=============================
[ BUG: Invalid wait context ]
6.15.0-syzkaller-08297-ge0797d3b91de #0 Not tainted
-----------------------------
udevd/5344 is trying to lock:
ffffc9000d7f2410 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
2 locks held by udevd/5344:
 #0: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #0: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:841 [inline]
 #0: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1155 [inline]
 #0: ffffffff8e3c47c0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x20a0 arch/x86/kernel/unwind_orc.c:479
 #1: ffffc9000d7f2960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:161 [inline]
 #1: ffffc9000d7f2960 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:253 [inline]
 #1: ffffc9000d7f2960 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x23a/0xeb0 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 2 UID: 0 PID: 5344 Comm: udevd Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) 
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4833 [inline]
 check_wait_context kernel/locking/lockdep.c:4905 [inline]
 __lock_acquire+0xa12/0x1c90 kernel/locking/lockdep.c:5190
 lock_acquire kernel/locking/lockdep.c:5871 [inline]
 lock_acquire+0x179/0x350 kernel/locking/lockdep.c:5828
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x254/0xeb0 arch/x86/kvm/xen.c:1819
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1761 [inline]
 __hrtimer_run_queues+0x5ed/0xad0 kernel/time/hrtimer.c:1825
 hrtimer_interrupt+0x397/0x8e0 kernel/time/hrtimer.c:1887
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1039 [inline]
 __sysvec_apic_timer_interrupt+0x108/0x3f0 arch/x86/kernel/apic/apic.c:1056
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
 sysvec_apic_timer_interrupt+0x9f/0xc0 arch/x86/kernel/apic/apic.c:1050
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__orc_find+0x56/0xf0 arch/x86/kernel/unwind_orc.c:100
Code: b9 00 00 00 00 00 fc ff df 49 89 ff 48 89 fd eb 0c 48 8d 6b 04 49 89 df 49 39 ec 72 4e 4c 89 e2 48 29 ea 48 89 d6 48 c1 ea 3f <48> c1 fe 02 48 01 f2 48 d1 fa 48 8d 5c 95 00 48 89 da 48 c1 ea 03
RSP: 0018:ffffc9000336f9d8 EFLAGS: 00000246
RAX: ffffffff911bf280 RBX: 0000000000000001 RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff90985d98
RBP: ffffffff90985d98 R08: ffffffff911bf286 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000006ab9 R12: ffffffff90985d98
R13: ffffffff816ab9b3 R14: ffffffff90985d98 R15: ffffffff90985d98
 orc_find arch/x86/kernel/unwind_orc.c:227 [inline]
 unwind_next_frame+0x2ec/0x20a0 arch/x86/kernel/unwind_orc.c:494
 __unwind_start+0x45f/0x7f0 arch/x86/kernel/unwind_orc.c:758
 unwind_start arch/x86/include/asm/unwind.h:64 [inline]
 arch_stack_walk+0x73/0x100 arch/x86/kernel/stacktrace.c:24
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x33/0x60 mm/kasan/common.c:47
 kasan_save_track+0x14/0x30 mm/kasan/common.c:68
 unpoison_slab_object mm/kasan/common.c:319 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:345
 kasan_slab_alloc include/linux/kasan.h:250 [inline]
 slab_post_alloc_hook mm/slub.c:4147 [inline]
 slab_alloc_node mm/slub.c:4196 [inline]
 kmem_cache_alloc_noprof+0x1cb/0x3b0 mm/slub.c:4203
 getname_flags.part.0+0x4c/0x550 fs/namei.c:146
 getname_flags include/linux/audit.h:322 [inline]
 getname include/linux/fs.h:2879 [inline]
 __do_sys_unlink fs/namei.c:4696 [inline]
 __se_sys_unlink fs/namei.c:4694 [inline]
 __x64_sys_unlink+0xb0/0x110 fs/namei.c:4694
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa1e7515937
Code: 00 00 e9 a9 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 5f 00 00 00 0f 05 c3 0f 1f 84 00 00 00 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 91 b4 0d 00 f7 d8 64 89 02 b8
RSP: 002b:00007ffd69b83338 EFLAGS: 00000202 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000bb8 RCX: 00007fa1e7515937
RDX: ffffffffffffffff RSI: 000000000000000b RDI: 000055c95decf02e
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 000055c95deea100 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
vkms_vblank_simulate: vblank timer overrun
vkms_vblank_simulate: vblank timer overrun
----------------
Code disassembly (best guess):
   0:	b9 00 00 00 00       	mov    $0x0,%ecx
   5:	00 fc                	add    %bh,%ah
   7:	ff                   	(bad)
   8:	df 49 89             	fisttps -0x77(%rcx)
   b:	ff 48 89             	decl   -0x77(%rax)
   e:	fd                   	std
   f:	eb 0c                	jmp    0x1d
  11:	48 8d 6b 04          	lea    0x4(%rbx),%rbp
  15:	49 89 df             	mov    %rbx,%r15
  18:	49 39 ec             	cmp    %rbp,%r12
  1b:	72 4e                	jb     0x6b
  1d:	4c 89 e2             	mov    %r12,%rdx
  20:	48 29 ea             	sub    %rbp,%rdx
  23:	48 89 d6             	mov    %rdx,%rsi
  26:	48 c1 ea 3f          	shr    $0x3f,%rdx
* 2a:	48 c1 fe 02          	sar    $0x2,%rsi <-- trapping instruction
  2e:	48 01 f2             	add    %rsi,%rdx
  31:	48 d1 fa             	sar    %rdx
  34:	48 8d 5c 95 00       	lea    0x0(%rbp,%rdx,4),%rbx
  39:	48 89 da             	mov    %rbx,%rdx
  3c:	48 c1 ea 03          	shr    $0x3,%rdx