=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G L
-----------------------------
dhcpcd-run-hook/10741 is trying to lock:
ffff88802caf12e0 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1820
other info that might help us debug this:
context-{2:2}
3 locks held by dhcpcd-run-hook/10741:
#0: ffff88802628d900 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock include/linux/mmap_lock.h:335 [inline]
#0: ffff88802628d900 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x1c2/0xae0 mm/mmap.c:1285
#1: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
#1: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
#1: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
#1: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x1ea0 arch/x86/kernel/unwind_orc.c:495
#2: ffff88802caf1838 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:185 [inline]
#2: ffff88802caf1838 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:277 [inline]
#2: ffff88802caf1838 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x245/0xe80 arch/x86/kvm/xen.c:1818
stack backtrace:
CPU: 2 UID: 0 PID: 10741 Comm: dhcpcd-run-hook Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
check_wait_context kernel/locking/lockdep.c:4902 [inline]
__lock_acquire+0xfa4/0x2630 kernel/locking/lockdep.c:5187
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x17c/0x330 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
_raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1820
xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
__run_hrtimer kernel/time/hrtimer.c:1777 [inline]
__hrtimer_run_queues+0x1ad/0x990 kernel/time/hrtimer.c:1841
hrtimer_interrupt+0x397/0x8c0 kernel/time/hrtimer.c:1903
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
__sysvec_apic_timer_interrupt+0x109/0x3c0 arch/x86/kernel/apic/apic.c:1062
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__orc_find+0x8e/0xf0 arch/x86/kernel/unwind_orc.c:107
Code: 00 48 89 da 48 c1 ea 03 0f b6 34 0a 48 89 da 83 e2 07 83 c2 03 40 38 f2 7c 05 40 84 f6 75 4b 48 63 13 48 01 da 49 39 d5 73 af <4c> 8d 63 fc 49 39 ec 73 b2 4d 29 f7 49 c1 ff 02 4b 8d 14 7f 48 8d
RSP: 0018:ffffc90005f4f580 EFLAGS: 00000287
RAX: ffffffff91556e26 RBX: ffffffff90cf80bc RCX: dffffc0000000000
RDX: ffffffff81c4ec13 RSI: 0000000000000000 RDI: ffffffff90cf80b0
RBP: ffffffff90cf80b0 R08: ffffffff91556e86 R09: 0000000000000007
R10: 0000000000000200 R11: 000000000000c4ec R12: ffffffff90cf80c8
R13: ffffffff81c4ec06 R14: ffffffff90cf80b0 R15: ffffffff90cf80b0
orc_find arch/x86/kernel/unwind_orc.c:238 [inline]
unwind_next_frame+0x2ec/0x1ea0 arch/x86/kernel/unwind_orc.c:510
arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
kasan_save_track+0x14/0x30 mm/kasan/common.c:78
kasan_save_free_info+0x3b/0x70 mm/kasan/generic.c:584
poison_slab_object mm/kasan/common.c:253 [inline]
__kasan_slab_free+0x5f/0x80 mm/kasan/common.c:285
kasan_slab_free include/linux/kasan.h:235 [inline]
slab_free_hook mm/slub.c:2540 [inline]
slab_free mm/slub.c:6674 [inline]
kmem_cache_free+0x143/0x720 mm/slub.c:6785
anon_vma_chain_free mm/rmap.c:146 [inline]
unlink_anon_vmas+0x458/0x810 mm/rmap.c:446
free_pgtables+0x20b/0xbc0 mm/memory.c:414
exit_mmap+0x3bd/0xae0 mm/mmap.c:1288
__mmput+0x12a/0x410 kernel/fork.c:1173
mmput+0x67/0x80 kernel/fork.c:1196
exit_mm kernel/exit.c:581 [inline]
do_exit+0x78a/0x2a30 kernel/exit.c:959
do_group_exit+0xd5/0x2a0 kernel/exit.c:1112
__do_sys_exit_group kernel/exit.c:1123 [inline]
__se_sys_exit_group kernel/exit.c:1121 [inline]
__x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1121
x64_sys_call+0x14fd/0x1510 arch/x86/include/generated/asm/syscalls_64.h:232
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd531f616c5
Code: Unable to access opcode bytes at 0x7fd531f6169b.
RSP: 002b:00007ffd7f8cac38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00005586856842c0 RCX: 00007fd531f616c5
RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000
RBP: 00007ffd7f8caf68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd7f8caf60
R13: 00007ffd7f8caf70 R14: 00007fd532171000 R15: 0000558653bc8d98
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 48 89 da mov %rbx,%rdx
3: 48 c1 ea 03 shr $0x3,%rdx
7: 0f b6 34 0a movzbl (%rdx,%rcx,1),%esi
b: 48 89 da mov %rbx,%rdx
e: 83 e2 07 and $0x7,%edx
11: 83 c2 03 add $0x3,%edx
14: 40 38 f2 cmp %sil,%dl
17: 7c 05 jl 0x1e
19: 40 84 f6 test %sil,%sil
1c: 75 4b jne 0x69
1e: 48 63 13 movslq (%rbx),%rdx
21: 48 01 da add %rbx,%rdx
24: 49 39 d5 cmp %rdx,%r13
27: 73 af jae 0xffffffd8
* 29: 4c 8d 63 fc lea -0x4(%rbx),%r12 <-- trapping instruction
2d: 49 39 ec cmp %rbp,%r12
30: 73 b2 jae 0xffffffe4
32: 4d 29 f7 sub %r14,%r15
35: 49 c1 ff 02 sar $0x2,%r15
39: 4b 8d 14 7f lea (%r15,%r15,2),%rdx
3d: 48 rex.W
3e: 8d .byte 0x8d