825
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:174 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:240
 kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1930 [inline]
 __hrtimer_run_queues+0x142/0xa00 kernel/time/hrtimer.c:1994
 hrtimer_interrupt+0x3e5/0x940 kernel/time/hrtimer.c:2113
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 __sysvec_apic_timer_interrupt+0x10b/0x460 arch/x86/kernel/apic/apic.c:1067
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1061 [inline]
 sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1061
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:thread_group_leader include/linux/sched/signal.h:707 [inline]
RIP: 0010:wait_consider_task+0x1214/0x3e00 kernel/exit.c:1501
Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 09 3c 03 7f 05 e8 59 f5 ae 00 41 c7 47 50 00 00 00 00 e9 9b ef ff ff <e8> 87 35 41 00 49 8d 85 d8 05 00 00 48 89 c2 48 89 44 24 18 48 b8
RSP: 0018:ffffc9000392fa90 EFLAGS: 00000246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81c76ae7
RDX: 0000000000000020 RSI: 0000000000000020 RDI: ffff8880352d0000
RBP: ffffc9000392fccc R08: 0000000000000005 R09: 0000000000000020
R10: 0000000000000020 R11: 0000000000000000 R12: 0000000000000020
R13: ffff88802a560000 R14: 0000000000000000 R15: ffffc9000392fcc8
 do_wait_thread kernel/exit.c:1571 [inline]
 __do_wait+0x218/0x8b0 kernel/exit.c:1689
 do_wait+0x1ec/0x580 kernel/exit.c:1723
 kernel_wait4+0x16d/0x280 kernel/exit.c:1882
 __do_sys_wait4+0x161/0x170 kernel/exit.c:1910
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x10b/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb9b635d68e
Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
RSP: 002b:00007ffc101c1748 EFLAGS: 00000246 ORIG_RAX: 000000000000003d
RAX: ffffffffffffffda RBX: 0000555575045500 RCX: 00007fb9b635d68e
RDX: 0000000040000001 RSI: 00007ffc101c17ec RDI: ffffffffffffffff
RBP: 00007ffc101c17ec R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388
R13: 00000000000927c0 R14: 000000000001ccee R15: 00007ffc101c1840
 </TASK>
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	fc                   	cld
   3:	ff                   	lcall  (bad)
   4:	df 48 89             	fisttps -0x77(%rax)
   7:	fa                   	cli
   8:	48 c1 ea 03          	shr    $0x3,%rdx
   c:	0f b6 04 02          	movzbl (%rdx,%rax,1),%eax
  10:	84 c0                	test   %al,%al
  12:	74 09                	je     0x1d
  14:	3c 03                	cmp    $0x3,%al
  16:	7f 05                	jg     0x1d
  18:	e8 59 f5 ae 00       	call   0xaef576
  1d:	41 c7 47 50 00 00 00 	movl   $0x0,0x50(%r15)
  24:	00
  25:	e9 9b ef ff ff       	jmp    0xffffefc5
* 2a:	e8 87 35 41 00       	call   0x4135b6 <-- trapping instruction
  2f:	49 8d 85 d8 05 00 00 	lea    0x5d8(%r13),%rax
  36:	48 89 c2             	mov    %rax,%rdx
  39:	48 89 44 24 18       	mov    %rax,0x18(%rsp)
  3e:	48                   	rex.W
  3f:	b8                   	.byte 0xb8