=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G             L     
-----------------------------
dhcpcd/5643 is trying to lock:
ffff8880429a92e0 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1820
other info that might help us debug this:
context-{2:2}
5 locks held by dhcpcd/5643:
 #0: ffffffff8e718050 (dup_mmap_sem){++++}-{0:0}, at: dup_mm kernel/fork.c:1528 [inline]
 #0: ffffffff8e718050 (dup_mmap_sem){++++}-{0:0}, at: copy_mm kernel/fork.c:1581 [inline]
 #0: ffffffff8e718050 (dup_mmap_sem){++++}-{0:0}, at: copy_process+0x7446/0x7890 kernel/fork.c:2221
 #1: ffff8881036aa800 (&mm->mmap_lock){++++}-{4:4}, at: mmap_write_lock_killable include/linux/mmap_lock.h:353 [inline]
 #1: ffff8881036aa800 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0xf7/0x1e20 mm/mmap.c:1726
 #2: ffff888044032800 (&mm->mmap_lock/1){+.+.}-{4:4}, at: mmap_write_lock_nested include/linux/mmap_lock.h:343 [inline]
 #2: ffff888044032800 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x192/0x1e20 mm/mmap.c:1733
 #3: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:331 [inline]
 #3: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:867 [inline]
 #3: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: class_rcu_constructor include/linux/rcupdate.h:1195 [inline]
 #3: ffffffff8e5e32e0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x1ea0 arch/x86/kernel/unwind_orc.c:495
 #4: ffff8880429a9838 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:185 [inline]
 #4: ffff8880429a9838 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:277 [inline]
 #4: ffff8880429a9838 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x245/0xe80 arch/x86/kvm/xen.c:1818
stack backtrace:
CPU: 2 UID: 0 PID: 5643 Comm: dhcpcd Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
 check_wait_context kernel/locking/lockdep.c:4902 [inline]
 __lock_acquire+0xfa4/0x2630 kernel/locking/lockdep.c:5187
 lock_acquire kernel/locking/lockdep.c:5868 [inline]
 lock_acquire+0x17c/0x330 kernel/locking/lockdep.c:5825
 __raw_read_lock_irqsave include/linux/rwlock_api_smp.h:160 [inline]
 _raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
 kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1820
 xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
 __run_hrtimer kernel/time/hrtimer.c:1777 [inline]
 __hrtimer_run_queues+0x1ad/0x990 kernel/time/hrtimer.c:1841
 hrtimer_interrupt+0x397/0x8c0 kernel/time/hrtimer.c:1903
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
 __sysvec_apic_timer_interrupt+0x109/0x3c0 arch/x86/kernel/apic/apic.c:1062
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:unwind_next_frame+0xba2/0x1ea0 arch/x86/kernel/unwind_orc.c:607
Code: 3c 02 00 0f 85 ba 0e 00 00 49 8d 7d 58 49 c7 45 50 00 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 <0f> 85 75 0e 00 00 4c 89 c0 49 c7 45 58 00 00 00 00 48 ba 00 00 00
RSP: 0018:ffffc900034af118 EFLAGS: 00000246
RAX: dffffc0000000000 RBX: 0000000000000001 RCX: ffffffff9161b2a8
RDX: 1ffff92000695e3c RSI: 1ffff92000695e3a RDI: ffffc900034af1e0
RBP: ffffc900034af1d0 R08: ffffffff9161b2ac R09: 0000000000000007
R10: 0000000000000200 R11: 00000000000157fc R12: ffffc900034af1d8
R13: ffffc900034af188 R14: ffffc900034af5a0 R15: ffffc900034af1bc
 arch_stack_walk+0x94/0xf0 arch/x86/kernel/stacktrace.c:25
 stack_trace_save+0x8e/0xc0 kernel/stacktrace.c:122
 kasan_save_stack+0x30/0x50 mm/kasan/common.c:57
 kasan_save_track+0x14/0x30 mm/kasan/common.c:78
 unpoison_slab_object mm/kasan/common.c:340 [inline]
 __kasan_slab_alloc+0x89/0x90 mm/kasan/common.c:366
 kasan_slab_alloc include/linux/kasan.h:253 [inline]
 slab_post_alloc_hook mm/slub.c:4953 [inline]
 slab_alloc_node mm/slub.c:5263 [inline]
 kmem_cache_alloc_noprof+0x2ad/0x780 mm/slub.c:5270
 ptlock_alloc+0x1f/0x70 mm/memory.c:7380
 ptlock_init include/linux/mm.h:3284 [inline]
 pagetable_pte_ctor include/linux/mm.h:3338 [inline]
 __pte_alloc_one_noprof include/asm-generic/pgalloc.h:79 [inline]
 pte_alloc_one+0x84/0x3e0 arch/x86/mm/pgtable.c:18
 __pte_alloc+0x6d/0x3f0 mm/memory.c:453
 copy_pte_range mm/memory.c:1237 [inline]
 copy_pmd_range mm/memory.c:1392 [inline]
 copy_pud_range mm/memory.c:1429 [inline]
 copy_p4d_range mm/memory.c:1453 [inline]
 copy_page_range+0x3f17/0x6ba0 mm/memory.c:1539
 dup_mmap+0xbea/0x1e20 mm/mmap.c:1827
 dup_mm kernel/fork.c:1529 [inline]
 copy_mm kernel/fork.c:1581 [inline]
 copy_process+0x7451/0x7890 kernel/fork.c:2221
 kernel_clone+0xfc/0x930 kernel/fork.c:2651
 __do_sys_clone+0xd9/0x120 kernel/fork.c:2792
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xc9/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f770d0bf636
Code: 89 df e8 6d e8 f6 ff 45 31 c0 31 d2 31 f6 64 48 8b 04 25 10 00 00 00 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 52 89 c5 85 c0 75 31 64 48 8b 04 25 10 00 00
RSP: 002b:00007ffc3c516a50 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
RAX: ffffffffffffffda RBX: 00007ffc3c516a58 RCX: 00007f770d0bf636
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
RBP: 00007ffc3c536fa0 R08: 0000000000000000 R09: 0000000000000001
R10: 00007f770cfeba10 R11: 0000000000000246 R12: 00007ffc3c516b90
R13: 0000000000000000 R14: 0000000000000000 R15: 00005592a64c3ac0
 </TASK>
----------------
Code disassembly (best guess):
   0:	3c 02                	cmp    $0x2,%al
   2:	00 0f                	add    %cl,(%rdi)
   4:	85 ba 0e 00 00 49    	test   %edi,0x4900000e(%rdx)
   a:	8d 7d 58             	lea    0x58(%rbp),%edi
   d:	49 c7 45 50 00 00 00 	movq   $0x0,0x50(%r13)
  14:	00
  15:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  1c:	fc ff df
  1f:	48 89 fa             	mov    %rdi,%rdx
  22:	48 c1 ea 03          	shr    $0x3,%rdx
  26:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
* 2a:	0f 85 75 0e 00 00    	jne    0xea5 <-- trapping instruction
  30:	4c 89 c0             	mov    %r8,%rax
  33:	49 c7 45 58 00 00 00 	movq   $0x0,0x58(%r13)
  3a:	00
  3b:	48                   	rex.W
  3c:	ba                   	.byte 0xba
  3d:	00 00                	add    %al,(%rax)