program: r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$ARCH_SET_GS(0x1e, r0, &(0x7f0000000080), 0x1001) sigaltstack(&(0x7f0000000000)={&(0x7f0000001380)=""/4096, 0x80000000, 0x1000}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) timer_create(0x3, 0x0, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x77359400}}, 0x0) timer_delete(r2) ptrace$ARCH_SHSTK_LOCK(0x1e, r0, 0x3, 0x5003) mbind(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x8000, &(0x7f0000000080)=0x20a, 0x1, 0x5) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) [ 76.660431][ T5318] Bluetooth: hci0: command tx timeout [ 76.664980][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.667814][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.831879][ C0] [ 76.833051][ C0] ============================= [ 76.834732][ C0] [ BUG: Invalid wait context ] [ 76.836368][ C0] 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 Not tainted [ 76.838674][ C0] ----------------------------- [ 76.840314][ C0] syz.0.0/5332 is trying to lock: [ 76.842064][ C0] ffffffff8ea720f8 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x5cb/0x800 [ 76.845382][ C0] other info that might help us debug this: [ 76.847669][ C0] context-{2:2} [ 76.849003][ C0] 4 locks held by syz.0.0/5332: [ 76.850817][ C0] #0: ffff888040906d20 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x165/0xc40 [ 76.854113][ C0] #1: ffffffff8e93c7e0 (rcu_read_lock){....}-{1:3}, at: __pte_offset_map+0x82/0x380 [ 76.857781][ C0] #2: ffff888011963678 (ptlock_ptr(ptdesc)#2){+.+.}-{3:3}, at: __pte_offset_map_lock+0x1ba/0x300 [ 76.861891][ C0] #3: ffffffff8e93c760 (rcu_read_lock_sched){....}-{1:2}, at: pfn_valid+0xf6/0x450 [ 76.865299][ C0] stack backtrace: [ 76.866629][ C0] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 [ 76.869768][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.873388][ C0] Call Trace: [ 76.874626][ C0] [ 76.875756][ C0] dump_stack_lvl+0x241/0x360 [ 76.877686][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 76.879660][ C0] ? __pfx__printk+0x10/0x10 [ 76.881371][ C0] ? stack_trace_save+0x118/0x1d0 [ 76.883175][ C0] __lock_acquire+0x15a8/0x2100 [ 76.884857][ C0] ? __alloc_pages_noprof+0x292/0x710 [ 76.886634][ C0] lock_acquire+0x1ed/0x550 [ 76.888179][ C0] ? __set_page_owner+0x5cb/0x800 [ 76.889896][ C0] ? unmap_page_range+0x29df/0x40e0 [ 76.891836][ C0] ? unmap_vmas+0x3cc/0x5f0 [ 76.893563][ C0] ? exit_mmap+0x275/0xc40 [ 76.895602][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 76.897480][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.899718][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 76.901826][ C0] ? __set_page_owner+0x5cb/0x800 [ 76.903960][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 76.906379][ C0] ? __set_page_owner+0x55f/0x800 [ 76.908334][ C0] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 76.910368][ C0] __set_page_owner+0x5cb/0x800 [ 76.912206][ C0] ? __pfx___set_page_owner+0x10/0x10 [ 76.914187][ C0] post_alloc_hook+0x1f3/0x230 [ 76.916016][ C0] get_page_from_freelist+0x3649/0x3790 [ 76.918036][ C0] __alloc_pages_noprof+0x292/0x710 [ 76.920069][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 76.922093][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 76.923915][ C0] ? kernel_text_address+0xa7/0xe0 [ 76.925800][ C0] ? arch_stack_walk+0xfd/0x150 [ 76.927659][ C0] alloc_pages_mpol_noprof+0x3e8/0x680 [ 76.929764][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 76.932280][ C0] ? stack_trace_save+0x118/0x1d0 [ 76.934222][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 76.936216][ C0] ? alloc_pages_noprof+0x43/0x170 [ 76.938117][ C0] stack_depot_save_flags+0x666/0x830 [ 76.940096][ C0] kasan_save_stack+0x4f/0x60 [ 76.941774][ C0] ? kasan_save_stack+0x3f/0x60 [ 76.943555][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 76.945458][ C0] ? task_work_add+0xd9/0x490 [ 76.947177][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 76.949149][ C0] ? tick_nohz_handler+0x37c/0x500 [ 76.951064][ C0] ? __hrtimer_run_queues+0x551/0xd50 [ 76.953049][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 76.954973][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 76.957593][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 76.959840][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 76.962144][ C0] ? __pfx___sanitizer_cov_trace_const_cmp4+0x10/0x10 [ 76.964576][ C0] ? pfn_valid+0x192/0x450 [ 76.966201][ C0] ? page_table_check_clear+0x1e/0x550 [ 76.968197][ C0] ? unmap_page_range+0x29df/0x40e0 [ 76.970084][ C0] ? unmap_vmas+0x3cc/0x5f0 [ 76.971849][ C0] ? exit_mmap+0x275/0xc40 [ 76.973562][ C0] ? __mmput+0x115/0x390 [ 76.975195][ C0] ? exit_mm+0x220/0x310 [ 76.976878][ C0] ? do_exit+0x9b2/0x28e0 [ 76.978583][ C0] ? do_group_exit+0x207/0x2c0 [ 76.980347][ C0] ? get_signal+0x16b2/0x1750 [ 76.982094][ C0] ? arch_do_signal_or_restart+0x96/0x860 [ 76.984297][ C0] ? syscall_exit_to_user_mode+0xce/0x340 [ 76.986476][ C0] ? do_syscall_64+0x100/0x230 [ 76.988420][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.990608][ C0] ? __phys_addr+0xba/0x170 [ 76.992310][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 76.994309][ C0] task_work_add+0xd9/0x490 [ 76.995994][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 76.997812][ C0] ? __pfx_task_work_add+0x10/0x10 [ 76.999759][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 77.001723][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 77.004114][ C0] ? sched_balance_trigger+0x51/0x890 [ 77.006418][ C0] tick_nohz_handler+0x37c/0x500 [ 77.008302][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 77.010355][ C0] __hrtimer_run_queues+0x551/0xd50 [ 77.012361][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 77.014559][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 77.016532][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 77.018757][ C0] hrtimer_interrupt+0x403/0xa40 [ 77.020636][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 77.022634][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 77.024588][ C0] [ 77.025684][ C0] [ 77.026777][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 77.028988][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x0/0x90 [ 77.031592][ C0] Code: 10 48 89 74 0a 18 4c 89 44 0a 20 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 4c 8b 04 24 65 48 8b 14 25 c0 d7 03 00 65 8b 05 90 e9 [ 77.038733][ C0] RSP: 0018:ffffc9000d217280 EFLAGS: 00000246 [ 77.041092][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffff888000bb0000 [ 77.044113][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 77.047129][ C0] RBP: 1ffff11005fff524 R08: ffffffff820bf187 R09: 1ffffffff285d510 [ 77.050274][ C0] R10: dffffc0000000000 R11: fffffbfff285d511 R12: dffffc0000000000 [ 77.053339][ C0] R13: 00000000000fa358 R14: ffffffff820bf106 R15: ffff88802fffa920 [ 77.056419][ C0] ? pfn_valid+0xf6/0x450 [ 77.058111][ C0] ? pfn_valid+0x177/0x450 [ 77.059884][ C0] pfn_valid+0x192/0x450 [ 77.061741][ C0] page_table_check_clear+0x1e/0x550 [ 77.063653][ C0] unmap_page_range+0x29df/0x40e0 [ 77.065438][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 77.067291][ C0] ? memtype_free+0x223/0x590 [ 77.068971][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 77.071067][ C0] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 77.073497][ C0] ? untrack_pfn+0x34d/0x640 [ 77.075312][ C0] ? __pfx_untrack_pfn+0x10/0x10 [ 77.077165][ C0] ? uprobe_munmap+0x183/0x460 [ 77.078941][ C0] ? unmap_single_vma+0x1bd/0x2b0 [ 77.080894][ C0] unmap_vmas+0x3cc/0x5f0 [ 77.082525][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 77.084347][ C0] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 77.086280][ C0] exit_mmap+0x275/0xc40 [ 77.087733][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 77.089406][ C0] ? __pfx_exit_aio+0x10/0x10 [ 77.091035][ C0] ? uprobe_clear_state+0x271/0x290 [ 77.092842][ C0] ? mm_update_next_owner+0xa4/0x810 [ 77.094705][ C0] ? do_raw_spin_unlock+0x58/0x8b0 [ 77.096645][ C0] __mmput+0x115/0x390 [ 77.098195][ C0] exit_mm+0x220/0x310 [ 77.099764][ C0] ? __pfx_exit_mm+0x10/0x10 [ 77.101397][ C0] ? taskstats_exit+0x326/0xa60 [ 77.103195][ C0] do_exit+0x9b2/0x28e0 [ 77.104719][ C0] ? __pfx_do_exit+0x10/0x10 [ 77.106460][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 77.108479][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.110718][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 77.113078][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 77.115010][ C0] do_group_exit+0x207/0x2c0 [ 77.116760][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 77.118722][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 77.120716][ C0] get_signal+0x16b2/0x1750 [ 77.122431][ C0] ? __pfx_get_signal+0x10/0x10 [ 77.124292][ C0] arch_do_signal_or_restart+0x96/0x860 [ 77.126396][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 77.128688][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 77.130943][ C0] ? syscall_exit_to_user_mode+0xa3/0x340 [ 77.133110][ C0] syscall_exit_to_user_mode+0xce/0x340 [ 77.135174][ C0] do_syscall_64+0x100/0x230 [ 77.137077][ C0] ? clear_bhb_loop+0x35/0x90 [ 77.138847][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.141067][ C0] RIP: 0033:0x7f296f77e759 [ 77.142750][ C0] Code: Unable to access opcode bytes at 0x7f296f77e72f. [ 77.145354][ C0] RSP: 002b:00007f29704b70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 77.148499][ C0] RAX: 0000000000000001 RBX: 00007f296f935f88 RCX: 00007f296f77e759 [ 77.151484][ C0] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f296f935f8c [ 77.154580][ C0] RBP: 00007f296f935f80 R08: 7fffffffffffffff R09: 0000000000000000 [ 77.157475][ C0] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f296f935f8c [ 77.160478][ C0] R13: 0000000000000000 R14: 00007fffd2081d50 R15: 00007fffd2081e38 [ 77.163458][ C0]