./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor235022398

<...>
Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts.
execve("./syz-executor235022398", ["./syz-executor235022398"], 0x7ffcd79fc610 /* 10 vars */) = 0
brk(NULL)                               = 0x55556de94000
brk(0x55556de94d40)                     = 0x55556de94d40
arch_prctl(ARCH_SET_FS, 0x55556de943c0) = 0
set_tid_address(0x55556de94690)         = 5872
set_robust_list(0x55556de946a0, 24)     = 0
rseq(0x55556de94ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor235022398", 4096) = 27
getrandom("\x88\xb4\x60\x0b\x1b\x8a\x13\xc0", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x55556de94d40
brk(0x55556deb5d40)                     = 0x55556deb5d40
brk(0x55556deb6000)                     = 0x55556deb6000
mprotect(0x7f2767bff000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55556de94690) = 5873
./strace-static-x86_64: Process 5873 attached
[pid  5873] set_robust_list(0x55556de946a0, 24) = 0
[pid  5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5873] setpgid(0, 0)               = 0
[pid  5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5873] write(3, "1000", 4)         = 4
[pid  5873] close(3)                    = 0
[pid  5873] write(1, "executing program\n", 18executing program
) = 18
[pid  5873] futex(0x7f2767c0530c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5873] rt_sigaction(SIGRT_1, {sa_handler=0x7f2767ba11e0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2767b92860}, NULL, 8) = 0
[pid  5873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2767b14000
[pid  5873] mprotect(0x7f2767b15000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5873] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2767b34990, parent_tid=0x7f2767b34990, exit_signal=0, stack=0x7f2767b14000, stack_size=0x20300, tls=0x7f2767b346c0}./strace-static-x86_64: Process 5874 attached
 => {parent_tid=[5874]}, 88) = 5874
[pid  5873] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5874] rseq(0x7f2767b34fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5873] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5874] <... rseq resumed>)         = 0
[pid  5873] futex(0x7f2767c05308, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5874] set_robust_list(0x7f2767b349a0, 24 <unfinished ...>
[pid  5873] <... futex resumed>)        = 0
[pid  5874] <... set_robust_list resumed>) = 0
[pid  5874] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5873] futex(0x7f2767c0530c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5874] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5874] mremap(0x2000003c9000, 8192, 8192, MREMAP_MAYMOVE|MREMAP_FIXED|MREMAP_DONTUNMAP, 0x2000001de000 <unfinished ...>
[pid  5873] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5873] futex(0x7f2767c0531c, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  5872] kill(-5873, SIGKILL)        = 0
[pid  5873] <... mmap resumed>)         = ?
[pid  5872] kill(5873, SIGKILL)         = 0
[pid  5872] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5872] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5872] getdents64(3, 0x55556de95730 /* 2 entries */, 32768) = 48
[pid  5872] getdents64(3, 0x55556de95730 /* 0 entries */, 32768) = 0
[pid  5872] close(3)                    = 0
[  429.958550][   T31] INFO: task syz-executor235:5873 blocked for more than 143 seconds.
[  429.966766][   T31]       Not tainted 6.16.0-rc6-next-20250718-syzkaller #0
[  429.974381][   T31]       Blocked by coredump.
[  429.979197][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.987892][   T31] task:syz-executor235 state:D stack:26504 pid:5873  tgid:5873  ppid:5872   task_flags:0x40044c flags:0x00004006
[  430.000649][   T31] Call Trace:
[  430.003964][   T31]  <TASK>
[  430.006916][   T31]  __schedule+0x1737/0x4d30
[  430.011795][   T31]  ? __lock_acquire+0xab9/0xd20
[  430.016684][   T31]  ? schedule+0x165/0x360
[  430.021352][   T31]  ? __lock_acquire+0xab9/0xd20
[  430.026233][   T31]  ? __pfx___schedule+0x10/0x10
[  430.031406][   T31]  ? schedule+0x91/0x360
[  430.035689][   T31]  schedule+0x165/0x360
[  430.040229][   T31]  schedule_preempt_disabled+0x13/0x30
[  430.045728][   T31]  rwsem_down_read_slowpath+0x5fd/0x8f0
[  430.051549][   T31]  ? rwsem_down_read_slowpath+0x4b8/0x8f0
[  430.057299][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  430.064184][   T31]  ? exit_mm+0xcc/0x2c0
[  430.068577][   T31]  ? __pfx_mm_release+0x10/0x10
[  430.073549][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.079248][   T31]  down_read+0x98/0x2e0
[  430.083437][   T31]  exit_mm+0xcc/0x2c0
[  430.087450][   T31]  ? __pfx_exit_mm+0x10/0x10
[  430.092391][   T31]  ? rcu_is_watching+0x15/0xb0
[  430.097205][   T31]  do_exit+0x648/0x2300
[  430.101892][   T31]  ? do_raw_spin_lock+0x121/0x290
[  430.106965][   T31]  ? __pfx_do_exit+0x10/0x10
[  430.111897][   T31]  do_group_exit+0x21c/0x2d0
[  430.116518][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.122091][   T31]  get_signal+0x1286/0x1340
[  430.126656][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  430.132503][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.137745][   T31]  ? _raw_spin_unlock_irq+0x2e/0x50
[  430.143339][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  430.149748][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  430.155251][   T31]  exit_to_user_mode_loop+0x75/0x110
[  430.161008][   T31]  do_syscall_64+0x2bd/0x3b0
[  430.165659][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.171708][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.177814][   T31]  ? clear_bhb_loop+0x60/0xb0
[  430.182874][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.189039][   T31] RIP: 0033:0x7f2767b7b2e3
[  430.193473][   T31] RSP: 002b:00007ffec83a6f18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  430.202272][   T31] RAX: fffffffffffffffc RBX: fffffffffffff000 RCX: 00007f2767b7b2e3
[  430.210498][   T31] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[  430.218767][   T31] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000
[  430.226794][   T31] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffec83a70d0
[  430.235157][   T31] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  430.243485][   T31]  </TASK>
[  430.246589][   T31] 
[  430.246589][   T31] Showing all locks held in the system:
[  430.255038][   T31] 1 lock held by khungtaskd/31:
[  430.260209][   T31]  #0: ffffffff8e53d8a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  430.270342][   T31] 2 locks held by getty/5608:
[  430.275057][   T31]  #0: ffff88814da800a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  430.285851][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  430.296442][   T31] 1 lock held by syz-executor235/5873:
[  430.302199][   T31]  #0: ffff888024a61760 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0xcc/0x2c0
[  430.311246][   T31] 1 lock held by syz-executor235/5874:
[  430.316772][   T31] 
[  430.319380][   T31] =============================================
[  430.319380][   T31] 
[  430.327812][   T31] NMI backtrace for cpu 1
[  430.327829][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  430.327849][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  430.327859][   T31] Call Trace:
[  430.327867][   T31]  <TASK>
[  430.327875][   T31]  dump_stack_lvl+0x189/0x250
[  430.327908][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.327933][   T31]  ? __pfx__printk+0x10/0x10
[  430.327969][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  430.327994][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  430.328017][   T31]  ? __pfx__printk+0x10/0x10
[  430.328045][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  430.328067][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  430.328091][   T31]  watchdog+0xf93/0xfe0
[  430.328116][   T31]  ? watchdog+0x1de/0xfe0
[  430.328139][   T31]  kthread+0x70e/0x8a0
[  430.328169][   T31]  ? __pfx_watchdog+0x10/0x10
[  430.328186][   T31]  ? __pfx_kthread+0x10/0x10
[  430.328212][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.328234][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.328257][   T31]  ? __pfx_kthread+0x10/0x10
[  430.328282][   T31]  ret_from_fork+0x3f9/0x770
[  430.328306][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  430.328337][   T31]  ? __switch_to_asm+0x39/0x70
[  430.328351][   T31]  ? __switch_to_asm+0x33/0x70
[  430.328365][   T31]  ? __pfx_kthread+0x10/0x10
[  430.328390][   T31]  ret_from_fork_asm+0x1a/0x30
[  430.328422][   T31]  </TASK>
[  430.471437][   T31] Sending NMI from CPU 1 to CPUs 0:
[  430.476683][    C0] NMI backtrace for cpu 0
[  430.476702][    C0] CPU: 0 UID: 0 PID: 5874 Comm: syz-executor235 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  430.476721][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  430.476730][    C0] RIP: 0010:check_preemption_disabled+0x59/0x120
[  430.476752][    C0] Code: 8b 0d 5b c1 67 07 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d e9 01 cb 02 00 cc 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 74 c8 65 4c 8b 3c 25 08 50 e7 92 41
[  430.476764][    C0] RSP: 0018:ffffc90004047298 EFLAGS: 00000046
[  430.476778][    C0] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 0000000080000000
[  430.476789][    C0] RDX: 0000000000000000 RSI: ffffffff8dc7dde5 RDI: ffffffff8c04d400
[  430.476799][    C0] RBP: 00000000ffffffff R08: ffff8880281d8000 R09: 0000000000000004
[  430.476809][    C0] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000246
[  430.476818][    C0] R13: ffff8880281d8000 R14: ffff888024a61760 R15: ffffffffffffffff
[  430.476830][    C0] FS:  00007f2767b346c0(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
[  430.476842][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  430.476853][    C0] CR2: 000056372cc00168 CR3: 0000000075d34000 CR4: 00000000003526f0
[  430.476869][    C0] Call Trace:
[  430.476876][    C0]  <TASK>
[  430.476885][    C0]  lock_is_held_type+0x79/0x190
[  430.476909][    C0]  mas_next_slot+0x97a/0xcf0
[  430.476937][    C0]  mas_find+0xb0e/0xd30
[  430.476959][    C0]  validate_mm+0xe1/0x4b0
[  430.476981][    C0]  ? __pfx_validate_mm+0x10/0x10
[  430.477008][    C0]  vma_link+0x366/0x450
[  430.477029][    C0]  ? __pfx_vma_link+0x10/0x10
[  430.477052][    C0]  ? anon_vma_clone+0x49b/0x4f0
[  430.477080][    C0]  ? anon_vma_name+0x87/0xf0
[  430.477096][    C0]  ? vm_area_dup+0x4f5/0x680
[  430.477116][    C0]  copy_vma+0x70c/0x940
[  430.477139][    C0]  ? __pfx_copy_vma+0x10/0x10
[  430.477162][    C0]  ? __pfx_move_page_tables+0x10/0x10
[  430.477193][    C0]  move_vma+0x81f/0x1840
[  430.477212][    C0]  ? __lock_acquire+0xab9/0xd20
[  430.477236][    C0]  ? arch_get_unmapped_area_topdown+0x251/0xbc0
[  430.477256][    C0]  ? __pfx_move_vma+0x10/0x10
[  430.477277][    C0]  ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10
[  430.477301][    C0]  ? cap_mmap_addr+0xb0/0x100
[  430.477319][    C0]  ? bpf_lsm_mmap_addr+0x9/0x20
[  430.477334][    C0]  ? security_mmap_addr+0x71/0x270
[  430.477355][    C0]  mremap_to+0x6d6/0x7a0
[  430.477378][    C0]  ? __pfx_mremap_to+0x10/0x10
[  430.477399][    C0]  ? check_prep_vma+0x740/0xae0
[  430.477423][    C0]  __se_sys_mremap+0xa0b/0xef0
[  430.477452][    C0]  ? __pfx___se_sys_mremap+0x10/0x10
[  430.477474][    C0]  ? __pfx_ptrace_notify+0x10/0x10
[  430.477498][    C0]  ? __x64_sys_mremap+0x20/0xc0
[  430.477518][    C0]  do_syscall_64+0xfa/0x3b0
[  430.477539][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.477553][    C0]  ? __switch_to_asm+0x39/0x70
[  430.477566][    C0]  ? clear_bhb_loop+0x60/0xb0
[  430.477582][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.477596][    C0] RIP: 0033:0x7f2767b7b2a9
[  430.477609][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  430.477620][    C0] RSP: 002b:00007f2767b34238 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  430.477635][    C0] RAX: ffffffffffffffda RBX: 00007f2767c05308 RCX: 00007f2767b7b2a9
[  430.477646][    C0] RDX: 0000000000002000 RSI: 0000000000002000 RDI: 00002000003c9000
[  430.477656][    C0] RBP: 00007f2767c05300 R08: 00002000001de000 R09: 00007f2767b346c0
[  430.477666][    C0] R10: 0000000000000007 R11: 0000000000000246 R12: 00002000003c9000
[  430.477676][    C0] R13: 0000000000000000 R14: 00007ffec83a6e90 R15: 00007ffec83a6f78
[  430.477701][    C0]  </TASK>
[  430.477708][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.026 msecs
[  430.852456][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  430.859321][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  430.870606][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  430.880660][   T31] Call Trace:
[  430.883952][   T31]  <TASK>
[  430.886883][   T31]  dump_stack_lvl+0x99/0x250
[  430.891485][   T31]  ? __asan_memcpy+0x40/0x70
[  430.896124][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.901332][   T31]  ? __pfx__printk+0x10/0x10
[  430.905937][   T31]  vpanic+0x281/0x750
[  430.910217][   T31]  ? __pfx_vpanic+0x10/0x10
[  430.914726][   T31]  ? preempt_schedule+0xae/0xc0
[  430.919587][   T31]  ? preempt_schedule_common+0x83/0xd0
[  430.925056][   T31]  panic+0xb9/0xc0
[  430.928786][   T31]  ? __pfx_panic+0x10/0x10
[  430.933207][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  430.938598][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  430.944758][   T31]  watchdog+0xfd2/0xfe0
[  430.948927][   T31]  ? watchdog+0x1de/0xfe0
[  430.953273][   T31]  kthread+0x70e/0x8a0
[  430.957446][   T31]  ? __pfx_watchdog+0x10/0x10
[  430.962123][   T31]  ? __pfx_kthread+0x10/0x10
[  430.966723][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  430.971931][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.977133][   T31]  ? __pfx_kthread+0x10/0x10
[  430.981729][   T31]  ret_from_fork+0x3f9/0x770
[  430.986335][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  430.991458][   T31]  ? __switch_to_asm+0x39/0x70
[  430.996230][   T31]  ? __switch_to_asm+0x33/0x70
[  431.000990][   T31]  ? __pfx_kthread+0x10/0x10
[  431.005587][   T31]  ret_from_fork_asm+0x1a/0x30
[  431.010364][   T31]  </TASK>
[  431.013716][   T31] Kernel Offset: disabled
[  431.018036][   T31] Rebooting in 86400 seconds..