program: timer_create(0x3, 0x0, &(0x7f0000000100)=0x0) timer_settime(r0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) timer_gettime(r0, &(0x7f0000000000)) [ 69.084970][ T4681] Bluetooth: hci0: command tx timeout [ 69.212751][ C0] [ 69.213740][ C0] ============================= [ 69.215635][ C0] [ BUG: Invalid wait context ] [ 69.217492][ C0] 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 Not tainted [ 69.220135][ C0] ----------------------------- [ 69.222009][ C0] syz.0.0/5333 is trying to lock: [ 69.223963][ C0] ffff88801fc3a970 (batched_entropy_u8.lock){..-.}-{3:3}, at: get_random_u8+0x1a0/0xaa0 [ 69.227753][ C0] other info that might help us debug this: [ 69.230050][ C0] context-{2:2} [ 69.231389][ C0] no locks held by syz.0.0/5333. [ 69.233161][ C0] stack backtrace: [ 69.234612][ C0] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 69.238253][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.242263][ C0] Call Trace: [ 69.243641][ C0] [ 69.244784][ C0] dump_stack_lvl+0x241/0x360 [ 69.246628][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.248658][ C0] ? __pfx__printk+0x10/0x10 [ 69.250519][ C0] __lock_acquire+0x15a8/0x2100 [ 69.252381][ C0] lock_acquire+0x1ed/0x550 [ 69.254162][ C0] ? get_random_u8+0x1a0/0xaa0 [ 69.255999][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 69.257945][ C0] get_random_u8+0x1bd/0xaa0 [ 69.259721][ C0] ? get_random_u8+0x1a0/0xaa0 [ 69.261638][ C0] ? get_random_u8+0x1a0/0xaa0 [ 69.263510][ C0] ? __pfx_get_random_u8+0x10/0x10 [ 69.265452][ C0] ? is_bpf_text_address+0x285/0x2a0 [ 69.267503][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 69.269535][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 69.271941][ C0] ? kernel_text_address+0xa7/0xe0 [ 69.273875][ C0] ? __kernel_text_address+0xd/0x40 [ 69.275882][ C0] ? unwind_get_return_address+0x4d/0x90 [ 69.278049][ C0] ? arch_stack_walk+0xfd/0x150 [ 69.280101][ C0] kfence_guarded_alloc+0x9c/0xcd0 [ 69.282146][ C0] ? __pfx_kfence_guarded_alloc+0x10/0x10 [ 69.284315][ C0] ? __irq_work_queue_local+0x115/0x410 [ 69.286365][ C0] ? get_alloc_stack_hash+0x3c0/0x760 [ 69.288477][ C0] __kfence_alloc+0x344/0x370 [ 69.290254][ C0] ? __pfx___kfence_alloc+0x10/0x10 [ 69.292309][ C0] ? __kfence_alloc+0x274/0x370 [ 69.294208][ C0] ? __kmalloc_cache_noprof+0x237/0x2c0 [ 69.296367][ C0] ? __set_page_owner+0x55f/0x800 [ 69.298402][ C0] ? post_alloc_hook+0x1f3/0x230 [ 69.300343][ C0] ? get_page_from_freelist+0x3649/0x3790 [ 69.302566][ C0] ? __alloc_pages_noprof+0x292/0x710 [ 69.304579][ C0] ? alloc_pages_mpol_noprof+0x3e8/0x680 [ 69.306768][ C0] ? stack_depot_save_flags+0x666/0x830 [ 69.308889][ C0] ? kasan_save_stack+0x4f/0x60 [ 69.310844][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 69.312951][ C0] ? task_work_add+0xd9/0x490 [ 69.314841][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 69.316918][ C0] ? tick_nohz_handler+0x37c/0x500 [ 69.318965][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 69.321016][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 69.323030][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 69.325250][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 69.327338][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.329687][ C0] ? generic_exec_single+0x4f6/0x9b0 [ 69.331721][ C0] ? smp_call_function_single_async+0x83/0x110 [ 69.333946][ C0] ? rdmsr_safe_on_cpu+0x146/0x310 [ 69.335895][ C0] ? msr_read+0x15d/0x260 [ 69.337505][ C0] ? vfs_read+0x1fc/0xb70 [ 69.339073][ C0] ? ksys_read+0x18f/0x2b0 [ 69.340730][ C0] ? do_syscall_64+0xf3/0x230 [ 69.342612][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.344958][ C0] ? __pfx_lock_release+0x10/0x10 [ 69.346810][ C0] ? alloc_pages_mpol_noprof+0x3e8/0x680 [ 69.348743][ C0] ? kasan_save_stack+0x4f/0x60 [ 69.350481][ C0] ? task_work_add+0xd9/0x490 [ 69.352149][ C0] ? __set_page_owner+0x55f/0x800 [ 69.353921][ C0] __kmalloc_cache_noprof+0x237/0x2c0 [ 69.355802][ C0] __set_page_owner+0x55f/0x800 [ 69.357543][ C0] ? __pfx___set_page_owner+0x10/0x10 [ 69.359476][ C0] post_alloc_hook+0x1f3/0x230 [ 69.361355][ C0] get_page_from_freelist+0x3649/0x3790 [ 69.363722][ C0] __alloc_pages_noprof+0x292/0x710 [ 69.365738][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 69.367873][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 69.369882][ C0] ? kernel_text_address+0xa7/0xe0 [ 69.371761][ C0] ? arch_stack_walk+0xfd/0x150 [ 69.373606][ C0] alloc_pages_mpol_noprof+0x3e8/0x680 [ 69.375729][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 69.377930][ C0] ? stack_trace_save+0x118/0x1d0 [ 69.379789][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 69.381855][ C0] ? alloc_pages_noprof+0x43/0x170 [ 69.383850][ C0] stack_depot_save_flags+0x666/0x830 [ 69.385887][ C0] kasan_save_stack+0x4f/0x60 [ 69.387649][ C0] ? kasan_save_stack+0x3f/0x60 [ 69.389496][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 69.391577][ C0] ? task_work_add+0xd9/0x490 [ 69.393424][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 69.395396][ C0] ? tick_nohz_handler+0x37c/0x500 [ 69.397316][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 69.399320][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 69.401181][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 69.403390][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 69.405556][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.407803][ C0] ? generic_exec_single+0x4f6/0x9b0 [ 69.409748][ C0] ? smp_call_function_single_async+0x83/0x110 [ 69.412038][ C0] ? rdmsr_safe_on_cpu+0x146/0x310 [ 69.413803][ C0] ? msr_read+0x15d/0x260 [ 69.415348][ C0] ? vfs_read+0x1fc/0xb70 [ 69.416931][ C0] ? ksys_read+0x18f/0x2b0 [ 69.418585][ C0] ? do_syscall_64+0xf3/0x230 [ 69.420380][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.422709][ C0] ? __phys_addr+0xba/0x170 [ 69.424478][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 69.426512][ C0] task_work_add+0xd9/0x490 [ 69.428210][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 69.430264][ C0] ? __pfx_task_work_add+0x10/0x10 [ 69.432229][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 69.434157][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 69.436318][ C0] ? sched_balance_trigger+0x51/0x890 [ 69.438425][ C0] tick_nohz_handler+0x37c/0x500 [ 69.440317][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 69.442484][ C0] __hrtimer_run_queues+0x551/0xd50 [ 69.444485][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 69.446430][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 69.448207][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 69.450347][ C0] hrtimer_interrupt+0x403/0xa40 [ 69.452015][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 69.454114][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 69.456109][ C0] [ 69.457200][ C0] [ 69.458276][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.460504][ C0] RIP: 0010:generic_exec_single+0x4f6/0x9b0 [ 69.462701][ C0] Code: e8 1f 08 0c 00 90 0f 0b 90 e9 64 fc ff ff e8 11 08 0c 00 e8 3c 5b 48 0a 4d 85 e4 0f 84 6e ff ff ff e8 fe 07 0c 00 fb 45 31 f6 <48> c7 44 24 20 0e 36 e0 45 4b c7 04 2f 00 00 00 00 66 43 c7 44 2f [ 69.469966][ C0] RSP: 0018:ffffc9000d417960 EFLAGS: 00000246 [ 69.472230][ C0] RAX: ffffffff8189d812 RBX: 0000000000000000 RCX: 0000000000100000 [ 69.475322][ C0] RDX: ffffc9000ea7a000 RSI: 000000000000860d RDI: 000000000000860e [ 69.478390][ C0] RBP: ffffc9000d417a38 R08: ffffffff8189d764 R09: 1ffffffff203c806 [ 69.481351][ C0] R10: dffffc0000000000 R11: fffffbfff203c807 R12: 0000000000000200 [ 69.484333][ C0] R13: 1ffff92001a82f30 R14: 0000000000000000 R15: dffffc0000000000 [ 69.487229][ C0] ? generic_exec_single+0x444/0x9b0 [ 69.489188][ C0] ? generic_exec_single+0x4f2/0x9b0 [ 69.491192][ C0] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 69.493345][ C0] ? __pfx_generic_exec_single+0x10/0x10 [ 69.495503][ C0] smp_call_function_single_async+0x83/0x110 [ 69.497859][ C0] rdmsr_safe_on_cpu+0x146/0x310 [ 69.499725][ C0] ? __pfx_rdmsr_safe_on_cpu+0x10/0x10 [ 69.501790][ C0] ? __pfx___rdmsr_safe_on_cpu+0x10/0x10 [ 69.503894][ C0] ? __pfx_lock_release+0x10/0x10 [ 69.505869][ C0] ? __might_fault+0xaa/0x120 [ 69.507605][ C0] ? __might_fault+0xc6/0x120 [ 69.509397][ C0] msr_read+0x15d/0x260 [ 69.511011][ C0] ? __pfx_msr_read+0x10/0x10 [ 69.512860][ C0] ? rw_verify_area+0x568/0x6f0 [ 69.514627][ C0] ? __pfx_msr_read+0x10/0x10 [ 69.516320][ C0] vfs_read+0x1fc/0xb70 [ 69.517844][ C0] ? __pfx_vfs_read+0x10/0x10 [ 69.519663][ C0] ? __might_fault+0xaa/0x120 [ 69.521514][ C0] ? __fget_files+0x2a/0x410 [ 69.523319][ C0] ? __fget_files+0x395/0x410 [ 69.525134][ C0] ? __fget_files+0x2a/0x410 [ 69.526971][ C0] ksys_read+0x18f/0x2b0 [ 69.528550][ C0] ? __pfx_ksys_read+0x10/0x10 [ 69.530411][ C0] ? do_syscall_64+0x100/0x230 [ 69.532307][ C0] ? do_syscall_64+0xb6/0x230 [ 69.534090][ C0] do_syscall_64+0xf3/0x230 [ 69.535832][ C0] ? clear_bhb_loop+0x35/0x90 [ 69.537667][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.539959][ C0] RIP: 0033:0x7f7d7ff7e819 [ 69.541701][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.548955][ C0] RSP: 002b:00007f7d7f9f8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 69.551897][ C0] RAX: ffffffffffffffda RBX: 00007f7d80135fa0 RCX: 00007f7d7ff7e819 [ 69.554719][ C0] RDX: 0000000000018ff8 RSI: 0000000020019680 RDI: 0000000000000003 [ 69.557632][ C0] RBP: 00007f7d7fff175e R08: 0000000000000000 R09: 0000000000000000 [ 69.560418][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.563076][ C0] R13: 0000000000000000 R14: 00007f7d80135fa0 R15: 00007ffda5a469d8 [ 69.566224][ C0]