./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1004006710 <...> Warning: Permanently added '10.128.0.135' (ED25519) to the list of known hosts. execve("./syz-executor1004006710", ["./syz-executor1004006710"], 0x7ffdf969c380 /* 10 vars */) = 0 brk(NULL) = 0x555555814000 brk(0x555555814d00) = 0x555555814d00 arch_prctl(ARCH_SET_FS, 0x555555814380) = 0 set_tid_address(0x555555814650) = 5068 set_robust_list(0x555555814660, 24) = 0 rseq(0x555555814ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1004006710", 4096) = 28 getrandom("\x56\xfd\x1e\x9b\xb4\x1f\xd2\xbd", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555814d00 brk(0x555555835d00) = 0x555555835d00 brk(0x555555836000) = 0x555555836000 mprotect(0x7f5320644000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555814650) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555555814660, 24) = 0 [pid 5069] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setsid() = 1 [pid 5069] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5069] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5069] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5069] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5069] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5069] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5069] unshare(CLONE_NEWNS) = 0 [pid 5069] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5069] unshare(CLONE_NEWIPC) = 0 [pid 5069] unshare(CLONE_NEWCGROUP) = 0 [pid 5069] unshare(CLONE_NEWUTS) = 0 [pid 5069] unshare(CLONE_SYSVSEM) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "16777216", 8) = 8 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "536870912", 9) = 9 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1024", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "8192", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1024", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1024", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5069] close(3) = 0 [pid 5069] getpid() = 1 [pid 5069] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< 40 04 f1 f1 00 00 c7 40 08 00 00 00 f3 c7 40 0c f3 f3 f3 f3 65 [ 164.938986][ C1] RSP: 0018:ffffc900001f0c38 EFLAGS: 00000082 [ 164.938996][ C1] RAX: fffff5200003e189 RBX: 1ffff9200003e189 RCX: 0000000000000000 [ 164.939004][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9297c860 [ 164.939011][ C1] RBP: 0000000000000012 R08: 0000000000000001 R09: 0000000000000000 [ 164.939017][ C1] R10: 0000000000000001 R11: dffffc0000000000 R12: 0000000000000001 [ 164.939024][ C1] R13: 0000000000000000 R14: ffffffff9297c860 R15: 0000000000000000 [ 164.939035][ C1] FS: 0000555555814380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 164.939046][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.939054][ C1] CR2: 0000000020000600 CR3: 000000001ee47000 CR4: 0000000000350ef0 [ 164.939062][ C1] Call Trace: [ 164.939068][ C1] [ 164.939073][ C1] ? show_regs+0x8f/0xa0 [ 164.939088][ C1] ? nmi_cpu_backtrace+0x1d4/0x380 [ 164.939109][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 164.939126][ C1] ? nmi_handle+0x1a6/0x570 [ 164.939138][ C1] ? x86_pmu_event_mapped+0x1c0/0x1c0 [ 164.939158][ C1] ? lock_acquire+0x5f/0x510 [ 164.939174][ C1] ? default_do_nmi+0x69/0x160 [ 164.939194][ C1] ? exc_nmi+0x186/0x200 [ 164.939211][ C1] ? end_repeat_nmi+0xf/0x2a [ 164.939228][ C1] ? lock_acquire+0x5f/0x510 [ 164.939245][ C1] ? lock_acquire+0x5f/0x510 [ 164.939261][ C1] ? lock_acquire+0x5f/0x510 [ 164.939277][ C1] [ 164.939280][ C1] [ 164.939284][ C1] ? lock_sync+0x190/0x190 [ 164.939300][ C1] ? find_held_lock+0x2d/0x110 [ 164.939315][ C1] ? do_raw_spin_unlock+0x173/0x230 [ 164.939334][ C1] _raw_spin_lock_irqsave+0x3a/0x50 [ 164.939350][ C1] ? debug_object_deactivate+0x113/0x320 [ 164.939368][ C1] debug_object_deactivate+0x113/0x320 [ 164.939385][ C1] ? debug_object_free+0x360/0x360 [ 164.939401][ C1] ? debug_object_active_state+0x350/0x350 [ 164.939419][ C1] ? timerqueue_add+0x1c2/0x330 [ 164.939439][ C1] __hrtimer_run_queues+0x470/0xc10 [ 164.939459][ C1] ? enqueue_hrtimer+0x310/0x310 [ 164.939475][ C1] ? ktime_get_update_offsets_now+0x3bc/0x610 [ 164.939489][ C1] hrtimer_interrupt+0x31b/0x800 [ 164.939510][ C1] __sysvec_apic_timer_interrupt+0x105/0x3f0 [ 164.939526][ C1] sysvec_apic_timer_interrupt+0x8e/0xc0 [ 164.939539][ C1] [ 164.939542][ C1] [ 164.939546][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 164.939560][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0x31/0x70 [ 164.939577][ C1] Code: f5 53 48 8b 74 24 10 48 89 fb 48 83 c7 18 e8 b6 c8 df f6 48 89 df e8 ae 47 e0 f6 f7 c5 00 02 00 00 75 1f 9c 58 f6 c4 02 75 2f 01 00 00 00 e8 f5 93 d1 f6 65 8b 05 06 8a 7a 75 85 c0 74 12 5b [ 164.939588][ C1] RSP: 0018:ffffc90003affa78 EFLAGS: 00000246 [ 164.939597][ C1] RAX: 0000000000000006 RBX: ffff8880b982b940 RCX: 1ffffffff23e4716 [ 164.939605][ C1] RDX: 0000000000000000 RSI: ffffffff8accb920 RDI: ffffffff8b2f1240 [ 164.939612][ C1] RBP: 0000000000000282 R08: 0000000000000001 R09: fffffbfff23e45d0 [ 164.939619][ C1] R10: ffffffff91f22e87 R11: 0000000000000002 R12: 0000000000000004 [ 164.939625][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000 [ 164.939638][ C1] clock_was_set+0x592/0x850 [ 164.939657][ C1] ? hrtimer_fixup_init+0x80/0x80 [ 164.939674][ C1] ? _raw_spin_unlock_irqrestore+0x4e/0x70 [ 164.939696][ C1] timekeeping_inject_offset+0x4d1/0x640 [ 164.939716][ C1] ? change_clocksource+0x2d0/0x2d0 [ 164.939734][ C1] ? security_capable+0x92/0xc0 [ 164.939749][ C1] do_adjtimex+0x373/0xaa0 [ 164.939761][ C1] ? ktime_get_update_offsets_now+0x610/0x610 [ 164.939779][ C1] ? posix_get_monotonic_timespec+0x270/0x270 [ 164.939796][ C1] __do_sys_clock_adjtime+0x173/0x280 [ 164.939812][ C1] ? posix_timer_fn+0x3d0/0x3d0 [ 164.939826][ C1] ? find_held_lock+0x2d/0x110 [ 164.939845][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 164.939859][ C1] ? lockdep_hardirqs_on+0x7d/0x100 [ 164.939871][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 164.939885][ C1] ? ptrace_notify+0xf4/0x130 [ 164.939898][ C1] do_syscall_64+0x3f/0x110 [ 164.939915][ C1] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 164.939929][ C1] RIP: 0033:0x7f53205cbee9 [ 164.939939][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 164.939950][ C1] RSP: 002b:00007ffc69623cb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 164.939960][ C1] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f53205cbee9 [ 164.939967][ C1] RDX: 00007f53205cbee9 RSI: 0000000020000040 RDI: 0000000000000000 [ 164.939974][ C1] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000100000000 [ 164.939981][ C1] R10: 0000000100000000 R11: 0000000000000246 R12: 00007ffc69623d10 [ 164.939988][ C1] R13: 0000000000000001 R14: 00007ffc69623d10 R15: 0000000000000003 [ 164.939999][ C1] [ 164.940003][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.104 msecs [ 164.940894][ C0] rcu: rcu_preempt kthread starved for 10506 jiffies! g5565 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 165.478441][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 165.488488][ C0] rcu: RCU grace-period kthread stack dump: [ 165.494360][ C0] task:rcu_preempt state:R running task stack:28496 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 165.506083][ C0] Call Trace: [ 165.509355][ C0] [ 165.512371][ C0] __schedule+0xee2/0x59a0 [ 165.516800][ C0] ? io_schedule_timeout+0x150/0x150 [ 165.522081][ C0] ? schedule+0x1fa/0x270 [ 165.526406][ C0] ? reacquire_held_locks+0x4b0/0x4b0 [ 165.531777][ C0] ? timer_fixup_activate+0x2b0/0x2b0 [ 165.537155][ C0] schedule+0xe7/0x270 [ 165.541230][ C0] schedule_timeout+0x157/0x2c0 [ 165.546112][ C0] ? usleep_range_state+0x1a0/0x1a0 [ 165.551314][ C0] ? destroy_timer_on_stack+0x20/0x20 [ 165.556806][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x70 [ 165.562618][ C0] ? prepare_to_swait_event+0xf4/0x470 [ 165.568087][ C0] rcu_gp_fqs_loop+0x1ec/0xb10 [ 165.572860][ C0] ? rcu_implicit_dynticks_qs+0x1370/0x1370 [ 165.578755][ C0] ? reacquire_held_locks+0x4b0/0x4b0 [ 165.584140][ C0] rcu_gp_kthread+0x249/0x380 [ 165.588818][ C0] ? rcu_gp_init+0x14f0/0x14f0 [ 165.593578][ C0] ? lockdep_hardirqs_on+0x7d/0x100 [ 165.598777][ C0] ? __kthread_parkme+0x14b/0x220 [ 165.603796][ C0] ? rcu_gp_init+0x14f0/0x14f0 [ 165.608581][ C0] kthread+0x33c/0x440 [ 165.612708][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 165.617907][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 165.623538][ C0] ret_from_fork+0x45/0x80 [ 165.627966][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 165.633605][ C0] ret_from_fork_asm+0x11/0x20 [ 165.638377][ C0] [ 165.641382][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 165.647691][ C0] CPU: 0 PID: 48 Comm: kworker/u4:3 Not tainted 6.6.0-syzkaller-16159-g3ca112b71f35 #0 [ 165.657309][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 165.667454][ C0] Workqueue: events_unbound toggle_allocation_gate [ 165.673964][ C0] RIP: 0010:smp_call_function_many_cond+0x4db/0x1570 [ 165.680645][ C0] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 fc 4c 89 fd 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 0c c5 0b 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 3c 0e 00 00 8b 43 08 31 ff 83 e0 01 41 [ 165.700332][ C0] RSP: 0018:ffffc90000b8f920 EFLAGS: 00000293 [ 165.706392][ C0] RAX: 0000000000000000 RBX: ffff8880b9941a60 RCX: ffffffff817cdffa [ 165.714354][ C0] RDX: ffff88801a263b80 RSI: ffffffff817cdfd4 RDI: 0000000000000005 [ 165.722316][ C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 165.730272][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed101732834d [ 165.738232][ C0] R13: 0000000000000001 R14: ffff8880b983d8c0 R15: ffff8880b9941a68 [ 165.746197][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 165.755120][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 165.761696][ C0] CR2: 00007f53206193b0 CR3: 000000000cd77000 CR4: 0000000000350ef0 [ 165.769659][ C0] Call Trace: [ 165.772927][ C0] [ 165.775763][ C0] ? show_regs+0x8f/0xa0 [ 165.780000][ C0] ? rcu_check_gp_kthread_starvation+0x317/0x450 [ 165.786324][ C0] ? do_raw_spin_unlock+0x173/0x230 [ 165.791521][ C0] ? rcu_sched_clock_irq+0x2245/0x30f0 [ 165.796986][ C0] ? rcu_note_context_switch+0x1ac0/0x1ac0 [ 165.802805][ C0] ? tick_sched_do_timer+0x2e0/0x2e0 [ 165.808089][ C0] ? update_process_times+0x17b/0x220 [ 165.813459][ C0] ? timer_clear_idle+0xa0/0xa0 [ 165.818313][ C0] ? update_wall_time+0x1c/0x40 [ 165.823244][ C0] ? tick_do_update_jiffies64+0x22e/0x380 [ 165.828983][ C0] ? tick_sched_handle+0x8e/0x170 [ 165.834001][ C0] ? tick_nohz_highres_handler+0xe9/0x110 [ 165.839713][ C0] ? __hrtimer_run_queues+0x647/0xc10 [ 165.845088][ C0] ? enqueue_hrtimer+0x310/0x310 [ 165.850024][ C0] ? ktime_get_update_offsets_now+0x3bc/0x610 [ 165.856087][ C0] ? hrtimer_interrupt+0x31b/0x800 [ 165.861207][ C0] ? __sysvec_apic_timer_interrupt+0x105/0x3f0 [ 165.867363][ C0] ? sysvec_apic_timer_interrupt+0x8e/0xc0 [ 165.873169][ C0] [ 165.876106][ C0] [ 165.879032][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 165.885188][ C0] ? smp_call_function_many_cond+0x4fa/0x1570 [ 165.891262][ C0] ? smp_call_function_many_cond+0x4d4/0x1570 [ 165.897332][ C0] ? smp_call_function_many_cond+0x4db/0x1570 [ 165.903410][ C0] ? __text_poke+0xc90/0xc90 [ 165.908008][ C0] ? __kmem_cache_alloc_node+0xc3/0x310 [ 165.913555][ C0] ? generic_smp_call_function_single_interrupt+0x20/0x20 [ 165.920672][ C0] ? apply_relocation+0x830/0x830 [ 165.925690][ C0] ? __text_poke+0xc90/0xc90 [ 165.930275][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 165.935391][ C0] text_poke_bp_batch+0x2ce/0x960 [ 165.940412][ C0] ? do_sync_core+0x40/0x40 [ 165.944993][ C0] ? __jump_label_patch+0x1db/0x3f0 [ 165.950187][ C0] ? text_poke_queue+0xef/0x180 [ 165.955040][ C0] ? arch_jump_label_transform_queue+0xc0/0x110 [ 165.961281][ C0] text_poke_finish+0x30/0x40 [ 165.965951][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 165.971929][ C0] jump_label_update+0x32e/0x410 [ 165.976865][ C0] static_key_enable_cpuslocked+0x1b5/0x270 [ 165.982753][ C0] static_key_enable+0x1a/0x20 [ 165.987508][ C0] toggle_allocation_gate+0xf4/0x250 [ 165.992808][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 165.998027][ C0] process_one_work+0x884/0x15c0 [ 166.002967][ C0] ? batadv_nc_process_nc_paths.part.0+0x3e0/0x3e0 [ 166.009468][ C0] ? init_worker_pool+0x770/0x770 [ 166.014494][ C0] ? assign_work+0x1a0/0x240 [ 166.019083][ C0] worker_thread+0x8b9/0x1290 [ 166.023763][ C0] ? __kthread_parkme+0x14b/0x220 [ 166.028780][ C0] ? process_one_work+0x15c0/0x15c0 [ 166.033971][ C0] kthread+0x33c/0x440 [ 166.038035][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 166.043231][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 166.048860][ C0] ret_from_fork+0x45/0x80 [ 166.053271][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 166.058906][ C0] ret_from_fork_asm+0x11/0x20 [ 166.063695][ C0]