./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1219612226 <...> Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts. execve("./syz-executor1219612226", ["./syz-executor1219612226"], 0x7ffd938159e0 /* 10 vars */) = 0 brk(NULL) = 0x55555e47f000 brk(0x55555e47fd40) = 0x55555e47fd40 arch_prctl(ARCH_SET_FS, 0x55555e47f3c0) = 0 set_tid_address(0x55555e47f690) = 5858 set_robust_list(0x55555e47f6a0, 24) = 0 rseq(0x55555e47fce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1219612226", 4096) = 28 getrandom("\x1d\x93\x54\xb4\xe3\xb6\x6b\x0c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555e47fd40 brk(0x55555e4a0d40) = 0x55555e4a0d40 brk(0x55555e4a1000) = 0x55555e4a1000 mprotect(0x7fd855ceb000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x55555e47f690) = 5859 [pid 5858] openat(AT_FDCWD, "/sys/kernel/debug/x86/nmi_longest_ns", O_WRONLY|O_CLOEXEC [pid 5859] set_robust_list(0x55555e47f6a0, 24) = 0 [pid 5858] <... openat resumed>) = 3 [pid 5858] write(3, "10000000000", 11) = 11 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/hung_task_check_interval_secs", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "20", 2) = 2 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_kallsyms", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/net/core/bpf_jit_harden", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "0", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/kptr_restrict", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "0", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/softlockup_all_cpu_backtrace", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "100", 3) = 3 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/vm/oom_dump_tasks", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "0", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/debug/exception-trace", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "0", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/printk", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "7 4 1 3", 7) = 7 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/keys/gc_delay", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/vm/oom_kill_allocating_task", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/ctrl-alt-del", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "0", 1) = 1 [pid 5858] close(3) = 0 [pid 5858] openat(AT_FDCWD, "/proc/sys/kernel/cad_pid", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "5859", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] kill(5859, SIGKILL) = 0 [pid 5859] +++ killed by SIGKILL +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5859, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=0} --- mount(NULL, "/proc/sys/fs/binfmt_misc", "binfmt_misc", 0, NULL) = -1 EBUSY (Device or resource busy) openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x30\x3a\x4d\x3a\x30\x3a\x01\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a", 21) = 21 close(3) = 0 openat(AT_FDCWD, "/proc/sys/fs/binfmt_misc/register", O_WRONLY|O_CLOEXEC) = 3 write(3, "\x3a\x73\x79\x7a\x31\x3a\x4d\x3a\x31\x3a\x02\x3a\x3a\x2e\x2f\x66\x69\x6c\x65\x30\x3a\x50\x4f\x43", 24) = 24 close(3) = 0 socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 socket(AF_NETLINK, SOCK_RAW, NETLINK_GENERIC) = 4 sendto(4, [{nlmsg_len=36, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x03\x00\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=864, nlmsg_type=nlctrl, nlmsg_flags=0, nlmsg_seq=0, nlmsg_pid=5858}, "\x01\x02\x00\x00\x0d\x00\x02\x00\x6e\x6c\x38\x30\x32\x31\x35\x34\x00\x00\x00\x00\x06\x00\x01\x00\x1d\x00\x00\x00\x08\x00\x03\x00\x01\x00\x00\x00\x08\x00\x04\x00\x00\x00\x00\x00\x08\x00\x05\x00\x30\x00\x00\x00\xe8\x02\x06\x00\x14\x00\x01\x00\x08\x00\x01\x00\x01\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x02\x00\x08\x00\x01\x00\x05\x00\x00\x00\x08\x00\x02\x00\x0e\x00\x00\x00\x14\x00\x03\x00"...], 4096, 0, NULL, NULL) = 864 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=36, nlmsg_type=nlctrl, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0b\x00\x00\x00\x06\x00\x0a\x00\xa0\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan0", ifr_ifindex=11}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=0x10 /* NLMSG_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x00\x00\x00\x00\x0b\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x0c\x00\x01\x00\x02\x00\xaa\xaa\xaa\xaa\xaa\xaa"], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 sendto(3, [{nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=0, ifi_flags=0, ifi_change=0}, [[{nla_len=11, nla_type=IFLA_IFNAME}, "lowpan0"...], [{nla_len=16, nla_type=IFLA_LINKINFO}, [{nla_len=10, nla_type=IFLA_INFO_KIND}, "lowpan"...]], [{nla_len=8, nla_type=IFLA_LINK}, 11]]], 68, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 68 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=68, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK|NLM_F_EXCL|NLM_F_CREATE, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(4, [{nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, "\x0b\x00\x00\x00\x08\x00\x03\x00\x0c\x00\x00\x00\x06\x00\x0a\x00\xa1\xaa\x00\x00"], 36, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 36 recvfrom(4, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=36, nlmsg_type=nl802154, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 5 ioctl(5, SIOCGIFINDEX, {ifr_name="wpan1", ifr_ifindex=12}) = 0 close(5) = 0 sendto(3, [{nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}, {ifi_family=AF_UNSPEC, ifi_type=ARPHRD_NETROM, ifi_index=if_nametoindex("wpan1"), ifi_flags=IFF_UP, ifi_change=0x1}, [{nla_len=12, nla_type=IFLA_ADDRESS}, 02:01:aa:aa:aa:aa:aa]], 44, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 44 recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, nlmsg_seq=0, nlmsg_pid=5858}, {error=0, msg={nlmsg_len=44, nlmsg_type=RTM_NEWLINK, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=0, nlmsg_pid=0}}], 4096, 0, NULL, NULL) = 36 close(3) = 0 close(4) = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5862 attached , child_tidptr=0x55555e47f690) = 5862 [pid 5862] set_robust_list(0x55555e47f6a0, 24) = 0 [pid 5862] socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI) = 3 [pid 5862] openat(AT_FDCWD, "/dev/vhci", O_RDWR) = 4 [pid 5862] dup2(4, 202) = 202 [pid 5862] close(4) = 0 [pid 5862] write(202, "\xff\x00", 2) = 2 [pid 5862] read(202, "\xff\x00\x00\x00", 4) = 4 [pid 5862] rt_sigaction(SIGRT_1, {sa_handler=0x7fd855c98770, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd855c8a580}, NULL, 8) = 0 [pid 5862] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5862] mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd85541e000 [pid 5862] mprotect(0x7fd85541f000, 8388608, PROT_READ|PROT_WRITE) = 0 [pid 5862] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5862] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd855c1e990, parent_tid=0x7fd855c1e990, exit_signal=0, stack=0x7fd85541e000, stack_size=0x800300, tls=0x7fd855c1e6c0}./strace-static-x86_64: Process 5864 attached => {parent_tid=[2]}, 88) = 2 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] rseq(0x7fd855c1efe0, 0x20, 0, 0x53053053 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] <... rseq resumed>) = 0 [pid 5862] ioctl(3, HCIDEVUP [pid 5864] set_robust_list(0x7fd855c1e9a0, 24) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5864] read(202, "\x01\x03\x0c\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x03\x10\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x03\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x01\x10\x00", 1024) = 4 [ 90.541886][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.572966][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x01\x10", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x09\x10\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0a", iov_len=2}, {iov_base="\x01\x09\x10", iov_len=3}, {iov_base="\x00\xaa\xaa\xaa\xaa\xaa\xaa", iov_len=7}], 4) = 13 [pid 5864] read(202, "\x01\x05\x10\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x0b", iov_len=2}, {iov_base="\x01\x05\x10", iov_len=3}, {iov_base="\x00\xfd\x03\x60\x04\x00\x06\x00", iov_len=8}], 4) = 14 [pid 5864] read(202, "\x01\x23\x0c\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x23\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x14\x0c\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x14\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x38\x0c\x00", 1024) = 4 [ 90.604026][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.626558][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x38\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x39\x0c\x00", 1024) = 4 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x39\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5864] read(202, "\x01\x16\x0c\x02\x00\x7d", 1024) = 6 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\xfc", iov_len=2}, {iov_base="\x01\x16\x0c", iov_len=3}, {iov_base="\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=249}], 4) = 255 [pid 5862] <... ioctl resumed>, 0) = -1 EALREADY (Operation already in progress) [pid 5864] read(202, [pid 5862] ioctl(3, HCISETSCAN [pid 5864] <... read resumed>"\x01\x1a\x0c\x01\x02", 1024) = 5 [pid 5864] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x0e\x04", iov_len=2}, {iov_base="\x01\x1a\x0c", iov_len=3}, {iov_base="\x00", iov_len=1}], 4) = 7 [pid 5862] <... ioctl resumed>, 0x7ffff7cd4940) = 0 [pid 5864] rt_sigprocmask(SIG_BLOCK, ~[RT_1], [pid 5862] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x04\x0a", iov_len=2}, {iov_base="\xaa\xaa\xaa\xaa\xaa\x10\x00\x00\x00\x01", iov_len=10}], 3 [pid 5864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] madvise(0x7fd85541e000, 8372224, MADV_DONTNEED [pid 5862] <... writev resumed>) = 13 [pid 5864] <... madvise resumed>) = 0 [pid 5862] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x03\x0b", iov_len=2}, {iov_base="\x00\xc8\x00\xaa\xaa\xaa\xaa\xaa\x10\x01\x00", iov_len=11}], 3 [pid 5864] exit(0 [pid 5862] <... writev resumed>) = 14 [pid 5864] <... exit resumed>) = ? [pid 5862] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\v\v", iov_len=2}, {iov_base="\x00\xc8\x00\x00\x00\x00\x00\x00\x00\x00\x00", iov_len=11}], 3 [pid 5864] +++ exited with 0 +++ [pid 5862] <... writev resumed>) = 14 [ 90.679423][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [pid 5862] writev(202, [{iov_base="\x04", iov_len=1}, {iov_base="\x3e\x13", iov_len=2}, {iov_base="\x01\x00\xc9\x00\x01\x00\xaa\xaa\xaa\xaa\xaa\x11\x00\x00\x00\x00\x00\x00\x00", iov_len=19}], 3) = 22 [pid 5862] close(3) = 0 [pid 5862] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5862] getppid() = 0 [pid 5862] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5862] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5862] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5862] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5862] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5862] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5862] unshare(CLONE_NEWNS) = 0 [pid 5862] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5862] unshare(CLONE_NEWIPC) = 0 [pid 5862] unshare(CLONE_NEWCGROUP) = 0 [pid 5862] unshare(CLONE_NEWUTS) = 0 [pid 5862] unshare(CLONE_SYSVSEM) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "16777216", 8) = 8 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "536870912", 9) = 9 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1024", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "8192", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1024", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1024", 4) = 4 [pid 5862] close(3) = 0 [pid 5862] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5862] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5862] close(3) = 0 [pid 5862] getpid() = 1 [pid 5862] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5866] set_robust_list(0x55555e47f6a0, 24 [pid 5862] <... clone resumed>, child_tidptr=0x55555e47f690) = 3 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] write(1, "executing program\n", 18executing program ) = 18 [pid 5866] futex(0x7fd855cf132c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd8553fd000 [pid 5866] mprotect(0x7fd8553fe000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fd85541d990, parent_tid=0x7fd85541d990, exit_signal=0, stack=0x7fd8553fd000, stack_size=0x20300, tls=0x7fd85541d6c0}./strace-static-x86_64: Process 5867 attached => {parent_tid=[4]}, 88) = 4 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] rseq(0x7fd85541dfe0, 0x20, 0, 0x53053053 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] <... rseq resumed>) = 0 [pid 5866] futex(0x7fd855cf1328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] futex(0x7fd855cf132c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] set_robust_list(0x7fd85541d9a0, 24) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5867] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5867] futex(0x7fd855cf132c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7fd855cf1328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7fd855cf1328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] ioctl(3, NBD_SET_SIZE_BLOCKS, 2147483648 [pid 5866] <... futex resumed>) = 1 [pid 5867] <... ioctl resumed>) = 0 [pid 5866] futex(0x7fd855cf132c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7fd855cf132c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7fd855cf1328, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] futex(0x7fd855cf1328, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5866] futex(0x7fd855cf132c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... socketpair resumed>[4, 5]) = 0 [pid 5867] futex(0x7fd855cf132c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7fd855cf1328, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5866] futex(0x7fd855cf1328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] ioctl(3, NBD_SET_SOCK, 4 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7fd855cf132c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... ioctl resumed>) = 0 [pid 5867] futex(0x7fd855cf132c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7fd855cf1328, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7fd855cf1328, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5866] futex(0x7fd855cf132c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] ioctl(3, NBD_DO_IT [pid 5866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 91.523468][ T5867] nbd0: detected capacity change from 0 to 4294967296 [pid 5866] close(3) = 0 [pid 5866] close(4) = 0 [pid 5866] close(5) = 0 [pid 5866] close(6) = -1 EBADF (Bad file descriptor) [pid 5866] close(7) = -1 EBADF (Bad file descriptor) [pid 5866] close(8) = -1 EBADF (Bad file descriptor) [pid 5866] close(9) = -1 EBADF (Bad file descriptor) [pid 5866] close(10) = -1 EBADF (Bad file descriptor) [pid 5866] close(11) = -1 EBADF (Bad file descriptor) [pid 5866] close(12) = -1 EBADF (Bad file descriptor) [pid 5866] close(13) = -1 EBADF (Bad file descriptor) [pid 5866] close(14) = -1 EBADF (Bad file descriptor) [pid 5866] close(15) = -1 EBADF (Bad file descriptor) [pid 5866] close(16) = -1 EBADF (Bad file descriptor) [ 91.731772][ T51] block nbd0: Receive control failed (result -104) [pid 5866] close(17) = -1 EBADF (Bad file descriptor) [pid 5866] close(18) = -1 EBADF (Bad file descriptor) [pid 5866] close(19) = -1 EBADF (Bad file descriptor) [pid 5866] close(20) = -1 EBADF (Bad file descriptor) [pid 5866] close(21) = -1 EBADF (Bad file descriptor) [pid 5866] close(22) = -1 EBADF (Bad file descriptor) [pid 5866] close(23) = -1 EBADF (Bad file descriptor) [pid 5866] close(24) = -1 EBADF (Bad file descriptor) [pid 5866] close(25) = -1 EBADF (Bad file descriptor) [pid 5866] close(26) = -1 EBADF (Bad file descriptor) [pid 5866] close(27) = -1 EBADF (Bad file descriptor) [pid 5866] close(28) = -1 EBADF (Bad file descriptor) [pid 5866] close(29) = -1 EBADF (Bad file descriptor) [pid 5866] exit_group(0) = ? [ 92.175684][ T24] cfg80211: failed to load regulatory.db [ 92.814115][ T51] Bluetooth: hci0: command tx timeout [ 94.893463][ T51] Bluetooth: hci0: command tx timeout [pid 5862] kill(-3, SIGKILL) = 0 [pid 5862] kill(3, SIGKILL) = 0 [pid 5862] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5862] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5862] getdents64(3, 0x55555e480850 /* 2 entries */, 32768) = 48 [pid 5862] getdents64(3, 0x55555e480850 /* 0 entries */, 32768) = 0 [pid 5862] close(3) = 0 [ 96.973484][ T51] Bluetooth: hci0: command tx timeout [ 99.053551][ T51] Bluetooth: hci0: command tx timeout [ 121.614675][ T97] block nbd0: Possible stuck request ffff88802584e000: control (read@0,4096B). Runtime 30 seconds [ 133.137070][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.143608][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 151.693669][ T97] block nbd0: Possible stuck request ffff88802584e000: control (read@0,4096B). Runtime 60 seconds [ 154.215475][ T5224] udevd[5224]: worker [5861] /devices/virtual/block/nbd0 is taking a long time [ 181.773710][ T55] block nbd0: Possible stuck request ffff88802584e000: control (read@0,4096B). Runtime 90 seconds [ 194.576258][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.582583][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 211.863411][ T97] block nbd0: Possible stuck request ffff88802584e000: control (read@0,4096B). Runtime 120 seconds [ 217.133478][ T5174] Bluetooth: hci0: command 0x0406 tx timeout [ 241.933846][ T97] block nbd0: Possible stuck request ffff88802584e000: control (read@0,4096B). Runtime 150 seconds [ 253.453604][ T31] INFO: task syz-executor121:5867 blocked for more than 143 seconds. [ 253.462070][ T31] Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 [ 253.469428][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 253.478365][ T31] task:syz-executor121 state:D stack:26248 pid:5867 tgid:5866 ppid:5862 task_flags:0x400140 flags:0x00004006 [ 253.490499][ T31] Call Trace: [ 253.493969][ T31] [ 253.496912][ T31] __schedule+0x16f5/0x4d00 [ 253.501458][ T31] ? __lock_acquire+0xab9/0xd20 [ 253.506506][ T31] ? schedule+0x165/0x360 [ 253.510860][ T31] ? __pfx___schedule+0x10/0x10 [ 253.515991][ T31] ? schedule+0x91/0x360 [ 253.520435][ T31] schedule+0x165/0x360 [ 253.524690][ T31] schedule_preempt_disabled+0x13/0x30 [ 253.530165][ T31] __mutex_lock+0x724/0xe80 [ 253.534712][ T31] ? __mutex_lock+0x51b/0xe80 [ 253.539466][ T31] ? bdev_release+0x1a9/0x650 [ 253.544262][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 253.549415][ T31] ? __asan_memset+0x22/0x50 [ 253.554087][ T31] ? __pfx___fsnotify_parent+0x10/0x10 [ 253.559844][ T31] ? do_raw_spin_lock+0x121/0x290 [ 253.564978][ T31] bdev_release+0x1a9/0x650 [ 253.569590][ T31] ? __pfx_blkdev_release+0x10/0x10 [ 253.574896][ T31] blkdev_release+0x15/0x20 [ 253.579446][ T31] __fput+0x44c/0xa70 [ 253.583572][ T31] task_work_run+0x1d4/0x260 [ 253.588232][ T31] ? __pfx_task_work_run+0x10/0x10 [ 253.593447][ T31] ? task_work_add+0x281/0x420 [ 253.598339][ T31] ptrace_notify+0x281/0x2c0 [ 253.603028][ T31] ? __pfx_ptrace_notify+0x10/0x10 [ 253.608219][ T31] ? __fput_deferred+0x215/0x390 [ 253.613196][ T31] ? __pfx___fput_deferred+0x10/0x10 [ 253.618599][ T31] ? __fget_files+0x2a/0x420 [ 253.623380][ T31] syscall_exit_work+0xc6/0x1d0 [ 253.628285][ T31] do_syscall_64+0x2ad/0x3b0 [ 253.632890][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.638158][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.644329][ T31] ? clear_bhb_loop+0x60/0xb0 [ 253.649013][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 253.654948][ T31] RIP: 0033:0x7fd855c713a9 [ 253.659487][ T31] RSP: 002b:00007fd85541d218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.668052][ T31] RAX: 0000000000000000 RBX: 00007fd855cf1328 RCX: 00007fd855c713a9 [ 253.676174][ T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 253.684250][ T31] RBP: 00007fd855cf1320 R08: 0000000000000000 R09: 0000000000000000 [ 253.692342][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd855cbe76c [ 253.700486][ T31] R13: 64626e2f7665642f R14: 0000200000000040 R15: 0000000080000000 [ 253.708594][ T31] [ 253.711657][ T31] [ 253.711657][ T31] Showing all locks held in the system: [ 253.719542][ T31] 1 lock held by khungtaskd/31: [ 253.724482][ T31] #0: ffffffff8e53c5a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 253.734463][ T31] 1 lock held by kworker/u8:9/3007: [ 253.739673][ T31] #0: ffff8880b8739fd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 253.749676][ T31] 2 locks held by getty/5615: [ 253.754399][ T31] #0: ffff88814deae0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 253.764334][ T31] #1: ffffc9000362c2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 253.774506][ T31] 1 lock held by udevd/5861: [ 253.779086][ T31] #0: ffff888143724358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 253.788527][ T31] 1 lock held by syz-executor121/5867: [ 253.794078][ T31] #0: ffff888143724358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650 [ 253.803841][ T31] [ 253.806181][ T31] ============================================= [ 253.806181][ T31] [ 253.814675][ T31] NMI backtrace for cpu 0 [ 253.814695][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) [ 253.814716][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.814726][ T31] Call Trace: [ 253.814737][ T31] [ 253.814746][ T31] dump_stack_lvl+0x189/0x250 [ 253.814777][ T31] ? __wake_up_klogd+0xd9/0x110 [ 253.814799][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.814823][ T31] ? __pfx__printk+0x10/0x10 [ 253.814857][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 253.814882][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 253.814901][ T31] ? _printk+0xcf/0x120 [ 253.814925][ T31] ? __pfx__printk+0x10/0x10 [ 253.814951][ T31] ? debug_show_all_locks+0x2e/0x180 [ 253.814971][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 253.814994][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 253.815020][ T31] watchdog+0xfee/0x1030 [ 253.815042][ T31] ? watchdog+0x1de/0x1030 [ 253.815068][ T31] kthread+0x711/0x8a0 [ 253.815086][ T31] ? __pfx_watchdog+0x10/0x10 [ 253.815103][ T31] ? __pfx_kthread+0x10/0x10 [ 253.815120][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 253.815147][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.815163][ T31] ? __pfx_kthread+0x10/0x10 [ 253.815181][ T31] ret_from_fork+0x3f9/0x770 [ 253.815207][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 253.815235][ T31] ? __switch_to_asm+0x39/0x70 [ 253.815251][ T31] ? __switch_to_asm+0x33/0x70 [ 253.815266][ T31] ? __pfx_kthread+0x10/0x10 [ 253.815284][ T31] ret_from_fork_asm+0x1a/0x30 [ 253.815318][ T31] [ 253.815326][ T31] Sending NMI from CPU 0 to CPUs 1: [ 253.979467][ C1] NMI backtrace for cpu 1 [ 253.979485][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) [ 253.979503][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.979511][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 253.979547][ C1] Code: d3 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 c8 26 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 253.979559][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 253.979573][ C1] RAX: 920743e09e0ddf00 RBX: ffffffff81971fd8 RCX: 920743e09e0ddf00 [ 253.979584][ C1] RDX: 0000000000000001 RSI: ffffffff8dc8ee40 RDI: ffffffff8c04d240 [ 253.979594][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f9b R09: 1ffff110170e65f3 [ 253.979604][ C1] R10: dffffc0000000000 R11: ffffed10170e65f4 R12: ffffffff8fe4dd30 [ 253.979614][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a55b40 [ 253.979624][ C1] FS: 0000000000000000(0000) GS:ffff88812588f000(0000) knlGS:0000000000000000 [ 253.979636][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.979646][ C1] CR2: 0000555bf50fc168 CR3: 000000000e336000 CR4: 00000000003526f0 [ 253.979662][ C1] Call Trace: [ 253.979671][ C1] [ 253.979677][ C1] default_idle+0x13/0x20 [ 253.979693][ C1] default_idle_call+0x74/0xb0 [ 253.979711][ C1] do_idle+0x1e8/0x510 [ 253.979733][ C1] ? __pfx_do_idle+0x10/0x10 [ 253.979759][ C1] cpu_startup_entry+0x44/0x60 [ 253.979776][ C1] start_secondary+0x101/0x110 [ 253.979793][ C1] common_startup_64+0x13e/0x147 [ 253.979814][ C1] [ 253.984548][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 253.984565][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-next-20250711-syzkaller #0 PREEMPT(full) [ 253.984586][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.984597][ T31] Call Trace: [ 253.984605][ T31] [ 253.984613][ T31] dump_stack_lvl+0x99/0x250 [ 253.984641][ T31] ? __asan_memcpy+0x40/0x70 [ 253.984664][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.984687][ T31] ? __pfx__printk+0x10/0x10 [ 253.984723][ T31] vpanic+0x281/0x750 [ 253.984746][ T31] ? __pfx_vpanic+0x10/0x10 [ 253.984764][ T31] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 253.984789][ T31] ? preempt_schedule+0xae/0xc0 [ 253.984808][ T31] ? preempt_schedule_common+0x83/0xd0 [ 253.984831][ T31] panic+0xb9/0xc0 [ 253.984851][ T31] ? __pfx_panic+0x10/0x10 [ 253.984873][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 253.984898][ T31] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 253.984925][ T31] watchdog+0x102d/0x1030 [ 253.984946][ T31] ? watchdog+0x1de/0x1030 [ 253.984971][ T31] kthread+0x711/0x8a0 [ 253.984991][ T31] ? __pfx_watchdog+0x10/0x10 [ 253.985007][ T31] ? __pfx_kthread+0x10/0x10 [ 253.985025][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 253.985050][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.985065][ T31] ? __pfx_kthread+0x10/0x10 [ 253.985082][ T31] ret_from_fork+0x3f9/0x770 [ 253.985107][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 253.985133][ T31] ? __switch_to_asm+0x39/0x70 [ 253.985148][ T31] ? __switch_to_asm+0x33/0x70 [ 253.985163][ T31] ? __pfx_kthread+0x10/0x10 [ 253.985180][ T31] ret_from_fork_asm+0x1a/0x30 [ 253.985211][ T31] [ 254.309126][ T31] Kernel Offset: disabled [ 254.313447][ T31] Rebooting in 86400 seconds..