./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2962681059 <...> Warning: Permanently added '10.128.10.53' (ED25519) to the list of known hosts. execve("./syz-executor2962681059", ["./syz-executor2962681059"], 0x7ffd1175be20 /* 10 vars */) = 0 brk(NULL) = 0x55559475e000 brk(0x55559475ed40) = 0x55559475ed40 arch_prctl(ARCH_SET_FS, 0x55559475e3c0) = 0 set_tid_address(0x55559475e690) = 5074 set_robust_list(0x55559475e6a0, 24) = 0 rseq(0x55559475ece0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2962681059", 4096) = 28 getrandom("\x72\xe3\x52\x0c\x98\x3b\x2c\xac", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55559475ed40 brk(0x55559477fd40) = 0x55559477fd40 brk(0x555594780000) = 0x555594780000 mprotect(0x7ff8cc7c0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x55559475e690) = 5075 [pid 5075] set_robust_list(0x55559475e6a0, 24) = 0 [pid 5075] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5075] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5075] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5075] dup2(4, 202) = 202 [pid 5075] close(4) = 0 [pid 5075] write(202, "\xff\x00", 2) = 2 [pid 5075] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5075] rt_sigaction(SIGRT_1, {sa_handler=0x7ff8cc7648f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7ff8cc755f70}, NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5075] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7ff8cbe00000 [pid 5075] mprotect(0x7ff8cbe01000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7ff8cc600990, parent_tid=0x7ff8cc600990, exit_signal=0, stack=0x7ff8cbe00000, stack_size=0x800300, tls=0x7ff8cc6006c0} => {parent_tid=[2]}, 88) = 2 ./strace-static-x86_64: Process 5077 attached [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] ioctl(3, HCIDEVUP [pid 5077] rseq(0x7ff8cc600fe0, 0x20, 0, 0x53053053) = 0 [pid 5077] set_robust_list(0x7ff8cc6009a0, 24) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x01\x10\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5077] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5077] read(202, "\x01\x23\x0c\x00", 1024) = 4 [ 109.376075][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.396262][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.405446][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x25\x0c\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x25\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x38\x0c\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5077] read(202, [pid 5075] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5075] ioctl(3, HCISETSCAN [pid 5077] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5077] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5077] rt_sigprocmask(SIG_BLOCK, ~[RT_1], NULL, 8) = 0 [pid 5075] <... ioctl resumed>, 0x7ffffdc558e8) = 0 [pid 5077] madvise(0x7ff8cbe00000, 8372224, MADV_DONTNEED [pid 5075] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5077] <... madvise resumed>) = 0 [pid 5077] exit(0 [pid 5075] <... writev resumed>) = 13 [pid 5077] <... exit resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5075] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3) = 14 [pid 5075] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3) = 14 [pid 5075] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5075] close(3) = 0 [ 109.426613][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.446363][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 109.454679][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setsid() = 1 [pid 5075] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5075] unshare(CLONE_NEWNS) = 0 [pid 5075] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5075] unshare(CLONE_NEWIPC) = 0 [pid 5075] unshare(CLONE_NEWCGROUP) = 0 [pid 5075] unshare(CLONE_NEWUTS) = 0 [pid 5075] unshare(CLONE_SYSVSEM) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "16777216", 8) = 8 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "536870912", 9) = 9 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "8192", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5075] close(3) = 0 [pid 5075] getpid() = 1 [pid 5075] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5075] kill(-3, SIGKILL) = 0 [pid 5075] kill(3, SIGKILL) = 0 [pid 5075] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5075] getdents64(3, 0x55559475f850 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(3, 0x55559475f850 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [pid 5085] <... sendmsg resumed>) = ? [ 123.890650][ C0] hrtimer: interrupt took 6324989871 ns [ 123.897349][ T52] Bluetooth: hci0: command tx timeout [ 228.944101][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 228.951133][ C1] rcu: 0-...!: (1 ticks this GP) idle=1474/0/0x1 softirq=7454/7454 fqs=0 [ 228.960637][ C1] rcu: (detected by 1, t=10502 jiffies, g=11509, q=204 ncpus=2) [ 228.968429][ C1] Sending NMI from CPU 1 to CPUs 0: [ 228.973702][ C0] NMI backtrace for cpu 0 [ 228.973716][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 228.973752][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 228.973771][ C0] RIP: 0010:advance_sched+0x234/0xc60 [ 228.973841][ C0] Code: 00 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 65 09 00 00 49 8b af 40 01 00 00 48 89 df 48 89 ee e8 0f 23 a6 f8 48 39 eb <0f> 84 55 07 00 00 e8 b1 28 a6 f8 48 8b 04 24 4d 8d a7 10 01 00 00 [ 228.973874][ C0] RSP: 0018:ffffc90000007d80 EFLAGS: 00000006 [ 228.973900][ C0] RAX: 0000000000010002 RBX: 17beef7bc57e6c00 RCX: ffffffff88e81371 [ 228.973922][ C0] RDX: ffffffff8d495700 RSI: 17beef7bc57e6c00 RDI: 0000000000000006 [ 228.973951][ C0] RBP: 0000000000000000 R08: 0000000000000006 R09: 17beef7bc57e6c00 [ 228.973972][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880b942cac0 [ 228.973994][ C0] R13: ffff88802afcb340 R14: ffff88802afcb340 R15: ffff888029b33000 [ 228.974021][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 228.974053][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 228.974077][ C0] CR2: 000055761bd66390 CR3: 0000000024942000 CR4: 0000000000350ef0 [ 228.974100][ C0] Call Trace: [ 228.974114][ C0] [ 228.974127][ C0] ? show_regs+0x8c/0xa0 [ 228.974160][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 228.974201][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 228.974254][ C0] ? nmi_handle+0x1ac/0x580 [ 228.974286][ C0] ? __pfx_perf_event_nmi_handler+0x10/0x10 [ 228.974330][ C0] ? advance_sched+0x234/0xc60 [ 228.974370][ C0] ? default_do_nmi+0x6a/0x160 [ 228.974413][ C0] ? exc_nmi+0x170/0x1e0 [ 228.974450][ C0] ? end_repeat_nmi+0xf/0x53 [ 228.974510][ C0] ? advance_sched+0x231/0xc60 [ 228.974550][ C0] ? advance_sched+0x234/0xc60 [ 228.974590][ C0] ? advance_sched+0x234/0xc60 [ 228.974631][ C0] ? advance_sched+0x234/0xc60 [ 228.974670][ C0] [ 228.974680][ C0] [ 228.974695][ C0] ? timerqueue_del+0x83/0x150 [ 228.974729][ C0] ? srso_return_thunk+0x5/0x5f [ 228.974779][ C0] ? do_raw_spin_unlock+0x172/0x230 [ 228.974830][ C0] ? __pfx_advance_sched+0x10/0x10 [ 228.974868][ C0] __hrtimer_run_queues+0x20f/0xc20 [ 228.974922][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 228.974972][ C0] ? ktime_get_update_offsets_now+0x3bd/0x620 [ 228.975016][ C0] hrtimer_interrupt+0x31b/0x800 [ 228.975074][ C0] __sysvec_apic_timer_interrupt+0x112/0x410 [ 228.975113][ C0] sysvec_apic_timer_interrupt+0x90/0xb0 [ 228.975161][ C0] [ 228.975171][ C0] [ 228.975182][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 228.975238][ C0] RIP: 0010:acpi_safe_halt+0x1a/0x20 [ 228.975273][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 65 48 8b 05 38 74 30 75 48 8b 00 a8 08 75 0c eb 07 0f 00 2d e8 b2 a6 00 fb f4 e9 00 c8 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 228.975305][ C0] RSP: 0018:ffffffff8d407d68 EFLAGS: 00000246 [ 228.975329][ C0] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff8ad342d9 [ 228.975360][ C0] RDX: 0000000000000001 RSI: ffff8880176be000 RDI: ffff8880176be064 [ 228.975383][ C0] RBP: ffff8880176be064 R08: 0000000000000001 R09: ffffed1017286fdd [ 228.975405][ C0] R10: ffff8880b9437eeb R11: 0000000000000000 R12: ffff888019bff000 [ 228.975427][ C0] R13: ffffffff8e32a760 R14: 0000000000000000 R15: 0000000000000000 [ 228.975455][ C0] ? ct_kernel_exit+0x139/0x190 [ 228.975511][ C0] ? srso_return_thunk+0x5/0x5f [ 228.975560][ C0] acpi_idle_enter+0xc5/0x160 [ 228.975597][ C0] cpuidle_enter_state+0x88/0x510 [ 228.975653][ C0] ? __pfx_tsc_verify_tsc_adjust+0x10/0x10 [ 228.975710][ C0] cpuidle_enter+0x4e/0xa0 [ 228.975745][ C0] do_idle+0x313/0x3f0 [ 228.975791][ C0] ? __pfx_do_idle+0x10/0x10 [ 228.975841][ C0] cpu_startup_entry+0x4f/0x60 [ 228.975887][ C0] rest_init+0x16f/0x2b0 [ 228.975920][ C0] ? srso_return_thunk+0x5/0x5f [ 228.975975][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 228.976032][ C0] arch_call_rest_init+0x13/0x40 [ 228.976088][ C0] start_kernel+0x3a3/0x490 [ 228.976142][ C0] x86_64_start_reservations+0x18/0x30 [ 228.976197][ C0] x86_64_start_kernel+0xb2/0xc0 [ 228.976250][ C0] common_startup_64+0x13e/0x148 [ 228.976301][ C0] [ 228.976313][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.611 msecs [ 228.976695][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10501 jiffies! g11509 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 229.412604][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=3366 [ 229.420439][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g11509 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 229.431856][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 229.441849][ C1] rcu: RCU grace-period kthread stack dump: [ 229.447757][ C1] task:rcu_preempt state:I stack:28144 pid:16 tgid:16 ppid:2 flags:0x00004000 [ 229.457974][ C1] Call Trace: [ 229.461280][ C1] [ 229.464255][ C1] __schedule+0xf15/0x5c70 [ 229.468733][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 229.473982][ C1] ? srso_return_thunk+0x5/0x5f [ 229.478904][ C1] ? srso_return_thunk+0x5/0x5f [ 229.483822][ C1] ? __pfx___schedule+0x10/0x10 [ 229.488722][ C1] ? srso_return_thunk+0x5/0x5f [ 229.493638][ C1] ? schedule+0x298/0x350 [ 229.498024][ C1] ? __pfx_lock_release+0x10/0x10 [ 229.503104][ C1] ? __pfx___mod_timer+0x10/0x10 [ 229.508093][ C1] ? lock_acquire+0x1b1/0x540 [ 229.512926][ C1] ? srso_return_thunk+0x5/0x5f [ 229.517842][ C1] ? lockdep_init_map_type+0x16d/0x7d0 [ 229.523359][ C1] schedule+0xe7/0x350 [ 229.527489][ C1] schedule_timeout+0x136/0x2a0 [ 229.532387][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 229.537823][ C1] ? __pfx_process_timeout+0x10/0x10 [ 229.543179][ C1] ? srso_return_thunk+0x5/0x5f [ 229.548089][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 229.553948][ C1] ? srso_return_thunk+0x5/0x5f [ 229.558857][ C1] ? prepare_to_swait_event+0xf0/0x470 [ 229.564376][ C1] rcu_gp_fqs_loop+0x1eb/0xb00 [ 229.569221][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 229.574575][ C1] ? __pfx_lock_release+0x10/0x10 [ 229.579644][ C1] ? srso_return_thunk+0x5/0x5f [ 229.584582][ C1] rcu_gp_kthread+0x271/0x380 [ 229.589348][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 229.594624][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 229.599884][ C1] ? srso_return_thunk+0x5/0x5f [ 229.604798][ C1] ? srso_return_thunk+0x5/0x5f [ 229.609710][ C1] ? __kthread_parkme+0x148/0x220 [ 229.614808][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 229.620072][ C1] kthread+0x2c4/0x3a0 [ 229.624183][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 229.629434][ C1] ? __pfx_kthread+0x10/0x10 [ 229.634074][ C1] ret_from_fork+0x48/0x80 [ 229.638558][ C1] ? __pfx_kthread+0x10/0x10 [ 229.643193][ C1] ret_from_fork_asm+0x1a/0x30 [ 229.648055][ C1] [ 376.540139][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [kworker/u8:3:50] [ 376.548482][ C1] Modules linked in: [ 376.552405][ C1] irq event stamp: 848480 [ 376.556754][ C1] hardirqs last enabled at (848479): [] irqentry_exit+0x3b/0x90 [ 376.566107][ C1] hardirqs last disabled at (848480): [] sysvec_apic_timer_interrupt+0xe/0xb0 [ 376.576583][ C1] softirqs last enabled at (848478): [] __do_softirq+0x596/0x8de [ 376.586032][ C1] softirqs last disabled at (848463): [] irq_exit_rcu+0xb9/0x120 [ 376.595730][ C1] CPU: 1 PID: 50 Comm: kworker/u8:3 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 376.605401][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 376.615493][ C1] Workqueue: events_unbound toggle_allocation_gate [ 376.622081][ C1] RIP: 0010:smp_call_function_many_cond+0x4e7/0x1590 [ 376.628816][ C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 ab 05 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 5d 0e 00 00 8b 43 08 31 [ 376.648483][ C1] RSP: 0018:ffffc90000ba7910 EFLAGS: 00000293 [ 376.654601][ C1] RAX: 0000000000000000 RBX: ffff8880b94463e0 RCX: ffffffff818236ab [ 376.662618][ C1] RDX: ffff88801b6dda00 RSI: ffffffff81823685 RDI: 0000000000000005 [ 376.670626][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 376.678634][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed1017288c7d [ 376.686642][ C1] R13: 0000000000000001 R14: ffff8880b94463e8 R15: ffff8880b953f880 [ 376.694654][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 376.703627][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 376.710251][ C1] CR2: 000055761bd4d398 CR3: 000000000d57a000 CR4: 0000000000350ef0 [ 376.718265][ C1] Call Trace: [ 376.721585][ C1] [ 376.724464][ C1] ? show_regs+0x8c/0xa0 [ 376.728756][ C1] ? watchdog_timer_fn+0x570/0x7d0 [ 376.733924][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 376.739441][ C1] ? __hrtimer_run_queues+0x65a/0xc20 [ 376.744884][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 376.750656][ C1] ? ktime_get_update_offsets_now+0x3bd/0x620 [ 376.756790][ C1] ? hrtimer_interrupt+0x31b/0x800 [ 376.761981][ C1] ? __sysvec_apic_timer_interrupt+0x112/0x410 [ 376.768185][ C1] ? sysvec_apic_timer_interrupt+0x90/0xb0 [ 376.774060][ C1] [ 376.777029][ C1] [ 376.779989][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 376.786226][ C1] ? smp_call_function_many_cond+0x50b/0x1590 [ 376.792351][ C1] ? smp_call_function_many_cond+0x4e5/0x1590 [ 376.798479][ C1] ? smp_call_function_many_cond+0x4e7/0x1590 [ 376.804612][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 376.809700][ C1] ? kmem_cache_alloc_bulk+0x1b9/0x940 [ 376.815217][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 376.821614][ C1] ? __pfx___text_poke+0x10/0x10 [ 376.826614][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 376.831704][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 376.836879][ C1] text_poke_bp_batch+0x22b/0x760 [ 376.841966][ C1] ? arch_jump_label_transform_apply+0x17/0x30 [ 376.848192][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 376.853796][ C1] ? __jump_label_patch+0x1db/0x400 [ 376.859055][ C1] ? srso_safe_ret+0xc/0x20 [ 376.863619][ C1] ? text_poke_queue+0xef/0x180 [ 376.868525][ C1] ? srso_return_thunk+0x5/0x5f [ 376.873442][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 376.879763][ C1] text_poke_finish+0x30/0x40 [ 376.884502][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 376.890549][ C1] jump_label_update+0x1d7/0x400 [ 376.895541][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 376.901484][ C1] static_key_enable+0x1a/0x20 [ 376.906294][ C1] toggle_allocation_gate+0xf8/0x250 [ 376.911655][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 376.917697][ C1] ? srso_return_thunk+0x5/0x5f [ 376.922692][ C1] process_one_work+0x9ac/0x1a60 [ 376.927752][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 376.932840][ C1] ? __pfx_process_one_work+0x10/0x10 [ 376.938283][ C1] ? srso_return_thunk+0x5/0x5f [ 376.943223][ C1] ? srso_return_thunk+0x5/0x5f [ 376.948142][ C1] ? assign_work+0x1a0/0x250 [ 376.952789][ C1] worker_thread+0x6c8/0xf70 [ 376.957460][ C1] ? __pfx_worker_thread+0x10/0x10 [ 376.962626][ C1] kthread+0x2c4/0x3a0 [ 376.966745][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 376.972005][ C1] ? __pfx_kthread+0x10/0x10 [ 376.976646][ C1] ret_from_fork+0x48/0x80 [ 376.981155][ C1] ? __pfx_kthread+0x10/0x10 [ 376.985803][ C1] ret_from_fork_asm+0x1a/0x30 [ 376.990656][ C1] [ 376.993715][ C1] Kernel panic - not syncing: softlockup: hung tasks [ 377.000418][ C1] CPU: 1 PID: 50 Comm: kworker/u8:3 Tainted: G L 6.8.0-syzkaller-08951-gfe46a7dd189e #0 [ 377.011579][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 377.021670][ C1] Workqueue: events_unbound toggle_allocation_gate [ 377.028251][ C1] Call Trace: [ 377.031560][ C1] [ 377.034437][ C1] dump_stack_lvl+0x3d/0x1f0 [ 377.039084][ C1] panic+0x6f5/0x7a0 [ 377.043025][ C1] ? srso_return_thunk+0x5/0x5f [ 377.047940][ C1] ? __pfx_panic+0x10/0x10 [ 377.052428][ C1] ? watchdog_timer_fn+0x5f2/0x7d0 [ 377.057599][ C1] ? watchdog_timer_fn+0x5e5/0x7d0 [ 377.062774][ C1] watchdog_timer_fn+0x603/0x7d0 [ 377.067764][ C1] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 377.073615][ C1] __hrtimer_run_queues+0x65a/0xc20 [ 377.078878][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 377.084644][ C1] ? ktime_get_update_offsets_now+0x3bd/0x620 [ 377.090764][ C1] hrtimer_interrupt+0x31b/0x800 [ 377.095776][ C1] __sysvec_apic_timer_interrupt+0x112/0x410 [ 377.101806][ C1] sysvec_apic_timer_interrupt+0x90/0xb0 [ 377.107496][ C1] [ 377.110453][ C1] [ 377.113404][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 377.119447][ C1] RIP: 0010:smp_call_function_many_cond+0x4e7/0x1590 [ 377.126179][ C1] Code: 0c 00 85 ed 74 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 f4 4c 89 f5 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 ab 05 0c 00 f3 90 <41> 0f b6 04 24 40 38 c5 7c 08 84 c0 0f 85 5d 0e 00 00 8b 43 08 31 [ 377.145829][ C1] RSP: 0018:ffffc90000ba7910 EFLAGS: 00000293 [ 377.151940][ C1] RAX: 0000000000000000 RBX: ffff8880b94463e0 RCX: ffffffff818236ab [ 377.159946][ C1] RDX: ffff88801b6dda00 RSI: ffffffff81823685 RDI: 0000000000000005 [ 377.167973][ C1] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 377.175989][ C1] R10: 0000000000000001 R11: 0000000000000006 R12: ffffed1017288c7d [ 377.184082][ C1] R13: 0000000000000001 R14: ffff8880b94463e8 R15: ffff8880b953f880 [ 377.192099][ C1] ? smp_call_function_many_cond+0x50b/0x1590 [ 377.198237][ C1] ? smp_call_function_many_cond+0x4e5/0x1590 [ 377.204381][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 377.209465][ C1] ? kmem_cache_alloc_bulk+0x1b9/0x940 [ 377.214983][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 377.221380][ C1] ? __pfx___text_poke+0x10/0x10 [ 377.226371][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 377.231448][ C1] on_each_cpu_cond_mask+0x40/0x90 [ 377.236619][ C1] text_poke_bp_batch+0x22b/0x760 [ 377.241702][ C1] ? arch_jump_label_transform_apply+0x17/0x30 [ 377.247924][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 377.253608][ C1] ? __jump_label_patch+0x1db/0x400 [ 377.258863][ C1] ? srso_safe_ret+0xc/0x20 [ 377.263427][ C1] ? text_poke_queue+0xef/0x180 [ 377.268338][ C1] ? srso_return_thunk+0x5/0x5f [ 377.273245][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 377.279558][ C1] text_poke_finish+0x30/0x40 [ 377.284293][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 377.290333][ C1] jump_label_update+0x1d7/0x400 [ 377.295352][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 377.301312][ C1] static_key_enable+0x1a/0x20 [ 377.306124][ C1] toggle_allocation_gate+0xf8/0x250 [ 377.311479][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 377.317457][ C1] ? srso_return_thunk+0x5/0x5f [ 377.322376][ C1] process_one_work+0x9ac/0x1a60 [ 377.327389][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 377.332466][ C1] ? __pfx_process_one_work+0x10/0x10 [ 377.337897][ C1] ? srso_return_thunk+0x5/0x5f [ 377.342819][ C1] ? srso_return_thunk+0x5/0x5f [ 377.347729][ C1] ? assign_work+0x1a0/0x250 [ 377.352380][ C1] worker_thread+0x6c8/0xf70 [ 377.357059][ C1] ? __pfx_worker_thread+0x10/0x10 [ 377.362232][ C1] kthread+0x2c4/0x3a0 [ 377.366344][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 377.371596][ C1] ? __pfx_kthread+0x10/0x10 [ 377.376231][ C1] ret_from_fork+0x48/0x80 [ 377.380757][ C1] ? __pfx_kthread+0x10/0x10 [ 377.385407][ C1] ret_from_fork_asm+0x1a/0x30 [ 377.390260][ C1] [ 378.572102][ C1] Shutting down cpus with NMI [ 378.577116][ C1] Kernel Offset: disabled [ 378.581508][ C1] Rebooting in 86400 seconds..