================================================ WARNING: lock held when returning to user space! syzkaller #0 Not tainted ------------------------------------------------ dhcpcd-run-hook/4652 is leaving the kernel with locks still held! 1 lock held by dhcpcd-run-hook/4652: #0: ffff800088ac66e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire+0x10/0x4c include/linux/rcupdate.h:299 ------------[ cut here ]------------ Voluntary context switch within RCU read-side critical section! WARNING: kernel/rcu/tree_plugin.h:332 at rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332, CPU#0: dhcpcd-run-hook/4652 Modules linked in: CPU: 0 UID: 0 PID: 4652 Comm: dhcpcd-run-hook Not tainted syzkaller #0 PREEMPT Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 634000c5 (nZCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332 lr : rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332 sp : ffff800094c17b20 x29: ffff800094c17ba0 x28: dfff800000000000 x27: dfff800000000000 x26: 0000000000000000 x25: 1ffff0001111bd74 x24: 0000000000000000 x23: ffff700012982f98 x22: ffff800125887000 x21: ffff0001ae11c3c0 x20: ffff0000d00fdb84 x19: ffff0000d00fd700 x18: 0000000000000000 x17: ffff800125887000 x16: ffff80008e8d0000 x15: 0000000000000000 x14: 00000000ffff8000 x13: 0000000000000001 x12: 0000000000000000 x11: 000000000000051e x10: 0000000000ff0100 x9 : da297d454a1dd800 x8 : da297d454a1dd800 x7 : 7865746e6f632079 x6 : ffff8000804886d0 x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000802f13b0 x2 : 0000000000000001 x1 : ffff0000d00fd700 x0 : 0000000000000000 Call trace: rcu_note_context_switch+0xba8/0xeb8 kernel/rcu/tree_plugin.h:332 (P) __schedule+0x314/0x2d24 kernel/sched/core.c:7043 __schedule_loop kernel/sched/core.c:7267 [inline] schedule+0xa4/0x140 kernel/sched/core.c:7282 __exit_to_user_mode_loop kernel/entry/common.c:54 [inline] exit_to_user_mode_loop+0x60/0x17c kernel/entry/common.c:98 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline] exit_to_user_mode_prepare_legacy include/linux/irq-entry-common.h:224 [inline] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:86 [inline] el0_interrupt+0x190/0x2ac arch/arm64/kernel/entry-common.c:818 __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:823 el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:828 el0t_64_irq+0x198/0x19c arch/arm64/kernel/entry.S:595 irq event stamp: 234 hardirqs last enabled at (233): [] memcg1_commit_charge+0xc0/0x12c mm/memcontrol-v1.c:603 hardirqs last disabled at (234): [] arm64_exit_to_user_mode arch/arm64/kernel/entry-common.c:85 [inline] hardirqs last disabled at (234): [] el0_da+0x78/0x23c arch/arm64/kernel/entry-common.c:540 softirqs last enabled at (216): [] local_bh_enable+0x10/0x34 include/linux/bottom_half.h:32 softirqs last disabled at (214): [] local_bh_disable+0x10/0x34 include/linux/bottom_half.h:19 ---[ end trace 0000000000000000 ]--- BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:323 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4652, name: dhcpcd-run-hook preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 INFO: lockdep is turned off. CPU: 0 UID: 0 PID: 4652 Comm: dhcpcd-run-hook Tainted: G W syzkaller #0 PREEMPT Tainted: [W]=WARN Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 Call trace: show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:499 (C) __dump_stack+0x30/0x40 lib/dump_stack.c:94 dump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120 dump_stack+0x1c/0x28 lib/dump_stack.c:129 __might_resched+0x350/0x4ac kernel/sched/core.c:9162 __might_sleep+0x84/0xdc kernel/sched/core.c:9091 might_alloc include/linux/sched/mm.h:323 [inline] prepare_alloc_pages+0x178/0x4b0 mm/page_alloc.c:4995 __alloc_frozen_pages_noprof+0x134/0x31c mm/page_alloc.c:5215 alloc_pages_mpol+0x1ec/0x464 mm/mempolicy.c:2490 folio_alloc_mpol_noprof+0x4c/0x248 mm/mempolicy.c:2509 vma_alloc_folio_noprof+0xfc/0x1d8 mm/mempolicy.c:2544 folio_prealloc+0x5c/0x1b0 mm/memory.c:1193 wp_page_copy mm/memory.c:3859 [inline] do_wp_page+0xf9c/0x3fe8 mm/memory.c:4320 handle_pte_fault mm/memory.c:6427 [inline] __handle_mm_fault mm/memory.c:6549 [inline] handle_mm_fault+0x10d0/0x2450 mm/memory.c:6718 do_page_fault+0x768/0xb64 arch/arm64/mm/fault.c:704 do_mem_abort+0x70/0x190 arch/arm64/mm/fault.c:980 el0_da+0x68/0x23c arch/arm64/kernel/entry-common.c:539 el0t_64_sync_handler+0x10c/0x148 arch/arm64/kernel/entry-common.c:745 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594