=============================
[ BUG: Invalid wait context ]
syzkaller #0 Tainted: G L
-----------------------------
kworker/1:4/6012 is trying to lock:
ffff88803e3192e0 (&gpc->lock){....}-{3:3}, at: kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1819
other info that might help us debug this:
context-{2:2}
6 locks held by kworker/1:4/6012:
#0: ffff88801f6ce948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 kernel/workqueue.c:3251
#1: ffffc900047a7d08 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 kernel/workqueue.c:3252
#2: ffff88802d78e1e0 (&dev->mutex){....}-{4:4}, at: device_lock include/linux/device.h:949 [inline]
#2: ffff88802d78e1e0 (&dev->mutex){....}-{4:4}, at: hub_event+0x1bd/0x4af0 drivers/usb/core/hub.c:5899
#3: ffffffff8e7d3e80 (console_lock){+.+.}-{0:0}, at: dev_vprintk_emit+0x394/0x3e0 drivers/base/core.c:4915
#4: ffffffff8e7d3ef8 (console_srcu){....}-{0:0}, at: rcu_try_lock_acquire include/linux/rcupdate.h:317 [inline]
#4: ffffffff8e7d3ef8 (console_srcu){....}-{0:0}, at: srcu_read_lock_nmisafe include/linux/srcu.h:428 [inline]
#4: ffffffff8e7d3ef8 (console_srcu){....}-{0:0}, at: console_srcu_read_lock kernel/printk/printk.c:291 [inline]
#4: ffffffff8e7d3ef8 (console_srcu){....}-{0:0}, at: console_flush_one_record+0xfd/0xe50 kernel/printk/printk.c:3246
#5: ffff88803e319840 (&kvm->srcu){.?.+}-{0:0}, at: srcu_lock_acquire include/linux/srcu.h:187 [inline]
#5: ffff88803e319840 (&kvm->srcu){.?.+}-{0:0}, at: srcu_read_lock include/linux/srcu.h:294 [inline]
#5: ffff88803e319840 (&kvm->srcu){.?.+}-{0:0}, at: kvm_xen_set_evtchn_fast+0x245/0xe80 arch/x86/kvm/xen.c:1817
stack backtrace:
CPU: 1 UID: 0 PID: 6012 Comm: kworker/1:4 Tainted: G L syzkaller #0 PREEMPT(full)
Tainted: [L]=SOFTLOCKUP
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
Workqueue: usb_hub_wq hub_event
Call Trace:
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x100/0x190 lib/dump_stack.c:120
print_lock_invalid_wait_context kernel/locking/lockdep.c:4830 [inline]
check_wait_context kernel/locking/lockdep.c:4902 [inline]
__lock_acquire+0xfa4/0x2630 kernel/locking/lockdep.c:5187
lock_acquire kernel/locking/lockdep.c:5868 [inline]
lock_acquire+0x1cf/0x380 kernel/locking/lockdep.c:5825
__raw_read_lock_irqsave include/linux/rwlock_api_smp.h:172 [inline]
_raw_read_lock_irqsave+0x46/0x90 kernel/locking/spinlock.c:236
kvm_xen_set_evtchn_fast+0x253/0xe80 arch/x86/kvm/xen.c:1819
xen_timer_callback+0x1db/0x2a0 arch/x86/kvm/xen.c:140
__run_hrtimer kernel/time/hrtimer.c:1785 [inline]
__hrtimer_run_queues+0x1ad/0xa70 kernel/time/hrtimer.c:1849
hrtimer_interrupt+0x397/0x8c0 kernel/time/hrtimer.c:1911
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1045 [inline]
__sysvec_apic_timer_interrupt+0x109/0x490 arch/x86/kernel/apic/apic.c:1062
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
sysvec_apic_timer_interrupt+0x9e/0xc0 arch/x86/kernel/apic/apic.c:1056
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:console_flush_one_record+0xac3/0xe50 kernel/printk/printk.c:3270
Code: 00 e8 01 54 29 00 9c 5d 81 e5 00 02 00 00 31 ff 48 89 ee e8 af 4f 21 00 48 85 ed 0f 85 d7 01 00 00 e8 c1 54 21 00 fb 4c 89 e8 <48> c1 e8 03 42 80 3c 38 00 0f 85 64 03 00 00 48 8b 0c 24 48 8b 6b
RSP: 0018:ffffc900047a70b0 EFLAGS: 00000287
RAX: ffffffff8f513e58 RBX: ffffffff8f513e00 RCX: ffffc9002fb2a000
RDX: 0000000000100000 RSI: ffffffff81e7a85f RDI: ffff888036ed8000
RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000012a6
R13: ffffffff8f513e58 R14: ffffc900047a7130 R15: dffffc0000000000
console_flush_all kernel/printk/printk.c:3343 [inline]
__console_flush_and_unlock kernel/printk/printk.c:3373 [inline]
console_unlock+0x103/0x260 kernel/printk/printk.c:3413
vprintk_emit+0x407/0x6b0 kernel/printk/printk.c:2479
dev_vprintk_emit+0x394/0x3e0 drivers/base/core.c:4915
dev_printk_emit+0xd2/0x10d drivers/base/core.c:4926
__dev_printk+0xcb/0x100 drivers/base/core.c:4938
_dev_notice+0xef/0x130 drivers/base/core.c:4983
usb_parse_endpoint drivers/usb/core/config.c:490 [inline]
usb_parse_interface drivers/usb/core/config.c:636 [inline]
usb_parse_configuration drivers/usb/core/config.c:849 [inline]
usb_get_configuration.cold+0xe11/0x17d3 drivers/usb/core/config.c:1002
usb_enumerate_device drivers/usb/core/hub.c:2527 [inline]
usb_new_device+0x580/0x7d0 drivers/usb/core/hub.c:2665
hub_port_connect drivers/usb/core/hub.c:5567 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5707 [inline]
port_event drivers/usb/core/hub.c:5871 [inline]
hub_event+0x314d/0x4af0 drivers/usb/core/hub.c:5953
process_one_work+0xa23/0x19a0 kernel/workqueue.c:3276
process_scheduled_works kernel/workqueue.c:3359 [inline]
worker_thread+0x5ef/0xe50 kernel/workqueue.c:3440
kthread+0x370/0x450 kernel/kthread.c:436
ret_from_fork+0x754/0xd80 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
----------------
Code disassembly (best guess):
0: 00 e8 add %ch,%al
2: 01 54 29 00 add %edx,0x0(%rcx,%rbp,1)
6: 9c pushf
7: 5d pop %rbp
8: 81 e5 00 02 00 00 and $0x200,%ebp
e: 31 ff xor %edi,%edi
10: 48 89 ee mov %rbp,%rsi
13: e8 af 4f 21 00 call 0x214fc7
18: 48 85 ed test %rbp,%rbp
1b: 0f 85 d7 01 00 00 jne 0x1f8
21: e8 c1 54 21 00 call 0x2154e7
26: fb sti
27: 4c 89 e8 mov %r13,%rax
* 2a: 48 c1 e8 03 shr $0x3,%rax <-- trapping instruction
2e: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1)
33: 0f 85 64 03 00 00 jne 0x39d
39: 48 8b 0c 24 mov (%rsp),%rcx
3d: 48 rex.W
3e: 8b .byte 0x8b
3f: 6b .byte 0x6b