Extracting prog: 5m2.731603414s
Minimizing prog: 55m41.685291768s
Simplifying prog options: 12m43.114831446s
Extracting C: 4m15.055556953s
Simplifying C: 0s
extracting reproducer from 1 programs
testing a last program of every proc
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
single: failed to extract reproducer
single: executing 1 programs separately with timeout 6m0s
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program crashed: INFO: rcu detected stall in do_idle
single: successfully extracted reproducer
found reproducer with 4 syscalls
minimizing guilty program
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
socket$netlink(0x10, 0x3, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
socket(0x11, 0x800000003, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'team0\x00', <r0=>0x0})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600))
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0)
program did not crash
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0)
program did not crash
extracting C reproducer
testing compiled C program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
program crashed: INFO: rcu detected stall in worker_thread
a never seen crash title: INFO: rcu detected stall in worker_thread, ignore
simplifying guilty program options
testing program (duration=6m0s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program crashed: INFO: rcu detected stall in syscall_exit_to_user_mode
a never seen crash title: INFO: rcu detected stall in syscall_exit_to_user_mode, ignore
testing program (duration=6m0s, {Threaded:true Repeat:true RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket-ioctl$ifreq_SIOCGIFINDEX_team-socket$netlink-sendmsg$nl_route_sched
detailed listing:
executing program 0:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
program did not crash
reproducing took 1h17m42.587300544s
repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 0-...!: (1 GPs behind) idle=1db4/0/0x1 softirq=12291/12292 fqs=0
rcu: (detected by 1, t=10504 jiffies, g=8305, q=1285 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-syzkaller-05490-g9bb88c659673 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hlock_class kernel/locking/lockdep.c:228 [inline]
RIP: 0010:mark_lock+0xa2/0x360 kernel/locking/lockdep.c:4727
Code: 00 8b 1b 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 80 68 54 94 be 08 00 00 00 e8 76 b1 8e 00 48 0f a3 1d ee 63 e3 12 <73> 10 48 69 c3 c8 00 00 00 48 8d 98 40 e7 eb 93 eb 68 48 c7 c0 c0
RSP: 0018:ffffc900000079c8 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff8171048a
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94546880
RBP: 0000000000000009 R08: ffffffff94546887 R09: 1ffffffff28a8d10
R10: dffffc0000000000 R11: fffffbfff28a8d11 R12: ffffffff8e897184
R13: dffffc0000000000 R14: 0000000000000200 R15: ffffffff8e8971a0
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c000199fb0 CR3: 000000000e938000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
mark_usage kernel/locking/lockdep.c:4670 [inline]
__lock_acquire+0xc3e/0x2100 kernel/locking/lockdep.c:5180
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
advance_sched+0xa1e/0xca0 net/sched/sch_taprio.c:985
__run_hrtimer kernel/time/hrtimer.c:1739 [inline]
__hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1803
hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
__sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline]
RIP: 0010:acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112
Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d6 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d e5 d2 b1 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffffff8e807ca8 EFLAGS: 00000246
RAX: ffffffff8e8966c0 RBX: ffff888020e9a064 RCX: 0000000000021db1
RDX: 0000000000000001 RSI: ffff888020e9a000 RDI: ffff888020e9a064
RBP: 000000000003a9f8 R08: ffff8880b8637edb R09: 1ffff110170c6fdb
R10: dffffc0000000000 R11: ffffffff8bda0450 R12: ffff888145adf800
R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f346740
acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:702
cpuidle_enter_state+0x109/0x470 drivers/cpuidle/cpuidle.c:264
cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:385
call_cpuidle kernel/sched/idle.c:155 [inline]
cpuidle_idle_call kernel/sched/idle.c:230 [inline]
do_idle+0x372/0x5c0 kernel/sched/idle.c:325
cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
rest_init+0x2dc/0x300 init/main.c:747
start_kernel+0x47f/0x500 init/main.c:1102
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x147
</TASK>
rcu: rcu_preempt kthread starved for 10504 jiffies! g8305 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:25784 pid:17 tgid:17 ppid:2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5369 [inline]
__schedule+0x1850/0x4c30 kernel/sched/core.c:6756
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6848
schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 1315 Comm: kworker/u8:6 Not tainted 6.12.0-syzkaller-05490-g9bb88c659673 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:get_current arch/x86/include/asm/current.h:49 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216
Code: 8b 3d 74 6f bf 0c 48 89 de 5b e9 03 bc 5e 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 00 d6 03 00 65 8b 15 10 d3 6e 7e 81 e2 00 01 ff 00
RSP: 0018:ffffc90004adf6d8 EFLAGS: 00000202
RAX: ffffffff81891e6b RBX: 1ffff110170c8c7d RCX: ffff888027f00000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90004adf8e0 R08: ffffffff81891e3a R09: 1ffffffff28a8d10
R10: dffffc0000000000 R11: fffffbfff28a8d11 R12: dffffc0000000000
R13: ffff8880b86463e8 R14: ffff8880b873fac0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ffcc7f2088 CR3: 000000000e938000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
</IRQ>
<TASK>
csd_lock_wait kernel/smp.c:340 [inline]
smp_call_function_many_cond+0x1a0b/0x2ca0 kernel/smp.c:884
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1051
on_each_cpu include/linux/smp.h:71 [inline]
text_poke_sync arch/x86/kernel/alternative.c:2085 [inline]
text_poke_bp_batch+0x726/0xb30 arch/x86/kernel/alternative.c:2357
text_poke_flush arch/x86/kernel/alternative.c:2486 [inline]
text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2493
arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
static_key_enable+0x1a/0x20 kernel/jump_label.c:223
toggle_allocation_gate+0xbc/0x260 mm/kfence/core.c:849
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
final repro crashed as (corrupted=false):
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: 0-...!: (1 GPs behind) idle=1db4/0/0x1 softirq=12291/12292 fqs=0
rcu: (detected by 1, t=10504 jiffies, g=8305, q=1285 ncpus=2)
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-syzkaller-05490-g9bb88c659673 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:hlock_class kernel/locking/lockdep.c:228 [inline]
RIP: 0010:mark_lock+0xa2/0x360 kernel/locking/lockdep.c:4727
Code: 00 8b 1b 81 e3 ff 1f 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 80 68 54 94 be 08 00 00 00 e8 76 b1 8e 00 48 0f a3 1d ee 63 e3 12 <73> 10 48 69 c3 c8 00 00 00 48 8d 98 40 e7 eb 93 eb 68 48 c7 c0 c0
RSP: 0018:ffffc900000079c8 EFLAGS: 00000057
RAX: 0000000000000001 RBX: 0000000000000021 RCX: ffffffff8171048a
RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94546880
RBP: 0000000000000009 R08: ffffffff94546887 R09: 1ffffffff28a8d10
R10: dffffc0000000000 R11: fffffbfff28a8d11 R12: ffffffff8e897184
R13: dffffc0000000000 R14: 0000000000000200 R15: ffffffff8e8971a0
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c000199fb0 CR3: 000000000e938000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<IRQ>
mark_usage kernel/locking/lockdep.c:4670 [inline]
__lock_acquire+0xc3e/0x2100 kernel/locking/lockdep.c:5180
lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
rcu_read_lock include/linux/rcupdate.h:849 [inline]
advance_sched+0xa1e/0xca0 net/sched/sch_taprio.c:985
__run_hrtimer kernel/time/hrtimer.c:1739 [inline]
__hrtimer_run_queues+0x59b/0xd50 kernel/time/hrtimer.c:1803
hrtimer_interrupt+0x403/0xa40 kernel/time/hrtimer.c:1865
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1038 [inline]
__sysvec_apic_timer_interrupt+0x110/0x420 arch/x86/kernel/apic/apic.c:1055
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline]
sysvec_apic_timer_interrupt+0xa1/0xc0 arch/x86/kernel/apic/apic.c:1049
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
RIP: 0010:native_irq_disable arch/x86/include/asm/irqflags.h:37 [inline]
RIP: 0010:arch_local_irq_disable arch/x86/include/asm/irqflags.h:92 [inline]
RIP: 0010:acpi_safe_halt+0x21/0x30 drivers/acpi/processor_idle.c:112
Code: 90 90 90 90 90 90 90 90 90 65 48 8b 04 25 00 d6 03 00 48 f7 00 08 00 00 00 75 10 66 90 0f 00 2d e5 d2 b1 00 f3 0f 1e fa fb f4 <fa> c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90
RSP: 0018:ffffffff8e807ca8 EFLAGS: 00000246
RAX: ffffffff8e8966c0 RBX: ffff888020e9a064 RCX: 0000000000021db1
RDX: 0000000000000001 RSI: ffff888020e9a000 RDI: ffff888020e9a064
RBP: 000000000003a9f8 R08: ffff8880b8637edb R09: 1ffff110170c6fdb
R10: dffffc0000000000 R11: ffffffff8bda0450 R12: ffff888145adf800
R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff8f346740
acpi_idle_enter+0xe4/0x140 drivers/acpi/processor_idle.c:702
cpuidle_enter_state+0x109/0x470 drivers/cpuidle/cpuidle.c:264
cpuidle_enter+0x5d/0xa0 drivers/cpuidle/cpuidle.c:385
call_cpuidle kernel/sched/idle.c:155 [inline]
cpuidle_idle_call kernel/sched/idle.c:230 [inline]
do_idle+0x372/0x5c0 kernel/sched/idle.c:325
cpu_startup_entry+0x42/0x60 kernel/sched/idle.c:423
rest_init+0x2dc/0x300 init/main.c:747
start_kernel+0x47f/0x500 init/main.c:1102
x86_64_start_reservations+0x2a/0x30 arch/x86/kernel/head64.c:507
x86_64_start_kernel+0x9f/0xa0 arch/x86/kernel/head64.c:488
common_startup_64+0x13e/0x147
</TASK>
rcu: rcu_preempt kthread starved for 10504 jiffies! g8305 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
rcu: RCU grace-period kthread stack dump:
task:rcu_preempt state:R running task stack:25784 pid:17 tgid:17 ppid:2 flags:0x00004000
Call Trace:
<TASK>
context_switch kernel/sched/core.c:5369 [inline]
__schedule+0x1850/0x4c30 kernel/sched/core.c:6756
__schedule_loop kernel/sched/core.c:6833 [inline]
schedule+0x14b/0x320 kernel/sched/core.c:6848
schedule_timeout+0x15a/0x290 kernel/time/sleep_timeout.c:99
rcu_gp_fqs_loop+0x2df/0x1330 kernel/rcu/tree.c:2045
rcu_gp_kthread+0xa7/0x3b0 kernel/rcu/tree.c:2247
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
rcu: Stack dump where RCU GP kthread last ran:
CPU: 1 UID: 0 PID: 1315 Comm: kworker/u8:6 Not tainted 6.12.0-syzkaller-05490-g9bb88c659673 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events_unbound toggle_allocation_gate
RIP: 0010:get_current arch/x86/include/asm/current.h:49 [inline]
RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 kernel/kcov.c:216
Code: 8b 3d 74 6f bf 0c 48 89 de 5b e9 03 bc 5e 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 00 d6 03 00 65 8b 15 10 d3 6e 7e 81 e2 00 01 ff 00
RSP: 0018:ffffc90004adf6d8 EFLAGS: 00000202
RAX: ffffffff81891e6b RBX: 1ffff110170c8c7d RCX: ffff888027f00000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: ffffc90004adf8e0 R08: ffffffff81891e3a R09: 1ffffffff28a8d10
R10: dffffc0000000000 R11: fffffbfff28a8d11 R12: dffffc0000000000
R13: ffff8880b86463e8 R14: ffff8880b873fac0 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055ffcc7f2088 CR3: 000000000e938000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<IRQ>
</IRQ>
<TASK>
csd_lock_wait kernel/smp.c:340 [inline]
smp_call_function_many_cond+0x1a0b/0x2ca0 kernel/smp.c:884
on_each_cpu_cond_mask+0x3f/0x80 kernel/smp.c:1051
on_each_cpu include/linux/smp.h:71 [inline]
text_poke_sync arch/x86/kernel/alternative.c:2085 [inline]
text_poke_bp_batch+0x726/0xb30 arch/x86/kernel/alternative.c:2357
text_poke_flush arch/x86/kernel/alternative.c:2486 [inline]
text_poke_finish+0x30/0x50 arch/x86/kernel/alternative.c:2493
arch_jump_label_transform_apply+0x1c/0x30 arch/x86/kernel/jump_label.c:146
static_key_enable_cpuslocked+0x136/0x260 kernel/jump_label.c:210
static_key_enable+0x1a/0x20 kernel/jump_label.c:223
toggle_allocation_gate+0xbc/0x260 mm/kfence/core.c:849
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>