Extracting prog: 3m39.96010721s Minimizing prog: 14m24.163773817s Simplifying prog options: 2m39.468277427s Extracting C: 1m0.728513075s Simplifying C: 0s extracting reproducer from 32 programs testing a last program of every proc single: executing 7 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-openat$vhost_vsock-ioctl$VHOST_VSOCK_SET_RUNNING detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8200a00060001000a0702"], 0xf) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_emit_vhci-openat$vhost_vsock-ioctl$VHOST_VSOCK_SET_RUNNING detailed listing: executing program 0: syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c8200a00060001000a0702"], 0xf) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): openat$dsp1-ioctl$SNDCTL_DSP_SETTRIGGER-ioctl$SNDCTL_DSP_SPEED-openat$kvm-ioctl$KVM_CREATE_VM-ioctl$KVM_CREATE_IRQCHIP-ioctl$KVM_CREATE_VCPU-ioctl$KVM_SET_LAPIC-ioctl$KVM_CREATE_VM-ioctl$KVM_SIGNAL_MSI-ioctl$KVM_SET_IRQCHIP-write$dsp-setitimer-madvise-ioctl$KVM_CREATE_VM-mprotect-mremap-mlock detailed listing: executing program 0: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x121001, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f00000000c0)=0x400000) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)=0x10000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1a9a00, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"}) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SIGNAL_MSI(r4, 0x4020aea5, &(0x7f0000000040)={0x1000, 0xddddc000, 0x9e37, 0x0, 0x2}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x1000, 0x6, 0x6, 0x7fffffff, 0x0, [{0x99, 0x9, 0xb, '\x00', 0xb8}, {0x13, 0x7, 0x9, '\x00', 0x8}, {0x81, 0x3, 0x0, '\x00', 0x1}, {0xfa, 0x9, 0x40, '\x00', 0x7f}, {0x86, 0x7f, 0x2, '\x00', 0x34}, {0x9, 0x0, 0xc7, '\x00', 0x2}, {0x1, 0x2, 0x8, '\x00', 0xff}, {0xff, 0x8, 0x10, '\x00', 0x3}, {0x2, 0xff, 0x6, '\x00', 0x9}, {0x6, 0x48, 0xc5, '\x00', 0x3}, {0x2, 0xee, 0x2, '\x00', 0xe9}, {0x9c, 0x5, 0x3, '\x00', 0xa}, {0x2, 0x1, 0x4}, {0xf4, 0x7, 0x6, '\x00', 0xf5}, {0x3, 0x2, 0x59, '\x00', 0x3}, {0x0, 0x9, 0x0, '\x00', 0xff}, {0xfd, 0x7, 0x0, '\x00', 0xff}, {0x6, 0xf, 0xe, '\x00', 0x95}, {0x80, 0x5, 0x5}, {0x2, 0xb, 0x7c, '\x00', 0x5}, {0x9, 0x3, 0x6, '\x00', 0x3}, {0x7, 0xb4, 0x9, '\x00', 0xd}, {0x0, 0x8, 0x4, '\x00', 0x3}, {0x8, 0x2, 0x81, '\x00', 0x8}]}}) write$dsp(r0, &(0x7f0000000000)="d9ef85", 0x3) setitimer(0x2, 0x0, &(0x7f0000000180)) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mlock(&(0x7f00004af000/0x4000)=nil, 0x4000) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-sendmsg$IPVS_CMD_SET_INFO-semctl$IPC_SET-getsockname$packet-sendmsg$nl_route-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x4}) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1020}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x48}}, 0x0) program crashed: BUG: MAX_LOCKDEP_KEYS too low! single: successfully extracted reproducer found reproducer with 8 syscalls minimizing guilty program testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-sendmsg$IPVS_CMD_SET_INFO-semctl$IPC_SET-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x4}) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program crashed: BUG: MAX_LOCKDEP_KEYS too low! testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-sendmsg$IPVS_CMD_SET_INFO-semctl$IPC_SET-getsockname$packet detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x4}) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-sendmsg$IPVS_CMD_SET_INFO-semctl$IPC_SET-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x4}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-sendmsg$IPVS_CMD_SET_INFO-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program crashed: BUG: MAX_LOCKDEP_KEYS too low! testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program crashed: BUG: MAX_LOCKDEP_KEYS too low! testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket$netlink-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r1, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program crashed: BUG: MAX_LOCKDEP_KEYS too low! testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000200)) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, 0x0, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) program crashed: WARNING: locking bug in __set_page_owner testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route program did not crash simplifying guilty program options testing program (duration=53.886633937s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) program did not crash testing program (duration=53.886633937s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$netlink-socket-getsockname$packet-sendmsg$nl_route detailed listing: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB], 0x3c}}, 0x0) program did not crash reproducing took 21m44.320691381s repro crashed as (corrupted=false): ============================= [ BUG: Invalid wait context ] 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Not tainted ----------------------------- sshd/5928 is trying to lock: ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: add_stack_record_to_list mm/page_owner.c:182 [inline] ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: inc_stack_record_count mm/page_owner.c:214 [inline] ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x3ea/0x560 mm/page_owner.c:329 other info that might help us debug this: context-{2:2} 4 locks held by sshd/5928: #0: ffff888034d9a898 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1617 [inline] #0: ffff888034d9a898 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 net/ipv4/tcp.c:1357 #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x73/0x1970 net/ipv4/ip_output.c:471 #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x364/0x2150 net/ipv4/ip_output.c:229 #3: ffff88806a73ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598 stack backtrace: CPU: 1 UID: 0 PID: 5928 Comm: sshd Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline] check_wait_context kernel/locking/lockdep.c:4898 [inline] __lock_acquire+0x878/0x3c40 kernel/locking/lockdep.c:5176 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 add_stack_record_to_list mm/page_owner.c:182 [inline] inc_stack_record_count mm/page_owner.c:214 [inline] __set_page_owner+0x3ea/0x560 mm/page_owner.c:329 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556 prep_new_page mm/page_alloc.c:1564 [inline] get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3474 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4751 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269 stack_depot_save_flags+0x8e0/0x9e0 lib/stackdepot.c:627 kasan_save_stack+0x42/0x60 mm/kasan/common.c:48 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544 task_work_add+0xc0/0x3b0 kernel/task_work.c:77 task_tick_numa kernel/sched/fair.c:3613 [inline] task_tick_fair+0x524/0x8e0 kernel/sched/fair.c:13060 sched_tick+0x1dd/0x4f0 kernel/sched/core.c:5652 update_process_times+0x19c/0x2d0 kernel/time/timer.c:2524 tick_sched_handle kernel/time/tick-sched.c:276 [inline] tick_nohz_handler+0x376/0x530 kernel/time/tick-sched.c:297 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x5fb/0xae0 kernel/time/hrtimer.c:1803 hrtimer_interrupt+0x392/0x8e0 kernel/time/hrtimer.c:1865 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] __sysvec_apic_timer_interrupt+0x10f/0x400 arch/x86/kernel/apic/apic.c:1055 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:e1000_irq_enable drivers/net/ethernet/intel/e1000/e1000_main.c:295 [inline] RIP: 0010:e1000_clean+0xee3/0x2700 drivers/net/ethernet/intel/e1000/e1000_main.c:3819 Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 c3 16 00 00 48 8b 4c 24 48 ba 9d 00 00 00 48 8b 81 f8 01 00 00 48 89 04 24 89 90 d0 00 00 00 <48> 8b 81 f8 01 00 00 8b 40 08 e8 ee f0 3a fb 8b 9c 24 f8 00 00 00 RSP: 0018:ffffc900006b0b88 EFLAGS: 00000246 RAX: ffffc900068c0000 RBX: 0000000000000000 RCX: ffff888027521070 RDX: 000000000000009d RSI: ffffffff865f1246 RDI: ffff888027521268 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000001 R13: 0000000000000fa0 R14: ffff888027521070 R15: 0000000000000001 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 do_softirq kernel/softirq.c:462 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:449 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:389 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x8b0/0x43e0 net/core/dev.c:4461 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xc6c/0x2150 net/ipv4/ip_output.c:236 __ip_finish_output net/ipv4/ip_output.c:314 [inline] __ip_finish_output+0x49e/0x950 net/ipv4/ip_output.c:296 ip_finish_output+0x35/0x380 net/ipv4/ip_output.c:324 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:434 dst_output include/net/dst.h:450 [inline] ip_local_out+0x33e/0x4a0 net/ipv4/ip_output.c:130 __ip_queue_xmit+0x777/0x1970 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2b39/0x3df0 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_write_xmit+0x12b1/0x8560 net/ipv4/tcp_output.c:2827 __tcp_push_pending_frames+0xaf/0x390 net/ipv4/tcp_output.c:3010 tcp_push+0x221/0x6f0 net/ipv4/tcp.c:751 tcp_sendmsg_locked+0x28d1/0x3770 net/ipv4/tcp.c:1326 tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1358 inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] sock_write_iter+0x4ac/0x5b0 net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x5ae/0x1150 fs/read_write.c:679 ksys_write+0x207/0x250 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5df3716bf2 Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffe21e3e0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f5df3716bf2 RDX: 0000000000000048 RSI: 0000556d028bb970 RDI: 0000000000000004 RBP: 0000556d028c4400 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000556cf38f5aa4 R13: 000000000000003b R14: 0000556cf38f63e8 R15: 00007ffe21e3e158 ---------------- Code disassembly (best guess): 0: fa cli 1: 48 c1 ea 03 shr $0x3,%rdx 5: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 9: 0f 85 c3 16 00 00 jne 0x16d2 f: 48 8b 4c 24 48 mov 0x48(%rsp),%rcx 14: ba 9d 00 00 00 mov $0x9d,%edx 19: 48 8b 81 f8 01 00 00 mov 0x1f8(%rcx),%rax 20: 48 89 04 24 mov %rax,(%rsp) 24: 89 90 d0 00 00 00 mov %edx,0xd0(%rax) * 2a: 48 8b 81 f8 01 00 00 mov 0x1f8(%rcx),%rax <-- trapping instruction 31: 8b 40 08 mov 0x8(%rax),%eax 34: e8 ee f0 3a fb call 0xfb3af127 39: 8b 9c 24 f8 00 00 00 mov 0xf8(%rsp),%ebx final repro crashed as (corrupted=false): ============================= [ BUG: Invalid wait context ] 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Not tainted ----------------------------- sshd/5928 is trying to lock: ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: add_stack_record_to_list mm/page_owner.c:182 [inline] ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: inc_stack_record_count mm/page_owner.c:214 [inline] ffffffff8e3a28b8 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x3ea/0x560 mm/page_owner.c:329 other info that might help us debug this: context-{2:2} 4 locks held by sshd/5928: #0: ffff888034d9a898 (sk_lock-AF_INET){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1617 [inline] #0: ffff888034d9a898 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x20/0x50 net/ipv4/tcp.c:1357 #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #1: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x73/0x1970 net/ipv4/ip_output.c:471 #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline] #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: ip_finish_output2+0x364/0x2150 net/ipv4/ip_output.c:229 #3: ffff88806a73ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 kernel/sched/core.c:598 stack backtrace: CPU: 1 UID: 0 PID: 5928 Comm: sshd Not tainted 6.13.0-rc2-syzkaller-00036-g231825b2e1ff #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_lock_invalid_wait_context kernel/locking/lockdep.c:4826 [inline] check_wait_context kernel/locking/lockdep.c:4898 [inline] __lock_acquire+0x878/0x3c40 kernel/locking/lockdep.c:5176 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 add_stack_record_to_list mm/page_owner.c:182 [inline] inc_stack_record_count mm/page_owner.c:214 [inline] __set_page_owner+0x3ea/0x560 mm/page_owner.c:329 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1556 prep_new_page mm/page_alloc.c:1564 [inline] get_page_from_freelist+0xfce/0x2f80 mm/page_alloc.c:3474 __alloc_pages_noprof+0x223/0x25b0 mm/page_alloc.c:4751 alloc_pages_mpol_noprof+0x2c9/0x610 mm/mempolicy.c:2269 stack_depot_save_flags+0x8e0/0x9e0 lib/stackdepot.c:627 kasan_save_stack+0x42/0x60 mm/kasan/common.c:48 __kasan_record_aux_stack+0xba/0xd0 mm/kasan/generic.c:544 task_work_add+0xc0/0x3b0 kernel/task_work.c:77 task_tick_numa kernel/sched/fair.c:3613 [inline] task_tick_fair+0x524/0x8e0 kernel/sched/fair.c:13060 sched_tick+0x1dd/0x4f0 kernel/sched/core.c:5652 update_process_times+0x19c/0x2d0 kernel/time/timer.c:2524 tick_sched_handle kernel/time/tick-sched.c:276 [inline] tick_nohz_handler+0x376/0x530 kernel/time/tick-sched.c:297 __run_hrtimer kernel/time/hrtimer.c:1739 [inline] __hrtimer_run_queues+0x5fb/0xae0 kernel/time/hrtimer.c:1803 hrtimer_interrupt+0x392/0x8e0 kernel/time/hrtimer.c:1865 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline] __sysvec_apic_timer_interrupt+0x10f/0x400 arch/x86/kernel/apic/apic.c:1055 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x52/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:e1000_irq_enable drivers/net/ethernet/intel/e1000/e1000_main.c:295 [inline] RIP: 0010:e1000_clean+0xee3/0x2700 drivers/net/ethernet/intel/e1000/e1000_main.c:3819 Code: fa 48 c1 ea 03 80 3c 02 00 0f 85 c3 16 00 00 48 8b 4c 24 48 ba 9d 00 00 00 48 8b 81 f8 01 00 00 48 89 04 24 89 90 d0 00 00 00 <48> 8b 81 f8 01 00 00 8b 40 08 e8 ee f0 3a fb 8b 9c 24 f8 00 00 00 RSP: 0018:ffffc900006b0b88 EFLAGS: 00000246 RAX: ffffc900068c0000 RBX: 0000000000000000 RCX: ffff888027521070 RDX: 000000000000009d RSI: ffffffff865f1246 RDI: ffff888027521268 RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000005 R12: 0000000000000001 R13: 0000000000000fa0 R14: ffff888027521070 R15: 0000000000000001 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 do_softirq kernel/softirq.c:462 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:449 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:389 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:919 [inline] __dev_queue_xmit+0x8b0/0x43e0 net/core/dev.c:4461 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xc6c/0x2150 net/ipv4/ip_output.c:236 __ip_finish_output net/ipv4/ip_output.c:314 [inline] __ip_finish_output+0x49e/0x950 net/ipv4/ip_output.c:296 ip_finish_output+0x35/0x380 net/ipv4/ip_output.c:324 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip_output+0x13b/0x2a0 net/ipv4/ip_output.c:434 dst_output include/net/dst.h:450 [inline] ip_local_out+0x33e/0x4a0 net/ipv4/ip_output.c:130 __ip_queue_xmit+0x777/0x1970 net/ipv4/ip_output.c:536 __tcp_transmit_skb+0x2b39/0x3df0 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_write_xmit+0x12b1/0x8560 net/ipv4/tcp_output.c:2827 __tcp_push_pending_frames+0xaf/0x390 net/ipv4/tcp_output.c:3010 tcp_push+0x221/0x6f0 net/ipv4/tcp.c:751 tcp_sendmsg_locked+0x28d1/0x3770 net/ipv4/tcp.c:1326 tcp_sendmsg+0x2e/0x50 net/ipv4/tcp.c:1358 inet_sendmsg+0xb9/0x140 net/ipv4/af_inet.c:851 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] sock_write_iter+0x4ac/0x5b0 net/socket.c:1147 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x5ae/0x1150 fs/read_write.c:679 ksys_write+0x207/0x250 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5df3716bf2 Code: 89 c7 48 89 44 24 08 e8 7b 34 fa ff 48 8b 44 24 08 48 83 c4 28 c3 c3 64 8b 04 25 18 00 00 00 85 c0 75 20 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 6f 48 8b 15 07 a2 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffe21e3e0e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000048 RCX: 00007f5df3716bf2 RDX: 0000000000000048 RSI: 0000556d028bb970 RDI: 0000000000000004 RBP: 0000556d028c4400 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000556cf38f5aa4 R13: 000000000000003b R14: 0000556cf38f63e8 R15: 00007ffe21e3e158 ---------------- Code disassembly (best guess): 0: fa cli 1: 48 c1 ea 03 shr $0x3,%rdx 5: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) 9: 0f 85 c3 16 00 00 jne 0x16d2 f: 48 8b 4c 24 48 mov 0x48(%rsp),%rcx 14: ba 9d 00 00 00 mov $0x9d,%edx 19: 48 8b 81 f8 01 00 00 mov 0x1f8(%rcx),%rax 20: 48 89 04 24 mov %rax,(%rsp) 24: 89 90 d0 00 00 00 mov %edx,0xd0(%rax) * 2a: 48 8b 81 f8 01 00 00 mov 0x1f8(%rcx),%rax <-- trapping instruction 31: 8b 40 08 mov 0x8(%rax),%eax 34: e8 ee f0 3a fb call 0xfb3af127 39: 8b 9c 24 f8 00 00 00 mov 0xf8(%rsp),%ebx