=============================
[ BUG: Invalid wait context ]
6.13.0-rc7-syzkaller-00019-gc45323b7560e #0 Not tainted
-----------------------------
syz.2.661/8425 is trying to lock:
ffff8880b87429c0 (&c->lock){-.-.}-{3:3}, at: local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
ffff8880b87429c0 (&c->lock){-.-.}-{3:3}, at: ___slab_alloc+0x256/0x14a0 mm/slub.c:3707
other info that might help us debug this:
context-{2:2}
2 locks held by syz.2.661/8425:
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: __bpf_trace_run kernel/trace/bpf_trace.c:2361 [inline]
 #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run1+0x1d6/0x520 kernel/trace/bpf_trace.c:2402
 #1: ffff8880b873e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 kernel/sched/core.c:598
stack backtrace:
CPU: 1 UID: 0 PID: 8425 Comm: syz.2.661 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline]
 check_wait_context kernel/locking/lockdep.c:4898 [inline]
 __lock_acquire+0x15a8/0x2100 kernel/locking/lockdep.c:5176
 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
 local_lock_acquire include/linux/local_lock_internal.h:29 [inline]
 ___slab_alloc+0x26f/0x14a0 mm/slub.c:3707
 __slab_alloc+0x58/0xa0 mm/slub.c:3920
 __slab_alloc_node mm/slub.c:3995 [inline]
 slab_alloc_node mm/slub.c:4156 [inline]
 __kmalloc_cache_noprof+0x27b/0x390 mm/slub.c:4324
 kmalloc_noprof include/linux/slab.h:901 [inline]
 add_stack_record_to_list mm/page_owner.c:172 [inline]
 inc_stack_record_count mm/page_owner.c:214 [inline]
 __set_page_owner+0x55f/0x800 mm/page_owner.c:329
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1558
 prep_new_page mm/page_alloc.c:1566 [inline]
 get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3476
 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4753
 alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
 stack_depot_save_flags+0x72d/0x940 lib/stackdepot.c:627
 kasan_save_stack+0x4f/0x60 mm/kasan/common.c:48
 __kasan_record_aux_stack+0xac/0xc0 mm/kasan/generic.c:544
 task_work_add+0xd9/0x490 kernel/task_work.c:77
 task_tick_numa kernel/sched/fair.c:3616 [inline]
 task_tick_fair+0x58c/0x7b0 kernel/sched/fair.c:13101
 sched_tick+0x21e/0x660 kernel/sched/core.c:5652
 update_process_times+0x276/0x2f0 kernel/time/timer.c:2524
 tick_sched_handle kernel/time/tick-sched.c:276 [inline]
 tick_nohz_handler+0x37c/0x500 kernel/time/tick-sched.c:297
 __run_hrtimer kernel/time/hrtimer.c:1739 [inline]
 __hrtimer_run_queues+0x551/0xd30 kernel/time/hrtimer.c:1803
 hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
 __sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
 sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:rdtsc_ordered arch/x86/include/asm/msr.h:217 [inline]
RIP: 0010:__pvclock_clocksource_read arch/x86/kernel/pvclock.c:77 [inline]
RIP: 0010:pvclock_clocksource_read_nowd+0x4a/0xf0 arch/x86/kernel/pvclock.c:120
Code: 89 e1 48 d3 e3 4c 89 2c 24 48 89 d8 48 f7 24 24 48 0f ac d0 20 49 8b 4e 10 41 0f b6 56 1d 41 8b 36 39 ee 89 f5 74 5d 0f 01 f9 <66> 90 48 89 d3 48 c1 e3 20 48 09 c3 49 2b 5e 08 83 e5 fe 45 8b 6e
RSP: 0018:ffffc90000a18458 EFLAGS: 00000202
RAX: 00000000c0b6b170 RBX: ffffffff81a16ed0 RCX: 0000000000000001
RDX: 0000000000000109 RSI: 0000000000000008 RDI: ffffffff931ac040
RBP: 0000000000000006 R08: ffff88801d6f0147 R09: 1ffff11003ade028
R10: dffffc0000000000 R11: ffffed1003ade029 R12: 00000077aa88e8f2
R13: dffffc0000000000 R14: ffffffff931ac040 R15: 1ffff11003ade028
 kvm_sched_clock_read+0x11/0x20 arch/x86/kernel/kvmclock.c:91
 sched_clock+0x19/0x70 arch/x86/kernel/tsc.c:285
 trace_clock_local+0x19/0x70 kernel/trace/trace_clock.c:42
 rb_time_stamp kernel/trace/ring_buffer.c:1093 [inline]
 __rb_reserve_next kernel/trace/ring_buffer.c:4264 [inline]
 rb_reserve_next_event kernel/trace/ring_buffer.c:4452 [inline]
 ring_buffer_lock_reserve+0xfeb/0x21c0 kernel/trace/ring_buffer.c:4511
 __trace_buffer_lock_reserve kernel/trace/trace.c:1020 [inline]
 trace_event_buffer_lock_reserve+0x2ab/0x6a0 kernel/trace/trace.c:2748
 trace_event_buffer_reserve+0x2b7/0x3f0 kernel/trace/trace_events.c:654
 do_trace_event_raw_event_bpf_trace_printk kernel/trace/bpf_trace.h:11 [inline]
 trace_event_raw_event_bpf_trace_printk+0x102/0x260 kernel/trace/bpf_trace.h:11
 trace_bpf_trace_printk+0x186/0x1f0 kernel/trace/bpf_trace.h:11
 ____bpf_trace_printk kernel/trace/bpf_trace.c:391 [inline]
 bpf_trace_printk+0x1bf/0x230 kernel/trace/bpf_trace.c:374
 bpf_prog_0605f9f479290f07+0x38/0x3c
 bpf_dispatcher_nop_func include/linux/bpf.h:1290 [inline]
 __bpf_prog_run include/linux/filter.h:701 [inline]
 bpf_prog_run include/linux/filter.h:708 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2362 [inline]
 bpf_trace_run1+0x2ca/0x520 kernel/trace/bpf_trace.c:2402
 trace_rcu_utilization+0x1b4/0x1e0 include/trace/events/rcu.h:27
 rcu_core+0x133/0x17a0 kernel/rcu/tree.c:2795
 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561
 __do_softirq kernel/softirq.c:595 [inline]
 invoke_softirq kernel/softirq.c:435 [inline]
 __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678
 instr_sysvec_irq_work arch/x86/kernel/irq_work.c:17 [inline]
 sysvec_irq_work+0xa3/0xc0 arch/x86/kernel/irq_work.c:17
 </IRQ>
 <TASK>
 asm_sysvec_irq_work+0x1a/0x20 arch/x86/include/asm/idtentry.h:738
RIP: 0010:finish_task_switch+0x1ea/0x870 kernel/sched/core.c:5243
Code: c9 50 e8 49 0c 0c 00 48 83 c4 08 4c 89 f7 e8 ed 39 00 00 0f 1f 44 00 00 4c 89 f7 e8 e0 08 5d 0a e8 5b 89 38 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc
RSP: 0018:ffffc9001be47968 EFLAGS: 00000286
RAX: b9b5ac370e0bb000 RBX: ffff888032cb3c00 RCX: ffffffff9a3ac903
RDX: dffffc0000000000 RSI: ffffffff8c0a98e0 RDI: ffffffff8c5fb220
RBP: ffffc9001be479b0 R08: ffffffff901983b7 R09: 1ffffffff2033076
R10: dffffc0000000000 R11: fffffbfff2033077 R12: 1ffff110170e7edc
R13: dffffc0000000000 R14: ffff8880b873e8c0 R15: ffff8880b873f6e0
 context_switch kernel/sched/core.c:5372 [inline]
 __schedule+0x1858/0x4c30 kernel/sched/core.c:6756
 __schedule_loop kernel/sched/core.c:6833 [inline]
 schedule+0x14b/0x320 kernel/sched/core.c:6848
 do_nanosleep+0x197/0x600 kernel/time/hrtimer.c:2079
 hrtimer_nanosleep+0x1ec/0x410 kernel/time/hrtimer.c:2126
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1402 [inline]
 __se_sys_clock_nanosleep+0x32b/0x3c0 kernel/time/posix-timers.c:1379
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fbdc8dbf5e5
Code: 24 0c 89 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 <44> 89 c7 48 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8
RSP: 002b:00007ffd6330f860 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: ffffffffffffffda RBX: 00007fbdc8fa5fa0 RCX: 00007fbdc8dbf5e5
RDX: 00007ffd6330f8a0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007fbdc8fa7ba0 R08: 0000000000000000 R09: 7fffffffffffffff
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000071de0
R13: 00007ffd6330f9d0 R14: 0000000000000032 R15: ffffffffffffffff
 </TASK>
----------------
Code disassembly (best guess):
   0:	89 e1                	mov    %esp,%ecx
   2:	48 d3 e3             	shl    %cl,%rbx
   5:	4c 89 2c 24          	mov    %r13,(%rsp)
   9:	48 89 d8             	mov    %rbx,%rax
   c:	48 f7 24 24          	mulq   (%rsp)
  10:	48 0f ac d0 20       	shrd   $0x20,%rdx,%rax
  15:	49 8b 4e 10          	mov    0x10(%r14),%rcx
  19:	41 0f b6 56 1d       	movzbl 0x1d(%r14),%edx
  1e:	41 8b 36             	mov    (%r14),%esi
  21:	39 ee                	cmp    %ebp,%esi
  23:	89 f5                	mov    %esi,%ebp
  25:	74 5d                	je     0x84
  27:	0f 01 f9             	rdtscp
* 2a:	66 90                	xchg   %ax,%ax <-- trapping instruction
  2c:	48 89 d3             	mov    %rdx,%rbx
  2f:	48 c1 e3 20          	shl    $0x20,%rbx
  33:	48 09 c3             	or     %rax,%rbx
  36:	49 2b 5e 08          	sub    0x8(%r14),%rbx
  3a:	83 e5 fe             	and    $0xfffffffe,%ebp
  3d:	45                   	rex.RB
  3e:	8b                   	.byte 0x8b
  3f:	6e                   	outsb  %ds:(%rsi),(%dx)