program: timer_create(0x3, 0x0, &(0x7f0000000280)=0x0) timer_settime(r0, 0x0, &(0x7f000006b000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 68.981078][ T5308] Bluetooth: hci0: command tx timeout [ 69.029516][ C0] [ 69.030601][ C0] ============================= [ 69.032892][ C0] [ BUG: Invalid wait context ] [ 69.034870][ C0] 6.13.0-syzkaller-07644-gc2da8b3f914f #0 Not tainted [ 69.037268][ C0] ----------------------------- [ 69.038982][ C0] syz.0.0/5322 is trying to lock: [ 69.040722][ C0] ffff88805ffd7298 (&zone->lock){-.-.}-{3:3}, at: __rmqueue_pcplist+0x4a2/0x2a90 [ 69.044006][ C0] other info that might help us debug this: [ 69.046046][ C0] context-{2:2} [ 69.047380][ C0] 4 locks held by syz.0.0/5322: [ 69.049339][ C0] #0: ffffffff8e9ef2d0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x1db/0x2110 [ 69.052724][ C0] #1: ffff888040be9fe0 (&mm->mmap_lock){++++}-{4:4}, at: copy_mm+0x2b4/0x2110 [ 69.056192][ C0] #2: ffff888040be81e0 (&mm->mmap_lock/1){+.+.}-{4:4}, at: copy_mm+0x455/0x2110 [ 69.059773][ C0] #3: ffff88801fc44ad8 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d3/0x37a0 [ 69.063542][ C0] stack backtrace: [ 69.065039][ C0] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.13.0-syzkaller-07644-gc2da8b3f914f #0 [ 69.065053][ C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.065059][ C0] Call Trace: [ 69.065065][ C0] [ 69.065071][ C0] dump_stack_lvl+0x241/0x360 [ 69.065087][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.065097][ C0] ? __pfx__printk+0x10/0x10 [ 69.065113][ C0] __lock_acquire+0x15a8/0x2100 [ 69.065127][ C0] lock_acquire+0x1ed/0x550 [ 69.065138][ C0] ? __rmqueue_pcplist+0x4a2/0x2a90 [ 69.065151][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 69.065161][ C0] ? __pfx_validate_chain+0x10/0x10 [ 69.065171][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 69.065217][ C0] ? __rmqueue_pcplist+0x4a2/0x2a90 [ 69.065227][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 69.065242][ C0] __rmqueue_pcplist+0x4a2/0x2a90 [ 69.065253][ C0] ? unwind_next_frame+0x193b/0x22d0 [ 69.065270][ C0] get_page_from_freelist+0x886/0x37a0 [ 69.065288][ C0] __alloc_pages_noprof+0x292/0x710 [ 69.065300][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 69.065311][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 69.065322][ C0] ? __kernel_text_address+0xd/0x40 [ 69.065331][ C0] ? unwind_get_return_address+0x4d/0x90 [ 69.065342][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 69.065356][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 69.065369][ C0] ? stack_trace_save+0x118/0x1d0 [ 69.065377][ C0] ? alloc_pages_noprof+0x43/0x170 [ 69.065385][ C0] stack_depot_save_flags+0x72d/0x940 [ 69.065425][ C0] kasan_save_stack+0x4f/0x60 [ 69.065437][ C0] ? kasan_save_stack+0x3f/0x60 [ 69.065451][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 69.065461][ C0] ? task_work_add+0xd9/0x490 [ 69.065472][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 69.065479][ C0] ? tick_nohz_handler+0x37c/0x500 [ 69.065489][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 69.065502][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 69.065513][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 69.065525][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 69.065535][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.065546][ C0] ? pte_alloc_one+0x2bd/0x510 [ 69.065556][ C0] ? __pte_alloc+0x79/0x3c0 [ 69.065568][ C0] ? copy_pmd_range+0x6fb4/0x77a0 [ 69.065578][ C0] ? copy_page_range+0x99f/0xe90 [ 69.065589][ C0] ? copy_mm+0x1279/0x2110 [ 69.065598][ C0] ? copy_process+0x1845/0x3d50 [ 69.065607][ C0] ? kernel_clone+0x226/0x8e0 [ 69.065616][ C0] ? __x64_sys_clone+0x258/0x2a0 [ 69.065625][ C0] ? do_syscall_64+0xf3/0x230 [ 69.065634][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.065652][ C0] ? __phys_addr+0xba/0x170 [ 69.065663][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 69.065672][ C0] task_work_add+0xd9/0x490 [ 69.065685][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 69.065695][ C0] ? __pfx_task_work_add+0x10/0x10 [ 69.065708][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 69.065718][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 69.065727][ C0] ? sched_balance_trigger+0x51/0x890 [ 69.065740][ C0] tick_nohz_handler+0x37c/0x500 [ 69.065750][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 69.065759][ C0] __hrtimer_run_queues+0x551/0xd30 [ 69.065773][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 69.065786][ C0] ? kvm_clock_get_cycles+0x52/0x70 [ 69.065796][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 69.065809][ C0] hrtimer_interrupt+0x403/0xa40 [ 69.065831][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 69.065846][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 69.065858][ C0] [ 69.065861][ C0] [ 69.065865][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 69.065878][ C0] RIP: 0010:pte_alloc_one+0x2bd/0x510 [ 69.065892][ C0] Code: 83 c6 40 4c 89 f0 48 c1 e8 03 80 3c 18 00 74 08 4c 89 f7 e8 55 ea b8 00 45 0f b6 36 4c 89 e7 44 89 f6 e8 26 51 ab 00 45 31 e4 <48> c7 44 24 20 0e 36 e0 45 4a c7 04 2b 00 00 00 00 66 42 c7 44 2b [ 69.065901][ C0] RSP: 0018:ffffc9000d42f120 EFLAGS: 00000283 [ 69.065913][ C0] RAX: ffffffff816d389e RBX: dffffc0000000000 RCX: 0000000000100000 [ 69.065920][ C0] RDX: ffffc9000e6da000 RSI: 0000000000000b42 RDI: 0000000000000b43 [ 69.065925][ C0] RBP: ffffc9000d42f1f0 R08: ffffffff816d3876 R09: 1ffffffff285f31f [ 69.065932][ C0] R10: dffffc0000000000 R11: fffffbfff285f320 R12: ffffea0001027b80 [ 69.065939][ C0] R13: 1ffff92001a85e28 R14: 0000000000000200 R15: 0000000000000046 [ 69.065947][ C0] ? pte_alloc_one+0x426/0x510 [ 69.065957][ C0] ? pte_alloc_one+0x44e/0x510 [ 69.065971][ C0] ? __pfx_pte_alloc_one+0x10/0x10 [ 69.065983][ C0] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.065996][ C0] __pte_alloc+0x79/0x3c0 [ 69.066009][ C0] ? __pfx___pte_alloc+0x10/0x10 [ 69.066025][ C0] copy_pmd_range+0x6fb4/0x77a0 [ 69.066042][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 69.066056][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 69.066069][ C0] ? __pud_alloc+0x3cd/0x4e0 [ 69.066078][ C0] ? __pfx_lock_release+0x10/0x10 [ 69.066090][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 69.066101][ C0] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.066113][ C0] ? _raw_spin_unlock+0x28/0x50 [ 69.066122][ C0] ? __pud_alloc+0x3cd/0x4e0 [ 69.066135][ C0] copy_page_range+0x99f/0xe90 [ 69.066151][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 69.066166][ C0] ? __pfx_up_write+0x10/0x10 [ 69.066177][ C0] copy_mm+0x1279/0x2110 [ 69.066192][ C0] ? __pfx_copy_mm+0x10/0x10 [ 69.066204][ C0] ? __init_rwsem+0x122/0x160 [ 69.066212][ C0] ? copy_signal+0x51c/0x640 [ 69.066222][ C0] copy_process+0x1845/0x3d50 [ 69.066243][ C0] ? copy_process+0x9fa/0x3d50 [ 69.066254][ C0] ? __pfx_copy_process+0x10/0x10 [ 69.066267][ C0] kernel_clone+0x226/0x8e0 [ 69.066278][ C0] ? __might_fault+0xaa/0x120 [ 69.066288][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 69.066301][ C0] ? __might_fault+0xaa/0x120 [ 69.066313][ C0] __x64_sys_clone+0x258/0x2a0 [ 69.066326][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 69.066340][ C0] ? do_syscall_64+0x100/0x230 [ 69.066353][ C0] ? do_syscall_64+0xb6/0x230 [ 69.066365][ C0] do_syscall_64+0xf3/0x230 [ 69.066383][ C0] ? clear_bhb_loop+0x35/0x90 [ 69.066398][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.066410][ C0] RIP: 0033:0x7ffb1818cd29 [ 69.066421][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.066428][ C0] RSP: 002b:00007ffb18fe3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 69.066439][ C0] RAX: ffffffffffffffda RBX: 00007ffb183a5fa0 RCX: 00007ffb1818cd29 [ 69.066445][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.066450][ C0] RBP: 00007ffb1820e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 69.066456][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.066462][ C0] R13: 0000000000000000 R14: 00007ffb183a5fa0 R15: 00007ffc82a0aee8 [ 69.066471][ C0]