./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1742499732 <...> Warning: Permanently added '10.128.1.64' (ED25519) to the list of known hosts. execve("./syz-executor1742499732", ["./syz-executor1742499732"], 0x7ffc4b691c80 /* 10 vars */) = 0 brk(NULL) = 0x55559123d000 brk(0x55559123de00) = 0x55559123de00 arch_prctl(ARCH_SET_FS, 0x55559123d480) = 0 set_tid_address(0x55559123d750) = 5848 set_robust_list(0x55559123d760, 24) = 0 rseq(0x55559123dda0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1742499732", 4096) = 28 getrandom("\x5b\x5a\x27\x72\x3b\x86\x2a\x79", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559123de00 brk(0x55559125ee00) = 0x55559125ee00 brk(0x55559125f000) = 0x55559125f000 mprotect(0x7f5cd4231000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x55559123d760, 24 [pid 5848] <... clone resumed>, child_tidptr=0x55559123d750) = 5849 [pid 5849] <... set_robust_list resumed>) = 0 [pid 5848] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "10000000000", 11) = 11 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "20", 2) = 2 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "0", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "0", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "100", 3) = 3 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "0", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "0", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "7 4 1 3", 7) = 7 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "0", 1) = 1 [pid 5848] close(3) = 0 [pid 5848] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "5849", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] kill(5849, SIGKILL) = 0 [pid 5849] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5849, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5848}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5848}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7f5cd4174ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5cd417f2f0}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7f5cd4174ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7f5cd417f2f0}, NULL, 8) = 0 mkdir("./syzkaller.XEKtXS", 0700) = 0 chmod("./syzkaller.XEKtXS", 0777) = 0 chdir("./syzkaller.XEKtXS") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x55559123d750) = 5852 [pid 5852] set_robust_list(0x55559123d760, 24) = 0 [pid 5852] chdir("./0") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] write(1, "executing program\n", 18executing program ) = 18 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] rt_sigaction(SIGRT_1, {sa_handler=0x7f5cd41dbe80, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5cd417f2f0}, NULL, 8) = 0 [pid 5852] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5cd4144000 [pid 5852] mprotect(0x7f5cd4145000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5852] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5cd4164990, parent_tid=0x7f5cd4164990, exit_signal=0, stack=0x7f5cd4144000, stack_size=0x20240, tls=0x7f5cd41646c0}./strace-static-x86_64: Process 5853 attached => {parent_tid=[5853]}, 88) = 5853 [pid 5853] rseq(0x7f5cd4164fe0, 0x20, 0, 0x53053053 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], [pid 5853] <... rseq resumed>) = 0 [pid 5853] set_robust_list(0x7f5cd41649a0, 24) = 0 [pid 5852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5853] socketpair(AF_UNIX, SOCK_SEQPACKET, 0, [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... socketpair resumed>NULL) = -1 EFAULT (Bad address) [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f5cd42373c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5853] bpf(BPF_MAP_CREATE, {map_type=BPF_MAP_TYPE_RINGBUF, key_size=0, value_size=0, max_entries=262144, map_flags=0, inner_map_fd=0, map_name="", map_ifindex=0, btf_fd=0, btf_key_type_id=0, btf_value_type_id=0, btf_vmlinux_value_type_id=0, map_extra=0}, 72 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... bpf resumed>) = 3 [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5853] futex(0x7f5cd42373c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 1 [pid 5853] bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_SCHED_CLS, insn_cnt=13, insns=0x20000580, license="GPL", log_level=0, log_size=0, log_buf=NULL, kern_version=KERNEL_VERSION(4, 16, 0), prog_flags=0, prog_name="", prog_ifindex=0, expected_attach_type=0x37 /* BPF_??? */, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 148 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] perf_event_open( [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... perf_event_open resumed>{type=PERF_TYPE_SOFTWARE, size=PERF_ATTR_SIZE_VER7, config=PERF_COUNT_SW_CPU_CLOCK, sample_period=23601, sample_type=0, read_format=0, precise_ip=0 /* arbitrary skid */, ...}, 0, -1, -1, 0) = 4 [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] bpf(BPF_MAP_CREATE, NULL, 0 [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... bpf resumed>) = -1 EINVAL (Invalid argument) [pid 5852] <... futex resumed>) = 0 [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] futex(0x7f5cd42373c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] openat(AT_FDCWD, "/dev/net/tun", O_RDONLY|O_NOFOLLOW) = 5 [pid 5853] futex(0x7f5cd42373cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f5cd42373c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] perf_event_open( [ 131.590698][ T5853] [ 131.593046][ T5853] ============================= [ 131.597876][ T5853] [ BUG: Invalid wait context ] [ 131.602714][ T5853] 6.13.0-rc3-syzkaller-gc5d2bac978c5 #0 Not tainted [ 131.609283][ T5853] ----------------------------- [ 131.614113][ T5853] syz-executor174/5853 is trying to lock: [ 131.619813][ T5853] ffffffff8ea6bb38 (stack_list_lock){-.-.}-{3:3}, at: __set_page_owner+0x5cb/0x800 [ 131.629146][ T5853] other info that might help us debug this: [ 131.635020][ T5853] context-{5:5} [ 131.638459][ T5853] 2 locks held by syz-executor174/5853: [ 131.643980][ T5853] #0: ffff8880b863e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 131.653893][ T5853] #1: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: ___perf_sw_event+0x1bd/0x730 [ 131.663452][ T5853] stack backtrace: [ 131.667166][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: syz-executor174 Not tainted 6.13.0-rc3-syzkaller-gc5d2bac978c5 #0 [ 131.677735][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 131.687779][ T5853] Call Trace: [ 131.691045][ T5853] [ 131.693962][ T5853] dump_stack_lvl+0x241/0x360 [ 131.698636][ T5853] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.704086][ T5853] ? __pfx__printk+0x10/0x10 [ 131.708663][ T5853] ? stack_trace_save+0x118/0x1d0 [ 131.713675][ T5853] __lock_acquire+0x15a8/0x2100 [ 131.718517][ T5853] lock_acquire+0x1ed/0x550 [ 131.723007][ T5853] ? __set_page_owner+0x5cb/0x800 [ 131.728018][ T5853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.734087][ T5853] ? __pfx_lock_acquire+0x10/0x10 [ 131.739103][ T5853] _raw_spin_lock_irqsave+0xd5/0x120 [ 131.744374][ T5853] ? __set_page_owner+0x5cb/0x800 [ 131.749388][ T5853] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 131.755276][ T5853] ? __kmalloc_cache_noprof+0x243/0x390 [ 131.760812][ T5853] ? __set_page_owner+0x55f/0x800 [ 131.765823][ T5853] __set_page_owner+0x5cb/0x800 [ 131.770663][ T5853] ? __pfx___set_page_owner+0x10/0x10 [ 131.776027][ T5853] post_alloc_hook+0x1f3/0x230 [ 131.780870][ T5853] get_page_from_freelist+0x365c/0x37a0 [ 131.786417][ T5853] __alloc_pages_noprof+0x292/0x710 [ 131.791601][ T5853] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 131.797306][ T5853] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 131.803474][ T5853] ? __kernel_text_address+0xd/0x40 [ 131.808668][ T5853] ? unwind_get_return_address+0x4d/0x90 [ 131.814290][ T5853] alloc_pages_mpol_noprof+0x3e8/0x680 [ 131.819741][ T5853] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 131.825710][ T5853] ? stack_trace_save+0x118/0x1d0 [ 131.830719][ T5853] ? alloc_pages_noprof+0xef/0x170 [ 131.835840][ T5853] stack_depot_save_flags+0x72d/0x940 [ 131.841214][ T5853] kasan_save_stack+0x4f/0x60 [ 131.845877][ T5853] ? kasan_save_stack+0x3f/0x60 [ 131.850713][ T5853] ? __kasan_record_aux_stack+0xac/0xc0 [ 131.856255][ T5853] ? task_work_add+0xd9/0x490 [ 131.861007][ T5853] ? __perf_event_overflow+0x78d/0xdc0 [ 131.866453][ T5853] ? perf_swevent_event+0x317/0x680 [ 131.871640][ T5853] ? ___perf_sw_event+0x4f3/0x730 [ 131.876653][ T5853] ? __schedule+0x23df/0x4c30 [ 131.881320][ T5853] ? schedule+0x14b/0x320 [ 131.885653][ T5853] ? ptrace_stop+0x5b4/0x940 [ 131.890234][ T5853] ? ptrace_notify+0x255/0x380 [ 131.894995][ T5853] ? syscall_exit_work+0xc7/0x1d0 [ 131.900008][ T5853] ? syscall_exit_to_user_mode+0x24a/0x340 [ 131.905807][ T5853] ? do_syscall_64+0x100/0x230 [ 131.910566][ T5853] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.916639][ T5853] ? __phys_addr+0xba/0x170 [ 131.921133][ T5853] __kasan_record_aux_stack+0xac/0xc0 [ 131.926500][ T5853] task_work_add+0xd9/0x490 [ 131.930994][ T5853] ? __pfx_task_work_add+0x10/0x10 [ 131.936107][ T5853] ? mark_lock+0x9a/0x360 [ 131.940429][ T5853] ? __perf_event_account_interrupt+0x17e/0x290 [ 131.946658][ T5853] __perf_event_overflow+0x78d/0xdc0 [ 131.951936][ T5853] ? __pfx___perf_event_overflow+0x10/0x10 [ 131.957732][ T5853] ? __lock_acquire+0x1397/0x2100 [ 131.962749][ T5853] perf_swevent_event+0x317/0x680 [ 131.967769][ T5853] ? __pfx_perf_swevent_event+0x10/0x10 [ 131.973330][ T5853] ___perf_sw_event+0x4f3/0x730 [ 131.978174][ T5853] ? psi_task_switch+0x387/0x7a0 [ 131.983104][ T5853] ? sched_clock_cpu+0x76/0x490 [ 131.987946][ T5853] ? ___perf_sw_event+0x1bd/0x730 [ 131.992963][ T5853] ? __pfx____perf_sw_event+0x10/0x10 [ 131.998337][ T5853] ? schedule+0x14b/0x320 [ 132.002658][ T5853] __schedule+0x23df/0x4c30 [ 132.007164][ T5853] ? __pfx___schedule+0x10/0x10 [ 132.012005][ T5853] ? __pfx_lock_release+0x10/0x10 [ 132.017020][ T5853] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 132.022987][ T5853] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 132.029320][ T5853] ? schedule+0x90/0x320 [ 132.033550][ T5853] schedule+0x14b/0x320 [ 132.037702][ T5853] ptrace_stop+0x5b4/0x940 [ 132.042111][ T5853] ptrace_notify+0x255/0x380 [ 132.046694][ T5853] ? __pfx_ptrace_notify+0x10/0x10 [ 132.051802][ T5853] syscall_exit_work+0xc7/0x1d0 [ 132.056642][ T5853] syscall_exit_to_user_mode+0x24a/0x340 [ 132.062269][ T5853] do_syscall_64+0x100/0x230 [ 132.066866][ T5853] ? clear_bhb_loop+0x35/0x90 [ 132.071531][ T5853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.077441][ T5853] RIP: 0033:0x7f5cd41b48b9 [ 132.081848][ T5853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 132.101441][ T5853] RSP: 002b:00007f5cd4164168 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 132.109845][ T5853] RAX: 0000000000000006 RBX: 00007f5cd42373c8 RCX: 00007f5cd41b48b9 [ 132.117805][ T5853] RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 0000000020000000 [ 132.125797][ T5853] RBP: 00007f5cd42373c0 R08: 0000000000000000 R09: 0000000000000000 [ 132.133754][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007f5cd42373cc [pid 5852] futex(0x7f5cd42373cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... perf_event_open resumed>{type=PERF_TYPE_SOFTWARE, size=PERF_ATTR_SIZE_VER7, config=PERF_COUNT_SW_CONTEXT_SWITCHES, sample_period=32, sample_type=PERF_SAMPLE_TID|PERF_SAMPLE_TIME|PERF_SAMPLE_PERIOD|PERF_SAMPLE_RAW|PERF_SAMPLE_STACK_USER|PERF_SAMPLE_IDENTIFIER, read_format=0, precise_ip=0 /* arbitrary skid */, remove_on_exec=1, sigtrap=1, ...}, 0, -1, -1, 0) = 6 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f5cd42373dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] --- SIGTRAP {si_signo=SIGTRAP, si_code=TRAP_PERF, si_addr=NULL} --- [pid 5852] <... futex resumed>) = 0 [ 132.141712][ T5853] R13: 0000000000000000 R14: 00007ffc7b7c8300 R15: 00007ffc7b7c83e8 [ 132.149678][ T5853] [ 133.056149][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.062471][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [pid 5848] kill(-5852, SIGKILL) = 0 [pid 5848] kill(5852, SIGKILL) = 0 [pid 5848] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5848] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5848] getdents64(3, 0x55559123e7f0 /* 2 entries */, 32768) = 48 [pid 5848] getdents64(3, 0x55559123e7f0 /* 0 entries */, 32768) = 0 [pid 5848] close(3) = 0