program: timer_create(0x3, 0x0, &(0x7f0000001400)=0x0) timer_settime(r0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}}, 0x0) unshare(0x40000000) [ 58.337990][ C0] [ 58.339653][ C0] ============================= [ 58.342662][ C0] [ BUG: Invalid wait context ] [ 58.345860][ C0] 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 Not tainted [ 58.349868][ C0] ----------------------------- [ 58.351774][ C0] syz.0.0/5320 is trying to lock: [ 58.353639][ C0] ffff88805ffd7298 (&zone->lock){..-.}-{3:3}, at: get_page_from_freelist+0xb3d/0x37a0 [ 58.357218][ C0] other info that might help us debug this: [ 58.359388][ C0] context-{2:2} [ 58.360747][ C0] 3 locks held by syz.0.0/5320: [ 58.362620][ C0] #0: ffffffff8fcb8e90 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x328/0x570 [ 58.366263][ C0] #1: ffffffff8f09eb00 (fill_pool_map-wait-type-override){+.+.}-{4:4}, at: __debug_object_init+0x389/0x470 [ 58.370544][ C0] #2: ffff88801fc44ad8 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d3/0x37a0 [ 58.374140][ C0] stack backtrace: [ 58.375537][ C0] CPU: 0 UID: 0 PID: 5320 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-04541-gdf60eac9efe8 #0 [ 58.375549][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.375555][ C0] Call Trace: [ 58.375562][ C0] [ 58.375567][ C0] dump_stack_lvl+0x241/0x360 [ 58.375585][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 58.375598][ C0] ? __pfx__printk+0x10/0x10 [ 58.375614][ C0] ? __find_rr_leaf+0x747/0x8e0 [ 58.375630][ C0] __lock_acquire+0x15a8/0x2100 [ 58.375645][ C0] lock_acquire+0x1ed/0x550 [ 58.375655][ C0] ? get_page_from_freelist+0xb3d/0x37a0 [ 58.375667][ C0] ? stack_trace_save+0x118/0x1d0 [ 58.375678][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 58.375688][ C0] ? __asan_memset+0x23/0x50 [ 58.375697][ C0] ? validate_chain+0x11e/0x5920 [ 58.375710][ C0] ? validate_chain+0x11e/0x5920 [ 58.375723][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 58.375735][ C0] ? get_page_from_freelist+0xb3d/0x37a0 [ 58.375745][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 58.375758][ C0] get_page_from_freelist+0xb3d/0x37a0 [ 58.375780][ C0] __alloc_pages_noprof+0x292/0x710 [ 58.375790][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 58.375801][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 58.375812][ C0] ? __kernel_text_address+0xd/0x40 [ 58.375824][ C0] ? unwind_get_return_address+0x4d/0x90 [ 58.375837][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 58.375852][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 58.375864][ C0] ? stack_trace_save+0x118/0x1d0 [ 58.375873][ C0] ? alloc_pages_noprof+0x43/0x170 [ 58.375886][ C0] stack_depot_save_flags+0x72d/0x940 [ 58.375897][ C0] kasan_save_stack+0x4f/0x60 [ 58.375908][ C0] ? kasan_save_stack+0x3f/0x60 [ 58.375916][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 58.375925][ C0] ? task_work_add+0xd9/0x490 [ 58.375936][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 58.375949][ C0] ? tick_nohz_handler+0x37c/0x500 [ 58.375957][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 58.375969][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 58.375981][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 58.375992][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 58.376005][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 58.376016][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 58.376027][ C0] ? __rmqueue_pcplist+0x21fd/0x2a90 [ 58.376036][ C0] ? get_page_from_freelist+0x886/0x37a0 [ 58.376046][ C0] ? __alloc_pages_noprof+0x292/0x710 [ 58.376055][ C0] ? alloc_pages_mpol_noprof+0x3e1/0x780 [ 58.376066][ C0] ? stack_depot_save_flags+0x72d/0x940 [ 58.376075][ C0] ? kasan_save_track+0x51/0x80 [ 58.376084][ C0] ? __kasan_slab_alloc+0x66/0x80 [ 58.376095][ C0] ? kmem_cache_alloc_noprof+0x1d9/0x380 [ 58.376106][ C0] ? fill_pool+0x260/0x680 [ 58.376114][ C0] ? __debug_object_init+0x3b2/0x470 [ 58.376126][ C0] ? init_timer_key+0x38/0x320 [ 58.376134][ C0] ? inet_csk_init_xmit_timers+0x66/0xf0 [ 58.376146][ C0] ? dccp_init_sock+0x203/0x380 [ 58.376157][ C0] ? dccp_v4_init_sock+0x1d/0x90 [ 58.376166][ C0] ? inet_create+0xb95/0xea0 [ 58.376177][ C0] ? __sock_create+0x4c0/0xa30 [ 58.376191][ C0] ? inet_ctl_sock_create+0xc2/0x250 [ 58.376201][ C0] ? ops_init+0x31e/0x590 [ 58.376210][ C0] ? setup_net+0x287/0x9e0 [ 58.376222][ C0] ? copy_net_ns+0x33f/0x570 [ 58.376233][ C0] ? create_new_namespaces+0x425/0x7b0 [ 58.376242][ C0] ? unshare_nsproxy_namespaces+0x124/0x180 [ 58.376251][ C0] ? ksys_unshare+0x57d/0xa70 [ 58.376260][ C0] ? __x64_sys_unshare+0x38/0x40 [ 58.376270][ C0] ? do_syscall_64+0xf3/0x230 [ 58.376278][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.376292][ C0] ? __phys_addr+0xba/0x170 [ 58.376304][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 58.376313][ C0] task_work_add+0xd9/0x490 [ 58.376324][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 58.376334][ C0] ? __pfx_task_work_add+0x10/0x10 [ 58.376348][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 58.376363][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 58.376375][ C0] ? sched_balance_trigger+0x51/0x890 [ 58.376387][ C0] tick_nohz_handler+0x37c/0x500 [ 58.376397][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 58.376405][ C0] __hrtimer_run_queues+0x551/0xd30 [ 58.376420][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 58.376431][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 58.376444][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 58.376457][ C0] hrtimer_interrupt+0x403/0xa40 [ 58.376474][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 58.376485][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 58.376497][ C0] [ 58.376501][ C0] [ 58.376504][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 58.376515][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 58.376529][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 be 50 2f f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 73 00 97 f5 65 8b 05 e4 24 2d 74 85 c0 74 43 48 c7 04 24 0e 36 [ 58.376537][ C0] RSP: 0018:ffffc9000d436d20 EFLAGS: 00000206 [ 58.376547][ C0] RAX: 47c6a7880a56b000 RBX: 1ffff92001a86da8 RCX: ffffffff817b5ada [ 58.376553][ C0] RDX: dffffc0000000000 RSI: ffffffff8c0a9420 RDI: 0000000000000001 [ 58.376559][ C0] RBP: ffffc9000d436db8 R08: ffffffff942f5847 R09: 1ffffffff285eb08 [ 58.376566][ C0] R10: dffffc0000000000 R11: fffffbfff285eb09 R12: dffffc0000000000 [ 58.376573][ C0] R13: 1ffff92001a86da4 R14: ffffc9000d436d40 R15: 0000000000000246 [ 58.376581][ C0] ? mark_lock+0x9a/0x360 [ 58.376595][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 58.376617][ C0] __rmqueue_pcplist+0x21fd/0x2a90 [ 58.376629][ C0] ? __pfx_validate_chain+0x10/0x10 [ 58.376648][ C0] get_page_from_freelist+0x886/0x37a0 [ 58.376669][ C0] __alloc_pages_noprof+0x292/0x710 [ 58.376680][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 58.376690][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 58.376702][ C0] ? kernel_text_address+0xa7/0xe0 [ 58.376715][ C0] ? arch_stack_walk+0xfd/0x150 [ 58.376727][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 58.376741][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 58.376753][ C0] ? stack_trace_save+0x118/0x1d0 [ 58.376762][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 58.376771][ C0] ? alloc_pages_noprof+0xef/0x170 [ 58.376783][ C0] ? fill_pool+0x260/0x680 [ 58.376791][ C0] stack_depot_save_flags+0x72d/0x940 [ 58.376802][ C0] ? fill_pool+0x260/0x680 [ 58.376810][ C0] kasan_save_track+0x51/0x80 [ 58.376819][ C0] ? kasan_save_track+0x3f/0x80 [ 58.376829][ C0] ? __kasan_slab_alloc+0x66/0x80 [ 58.376839][ C0] ? kmem_cache_alloc_noprof+0x1d9/0x380 [ 58.376851][ C0] ? fill_pool+0x260/0x680 [ 58.376858][ C0] ? __debug_object_init+0x3b2/0x470 [ 58.376869][ C0] ? init_timer_key+0x38/0x320 [ 58.376878][ C0] ? inet_csk_init_xmit_timers+0x66/0xf0 [ 58.376888][ C0] ? dccp_init_sock+0x203/0x380 [ 58.376898][ C0] ? dccp_v4_init_sock+0x1d/0x90 [ 58.376907][ C0] ? inet_create+0xb95/0xea0 [ 58.376916][ C0] ? __sock_create+0x4c0/0xa30 [ 58.376928][ C0] ? inet_ctl_sock_create+0xc2/0x250 [ 58.376939][ C0] ? ops_init+0x31e/0x590 [ 58.376947][ C0] ? setup_net+0x287/0x9e0 [ 58.376958][ C0] ? copy_net_ns+0x33f/0x570 [ 58.376969][ C0] ? create_new_namespaces+0x425/0x7b0 [ 58.376976][ C0] ? unshare_nsproxy_namespaces+0x124/0x180 [ 58.376985][ C0] ? ksys_unshare+0x57d/0xa70 [ 58.376993][ C0] ? __x64_sys_unshare+0x38/0x40 [ 58.377003][ C0] ? do_syscall_64+0xf3/0x230 [ 58.377011][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.377028][ C0] __kasan_slab_alloc+0x66/0x80 [ 58.377038][ C0] ? fill_pool+0x201/0x680 [ 58.377045][ C0] kmem_cache_alloc_noprof+0x1d9/0x380 [ 58.377059][ C0] fill_pool+0x260/0x680 [ 58.377068][ C0] ? __pfx_fill_pool_from_freelist+0x10/0x10 [ 58.377080][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 58.377092][ C0] ? __pfx_fill_pool+0x10/0x10 [ 58.377104][ C0] ? __pfx_dccp_delack_timer+0x10/0x10 [ 58.377115][ C0] ? __pfx_dccp_delack_timer+0x10/0x10 [ 58.377125][ C0] ? __debug_object_init+0x389/0x470 [ 58.377136][ C0] __debug_object_init+0x3b2/0x470 [ 58.377148][ C0] ? __asan_memset+0x23/0x50 [ 58.377156][ C0] ? lockdep_init_map_type+0xa1/0x910 [ 58.377165][ C0] ? __pfx___debug_object_init+0x10/0x10 [ 58.377177][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 58.377189][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 58.377200][ C0] ? __pfx_dccp_delack_timer+0x10/0x10 [ 58.377210][ C0] ? __pfx_dccp_delack_timer+0x10/0x10 [ 58.377220][ C0] init_timer_key+0x38/0x320 [ 58.377229][ C0] ? __pfx_dccp_write_timer+0x10/0x10 [ 58.377239][ C0] ? __pfx_dccp_keepalive_timer+0x10/0x10 [ 58.377249][ C0] ? __pfx_dccp_delack_timer+0x10/0x10 [ 58.377260][ C0] inet_csk_init_xmit_timers+0x66/0xf0 [ 58.377270][ C0] dccp_init_sock+0x203/0x380 [ 58.377280][ C0] dccp_v4_init_sock+0x1d/0x90 [ 58.377290][ C0] inet_create+0xb95/0xea0 [ 58.377300][ C0] ? inet_create+0x94/0xea0 [ 58.377312][ C0] __sock_create+0x4c0/0xa30 [ 58.377327][ C0] inet_ctl_sock_create+0xc2/0x250 [ 58.377339][ C0] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 58.377350][ C0] ? net_generic+0x1f/0x240 [ 58.377359][ C0] ? net_generic+0x1f0/0x240 [ 58.377368][ C0] ops_init+0x31e/0x590 [ 58.377376][ C0] ? lockdep_init_map_type+0xa1/0x910 [ 58.377388][ C0] setup_net+0x287/0x9e0 [ 58.377400][ C0] ? __pfx_down_read_killable+0x10/0x10 [ 58.377410][ C0] ? __pfx_setup_net+0x10/0x10 [ 58.377425][ C0] copy_net_ns+0x33f/0x570 [ 58.377438][ C0] create_new_namespaces+0x425/0x7b0 [ 58.377451][ C0] unshare_nsproxy_namespaces+0x124/0x180 [ 58.377462][ C0] ksys_unshare+0x57d/0xa70 [ 58.377474][ C0] ? __pfx_ksys_unshare+0x10/0x10 [ 58.377484][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 58.377496][ C0] ? do_syscall_64+0x100/0x230 [ 58.377505][ C0] __x64_sys_unshare+0x38/0x40 [ 58.377515][ C0] do_syscall_64+0xf3/0x230 [ 58.377525][ C0] ? clear_bhb_loop+0x35/0x90 [ 58.377535][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.377545][ C0] RIP: 0033:0x7f8148985d29 [ 58.377555][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.377562][ C0] RSP: 002b:00007f8149826038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 58.377572][ C0] RAX: ffffffffffffffda RBX: 00007f8148b75fa0 RCX: 00007f8148985d29 [ 58.377579][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 58.377584][ C0] RBP: 00007f8148a01b08 R08: 0000000000000000 R09: 0000000000000000 [ 58.377590][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.377595][ C0] R13: 0000000000000000 R14: 00007f8148b75fa0 R15: 00007ffdf9ea2558 [ 58.377614][ C0] [ 58.773016][ T4672] Bluetooth: hci0: command tx timeout