=============================
[ BUG: Invalid wait context ]
6.12.0-rc6-next-20241108-syzkaller #0 Not tainted
-----------------------------
syz.4.319/7686 is trying to lock:
ffff8880b873a970 (batched_entropy_u8.lock){..-.}-{3:3}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b873a970 (batched_entropy_u8.lock){..-.}-{3:3}, at: get_random_u8+0x1a0/0xaa0 drivers/char/random.c:551
other info that might help us debug this:
context-{2:2}
no locks held by syz.4.319/7686.
stack backtrace:
CPU: 1 UID: 0 PID: 7686 Comm: syz.4.319 Not tainted 6.12.0-rc6-next-20241108-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
Call Trace:
<IRQ>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
check_wait_context kernel/locking/lockdep.c:4898 [inline]
__lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5176
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
get_random_u8+0x1bd/0xaa0 drivers/char/random.c:551
get_random_u32_below include/linux/random.h:78 [inline]
kfence_guarded_alloc+0x9c/0xcd0 mm/kfence/core.c:421
__kfence_alloc+0x344/0x370 mm/kfence/core.c:1136
kfence_alloc include/linux/kfence.h:129 [inline]
slab_alloc_node mm/slub.c:4137 [inline]
__kmalloc_cache_noprof+0x2dd/0x390 mm/slub.c:4309
kmalloc_noprof include/linux/slab.h:901 [inline]
add_stack_record_to_list mm/page_owner.c:172 [inline]
inc_stack_record_count mm/page_owner.c:214 [inline]
__set_page_owner+0x55f/0x800 mm/page_owner.c:329
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556
prep_new_page mm/page_alloc.c:1564 [inline]
get_page_from_freelist+0x3725/0x3870 mm/page_alloc.c:3510
__alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4786
alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
stack_depot_save_flags+0x666/0x830 lib/stackdepot.c:627
kasan_save_stack+0x4f/0x60 mm/kasan/common.c:48
__kasan_record_aux_stack+0xac/0xc0 mm/kasan/generic.c:544
task_work_add+0xd9/0x490 kernel/task_work.c:77
__run_posix_cpu_timers kernel/time/posix-cpu-timers.c:1223 [inline]
run_posix_cpu_timers+0x6ac/0x810 kernel/time/posix-cpu-timers.c:1422
tick_sched_handle kernel/time/tick-sched.c:276 [inline]
tick_nohz_handler+0x37c/0x500 kernel/time/tick-sched.c:297
__run_hrtimer kernel/time/hrtimer.c:1739 [inline]
__hrtimer_run_queues+0x551/0xd50 kernel/time/hrtimer.c:1803
hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
__sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 kernel/locking/spinlock.c:194
Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ee 14 43 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 43 99 a6 f5 65 8b 05 64 f3 3c 74 85 c0 74 43 48 c7 04 24 0e 36
RSP: 0018:ffffc900032efc60 EFLAGS: 00000206
RAX: 92c7e75658265800 RBX: 1ffff9200065df90 RCX: ffffffff9a3bf903
RDX: dffffc0000000000 RSI: ffffffff8c0ad880 RDI: 0000000000000001
RBP: ffffc900032efcf0 R08: ffffffff901c8877 R09: 1ffffffff203910e
R10: dffffc0000000000 R11: fffffbfff203910f R12: dffffc0000000000
R13: 1ffff9200065df8c R14: ffffc900032efc80 R15: 0000000000000246
spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
unlock_timer kernel/time/posix-timers.c:128 [inline]
do_timer_settime+0x37f/0x3e0 kernel/time/posix-timers.c:908
__do_sys_timer_settime kernel/time/posix-timers.c:928 [inline]
__se_sys_timer_settime kernel/time/posix-timers.c:914 [inline]
__x64_sys_timer_settime+0x19e/0x240 kernel/time/posix-timers.c:914
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa02eb7e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa02cff6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000df
RAX: ffffffffffffffda RBX: 00007fa02ed35f80 RCX: 00007fa02eb7e719
RDX: 0000000020000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 00007fa02ebf1616 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fa02ed35f80 R15: 00007ffd59aaea38
</TASK>
----------------
Code disassembly (best guess):
0: 9c pushf
1: 8f 44 24 20 pop 0x20(%rsp)
5: 42 80 3c 23 00 cmpb $0x0,(%rbx,%r12,1)
a: 74 08 je 0x14
c: 4c 89 f7 mov %r14,%rdi
f: e8 ee 14 43 f6 call 0xf6431502
14: f6 44 24 21 02 testb $0x2,0x21(%rsp)
19: 75 52 jne 0x6d
1b: 41 f7 c7 00 02 00 00 test $0x200,%r15d
22: 74 01 je 0x25
24: fb sti
25: bf 01 00 00 00 mov $0x1,%edi
* 2a: e8 43 99 a6 f5 call 0xf5a69972 <-- trapping instruction
2f: 65 8b 05 64 f3 3c 74 mov %gs:0x743cf364(%rip),%eax # 0x743cf39a
36: 85 c0 test %eax,%eax
38: 74 43 je 0x7d
3a: 48 rex.W
3b: c7 .byte 0xc7
3c: 04 24 add $0x24,%al
3e: 0e (bad)
3f: 36 ss