./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3581747524 <...> Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. execve("./syz-executor3581747524", ["./syz-executor3581747524"], 0x7fffc3099c60 /* 10 vars */) = 0 brk(NULL) = 0x55555698f000 brk(0x55555698fd00) = 0x55555698fd00 arch_prctl(ARCH_SET_FS, 0x55555698f380) = 0 set_tid_address(0x55555698f650) = 296 set_robust_list(0x55555698f660, 24) = 0 rseq(0x55555698fca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3581747524", 4096) = 28 getrandom("\xce\x23\x8b\xca\xf6\x6d\x54\x5a", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555698fd00 brk(0x5555569b0d00) = 0x5555569b0d00 brk(0x5555569b1000) = 0x5555569b1000 mprotect(0x7f2f391bf000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 299 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 300 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 301 ./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x55555698f660, 24) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55555698f660, 24) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 302] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 302] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 302] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 302] exit_group(0) = ? [pid 302] +++ exited with 0 +++ [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 297 attached [pid 297] set_robust_list(0x55555698f660, 24) = 0 [pid 301] <... restart_syscall resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 303 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 304 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555698f660, 24) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 304] setpgid(0, 0) = 0 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 304] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 304] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 304] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 305 ./strace-static-x86_64: Process 298 attached [pid 298] set_robust_list(0x55555698f660, 24) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 306 ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555698f660, 24) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 303 attached [pid 306] setpgid(0, 0./strace-static-x86_64: Process 305 attached ./strace-static-x86_64: Process 299 attached ./strace-static-x86_64: Process 300 attached [pid 305] set_robust_list(0x55555698f660, 24 [pid 303] set_robust_list(0x55555698f660, 24 [pid 299] set_robust_list(0x55555698f660, 24 [pid 306] <... setpgid resumed>) = 0 [pid 305] <... set_robust_list resumed>) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] <... set_robust_list resumed>) = 0 [pid 300] set_robust_list(0x55555698f660, 24 [pid 299] <... set_robust_list resumed>) = 0 [pid 305] <... prctl resumed>) = 0 [pid 305] setpgid(0, 0 [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... set_robust_list resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... setpgid resumed>) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 303] <... prctl resumed>) = 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... openat resumed>) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 303] setpgid(0, 0 [pid 305] close(3) = 0 [pid 305] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 303] <... setpgid resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x55555698f650) = 307 [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 305] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 305] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 305] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 305] exit_group(0) = ? ./strace-static-x86_64: Process 308 attached ./strace-static-x86_64: Process 307 attached [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] +++ exited with 0 +++ [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... clone resumed>, child_tidptr=0x55555698f650) = 308 [pid 303] <... openat resumed>) = 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] write(3, "1000", 4 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 303] <... write resumed>) = 4 [pid 303] close(3) = 0 [pid 303] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 297] <... restart_syscall resumed>) = 0 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 306] <... openat resumed>) = 3 [pid 303] <... ioctl resumed>) = 0 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 306] write(3, "1000", 4 [pid 303] <... ioctl resumed>) = 0 [pid 306] <... write resumed>) = 4 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 306] close(3 [pid 303] <... ioctl resumed>) = 0 [pid 306] <... close resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 306] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 303] <... openat resumed>) = 4 [pid 306] <... openat resumed>) = 3 [pid 303] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 303] <... ioctl resumed>) = 0 [pid 306] <... ioctl resumed>) = 0 [pid 303] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 303] <... ioctl resumed>) = 0 [pid 306] <... ioctl resumed>) = 0 [pid 303] exit_group(0 [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 303] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 309 attached [pid 308] set_robust_list(0x55555698f660, 24 [pid 307] set_robust_list(0x55555698f660, 24 [pid 306] <... ioctl resumed>) = 0 [pid 303] +++ exited with 0 +++ [pid 306] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 297] <... clone resumed>, child_tidptr=0x55555698f650) = 309 [pid 306] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 306] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 306] exit_group(0) = ? [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 309] set_robust_list(0x55555698f660, 24 [pid 308] <... set_robust_list resumed>) = 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] <... set_robust_list resumed>) = 0 [pid 306] +++ exited with 0 +++ [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 308] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 301] <... clone resumed>, child_tidptr=0x55555698f650) = 310 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 308] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 308] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 308] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 308] exit_group(0) = ? [pid 298] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 310 attached [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] +++ exited with 0 +++ [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached [pid 310] set_robust_list(0x55555698f660, 24 [pid 309] <... prctl resumed>) = 0 [pid 307] <... prctl resumed>) = 0 [pid 309] setpgid(0, 0 [pid 307] setpgid(0, 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 311] set_robust_list(0x55555698f660, 24 [pid 310] <... set_robust_list resumed>) = 0 [pid 309] <... setpgid resumed>) = 0 [pid 307] <... setpgid resumed>) = 0 [pid 300] <... clone resumed>, child_tidptr=0x55555698f650) = 311 ./strace-static-x86_64: Process 312 attached [pid 311] <... set_robust_list resumed>) = 0 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] set_robust_list(0x55555698f660, 24 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 310] <... prctl resumed>) = 0 [pid 309] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 298] <... clone resumed>, child_tidptr=0x55555698f650) = 312 [pid 310] setpgid(0, 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 310] <... setpgid resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 311] <... prctl resumed>) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] write(3, "1000", 4 [pid 307] write(3, "1000", 4 [pid 312] <... prctl resumed>) = 0 [pid 311] setpgid(0, 0 [pid 310] <... openat resumed>) = 3 [pid 309] <... write resumed>) = 4 [pid 307] <... write resumed>) = 4 [pid 312] setpgid(0, 0 [pid 311] <... setpgid resumed>) = 0 [pid 310] write(3, "1000", 4 [pid 312] <... setpgid resumed>) = 0 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 310] <... write resumed>) = 4 [pid 309] close(3 [pid 307] close(3 [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 311] <... openat resumed>) = 3 [pid 310] close(3 [pid 312] <... openat resumed>) = 3 [pid 311] write(3, "1000", 4 [pid 310] <... close resumed>) = 0 [pid 309] <... close resumed>) = 0 [pid 307] <... close resumed>) = 0 [pid 309] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 307] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 309] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 310] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 312] write(3, "1000", 4 [pid 311] <... write resumed>) = 4 [pid 309] <... ioctl resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 311] close(3 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 309] <... ioctl resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 309] <... ioctl resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 311] <... close resumed>) = 0 [pid 309] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 307] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 309] <... openat resumed>) = 4 [pid 307] <... openat resumed>) = 4 [pid 312] <... write resumed>) = 4 [pid 311] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 310] <... openat resumed>) = 3 [pid 309] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 307] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 309] <... ioctl resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 312] close(3 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 309] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 307] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 309] <... ioctl resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 312] <... close resumed>) = 0 [pid 311] <... openat resumed>) = 3 [pid 310] <... ioctl resumed>) = 0 [pid 309] exit_group(0 [pid 307] exit_group(0 [pid 309] <... exit_group resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 312] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 312] <... openat resumed>) = 3 [pid 311] <... ioctl resumed>) = 0 [pid 310] <... ioctl resumed>) = 0 [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 312] <... ioctl resumed>) = 0 [pid 311] <... ioctl resumed>) = 0 [pid 310] <... ioctl resumed>) = 0 [pid 309] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=309, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 310] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 312] <... ioctl resumed>) = 0 [pid 311] <... ioctl resumed>) = 0 [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 311] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 310] <... openat resumed>) = 4 [pid 312] <... ioctl resumed>) = 0 [pid 311] <... openat resumed>) = 4 [pid 310] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 307] +++ exited with 0 +++ [pid 312] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 311] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 310] <... ioctl resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 312] <... openat resumed>) = 4 [pid 311] <... ioctl resumed>) = 0 [pid 310] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 312] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 311] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 310] <... ioctl resumed>) = 0 [pid 312] <... ioctl resumed>) = 0 [pid 311] <... ioctl resumed>) = 0 [pid 310] exit_group(0 [pid 312] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 311] exit_group(0 [pid 310] <... exit_group resumed>) = ? [pid 312] <... ioctl resumed>) = 0 [pid 311] <... exit_group resumed>) = ? [pid 312] exit_group(0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555698f650) = 313 [ 22.984732][ T28] audit: type=1400 audit(1713263034.179:66): avc: denied { execmem } for pid=296 comm="syz-executor358" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 123.016746][ C1] rcu: INFO: rcu_preempt self-detected stall on CPU [ 123.023243][ C1] rcu: 1-...!: (9999 ticks this GP) idle=a6f4/1/0x4000000000000000 softirq=1888/1890 fqs=0 [ 123.033119][ C1] (t=10000 jiffies g=513 q=91 ncpus=2) [ 123.038499][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 9999 jiffies! g513 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 123.050737][ C1] rcu: Possible timer handling issue on cpu=0 timer-softirq=459 [ 123.058288][ C1] rcu: rcu_preempt kthread starved for 10000 jiffies! g513 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 123.069316][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 123.079117][ C1] rcu: RCU grace-period kthread stack dump: [ 123.084859][ C1] task:rcu_preempt state:I stack:28040 pid:14 ppid:2 flags:0x00004000 [ 123.093987][ C1] Call Trace: [ 123.097112][ C1] [ 123.099881][ C1] __schedule+0xca7/0x1550 [ 123.104122][ C1] ? update_load_avg+0x513/0x1530 [ 123.108993][ C1] ? __sched_text_start+0x8/0x8 [ 123.113767][ C1] ? __kasan_check_write+0x14/0x20 [ 123.118707][ C1] schedule+0xc3/0x180 [ 123.122626][ C1] schedule_timeout+0x18c/0x380 [ 123.127298][ C1] ? _raw_spin_unlock_irq+0x4d/0x70 [ 123.132335][ C1] ? console_conditional_schedule+0x10/0x10 [ 123.138150][ C1] ? update_process_times+0x1b0/0x1b0 [ 123.143355][ C1] ? prepare_to_swait_event+0x308/0x320 [ 123.148739][ C1] rcu_gp_fqs_loop+0x2ed/0x1060 [ 123.153428][ C1] ? _raw_spin_unlock_irq+0x4d/0x70 [ 123.158452][ C1] ? rcu_gp_init+0xc7f/0xf80 [ 123.162881][ C1] ? rcu_gp_init+0xf80/0xf80 [ 123.167305][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 123.173036][ C1] ? finish_swait+0x17d/0x1b0 [ 123.177560][ C1] rcu_gp_kthread+0xa3/0x390 [ 123.181988][ C1] ? queued_spin_lock_slowpath+0x50/0x50 [ 123.187446][ C1] ? set_cpus_allowed_ptr+0xa4/0xe0 [ 123.192481][ C1] ? __kasan_check_read+0x11/0x20 [ 123.197339][ C1] ? __kthread_parkme+0x12d/0x180 [ 123.202197][ C1] kthread+0x26d/0x300 [ 123.206106][ C1] ? queued_spin_lock_slowpath+0x50/0x50 [ 123.211572][ C1] ? kthread_blkcg+0xd0/0xd0 [ 123.215995][ C1] ret_from_fork+0x1f/0x30 [ 123.220252][ C1] [ 123.223125][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 123.229289][ C1] Sending NMI from CPU 1 to CPUs 0: [ 123.234337][ C0] NMI backtrace for cpu 0 [ 123.234358][ C0] CPU: 0 PID: 310 Comm: syz-executor358 Not tainted 6.1.75-syzkaller-00027-g77fec6cefe26 #0 [ 123.234374][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 123.234385][ C0] RIP: 0010:timerqueue_del+0x39/0x100 [ 123.234413][ C0] Code: 89 f5 49 89 ff 49 be 00 00 00 00 00 fc ff df e8 9d 57 81 fc 4d 89 ec 49 c1 ec 03 43 80 3c 34 00 74 08 4c 89 ef e8 57 38 c8 fc <49> 8b 5d 00 48 89 df 4c 89 ee e8 88 59 81 fc 4c 39 eb 0f 84 a2 00 [ 123.234425][ C0] RSP: 0018:ffffc90000007d20 EFLAGS: 00000046 [ 123.234438][ C0] RAX: ffffffff84f40683 RBX: 0000000000000001 RCX: ffff88811b42e540 [ 123.234449][ C0] RDX: 0000000080010002 RSI: ffff888120830388 RDI: ffff8881f7029ce0 [ 123.234460][ C0] RBP: ffffc90000007d50 R08: ffffffff8166ee31 R09: ffff888120830390 [ 123.234472][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff11024106071 [ 123.234482][ C0] R13: ffff888120830388 R14: dffffc0000000000 R15: ffff8881f7029ce0 [ 123.234493][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 123.234506][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.234517][ C0] CR2: 00007f2f391c6130 CR3: 0000000120118000 CR4: 00000000003506b0 [ 123.234531][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.234539][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.234549][ C0] Call Trace: [ 123.234553][ C0] [ 123.234559][ C0] ? show_regs+0x58/0x60 [ 123.234574][ C0] ? nmi_cpu_backtrace+0x285/0x2f0 [ 123.234591][ C0] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 123.234609][ C0] ? timerqueue_del+0x39/0x100 [ 123.234627][ C0] ? timerqueue_del+0x39/0x100 [ 123.234646][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 123.234663][ C0] ? nmi_handle+0xa7/0x280 [ 123.234677][ C0] ? timerqueue_del+0x39/0x100 [ 123.234696][ C0] ? default_do_nmi+0x69/0x160 [ 123.234712][ C0] ? exc_nmi+0xaf/0x120 [ 123.234725][ C0] ? end_repeat_nmi+0x16/0x31 [ 123.234739][ C0] ? __hrtimer_run_queues+0x341/0xad0 [ 123.234759][ C0] ? timerqueue_del+0x23/0x100 [ 123.234778][ C0] ? timerqueue_del+0x39/0x100 [ 123.234797][ C0] ? timerqueue_del+0x39/0x100 [ 123.234816][ C0] ? timerqueue_del+0x39/0x100 [ 123.234835][ C0] [ 123.234839][ C0] [ 123.234844][ C0] __hrtimer_run_queues+0x35f/0xad0 [ 123.234867][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 123.234886][ C0] ? clockevents_program_event+0x236/0x300 [ 123.234900][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 123.234916][ C0] hrtimer_interrupt+0x40c/0xaa0 [ 123.234940][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 123.234962][ C0] sysvec_apic_timer_interrupt+0x95/0xc0 [ 123.234978][ C0] [ 123.234982][ C0] [ 123.234987][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 123.235008][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 123.235028][ C0] Code: ef cd 86 e8 6c f6 bc fc 48 83 3d 54 a7 ce 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 35 0f 50 fc 65 8b 05 16 25 03 7b 85 c0 74 05 5b 41 5e 5d c3 e8 [ 123.235040][ C0] RSP: 0018:ffffc90000f679c8 EFLAGS: 00000206 [ 123.235051][ C0] RAX: 0000000000000001 RBX: ffff88810cc7f938 RCX: dffffc0000000000 [ 123.235062][ C0] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000001 [ 123.235070][ C0] RBP: ffffc90000f679d8 R08: ffffffff83e42667 R09: ffffed102125d68e [ 123.235081][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810cc7f8b0 [ 123.235092][ C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001 [ 123.235103][ C0] ? snd_timer_notify1+0x217/0x350 [ 123.235125][ C0] ? _raw_spin_unlock_irqrestore+0x46/0x80 [ 123.235144][ C0] snd_timer_stop1+0x7af/0x8f0 [ 123.235166][ C0] snd_timer_close_locked+0x22e/0x920 [ 123.235188][ C0] snd_timer_user_release+0x121/0x2c0 [ 123.235202][ C0] ? snd_timer_user_open+0x180/0x180 [ 123.235222][ C0] ? percpu_counter_add_batch+0x13d/0x160 [ 123.235242][ C0] ? snd_timer_user_open+0x180/0x180 [ 123.235262][ C0] __fput+0x3ab/0x870 [ 123.235284][ C0] ____fput+0x15/0x20 [ 123.235308][ C0] task_work_run+0x24d/0x2e0 [ 123.235330][ C0] ? task_work_cancel+0x2b0/0x2b0 [ 123.235351][ C0] ? __kasan_check_write+0x14/0x20 [ 123.235371][ C0] ? exit_task_namespaces+0xc2/0xd0 [ 123.235387][ C0] do_exit+0xbd5/0x2b80 [ 123.235403][ C0] ? put_task_struct+0x80/0x80 [ 123.235418][ C0] ? __kasan_check_write+0x14/0x20 [ 123.235438][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 123.235456][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 123.235475][ C0] ? zap_other_threads+0x29c/0x2d0 [ 123.235490][ C0] do_group_exit+0x21a/0x2d0 [ 123.235506][ C0] __x64_sys_exit_group+0x3f/0x40 [ 123.235520][ C0] do_syscall_64+0x3d/0xb0 [ 123.235533][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.235553][ C0] RIP: 0033:0x7f2f3914adb9 [ 123.235569][ C0] Code: Unable to access opcode bytes at 0x7f2f3914ad8f. [ 123.235576][ C0] RSP: 002b:00007ffe76b54bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 123.235590][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f3914adb9 [ 123.235600][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 123.235609][ C0] RBP: 00007f2f391c52b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 123.235619][ C0] R10: 00000000000000a0 R11: 0000000000000246 R12: 00007f2f391c52b0 [ 123.235629][ C0] R13: 0000000000000000 R14: 00007f2f391c5d20 R15: 00007f2f3911bf50 [ 123.235642][ C0] [ 123.235653][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.313 msecs [ 123.236404][ C1] Sending NMI from CPU 1 to CPUs 0: [ 123.768975][ C0] NMI backtrace for cpu 0 [ 123.768986][ C0] CPU: 0 PID: 310 Comm: syz-executor358 Not tainted 6.1.75-syzkaller-00027-g77fec6cefe26 #0 [ 123.769003][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 123.769012][ C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769036][ C0] Code: 44 0a 20 5d c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 4c 8b 45 08 65 48 8b 0d 80 0d 8d 7e 65 8b 05 81 0d 8d 7e 00 01 ff 00 74 10 a9 00 01 00 00 74 57 83 b9 6c 0b 00 00 00 74 [ 123.769048][ C0] RSP: 0018:ffffc90000007ca8 EFLAGS: 00000046 [ 123.769062][ C0] RAX: 0000000080010002 RBX: ffff888120830388 RCX: ffff88811b42e540 [ 123.769074][ C0] RDX: 0000000080010002 RSI: ffff888120830388 RDI: ffff888120830388 [ 123.769084][ C0] RBP: ffffc90000007ca8 R08: ffffffff84f4043a R09: 0000000000000003 [ 123.769095][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff11024106071 [ 123.769106][ C0] R13: dffffc0000000000 R14: ffff8881f7029ce0 R15: ffff888120830388 [ 123.769118][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 123.769131][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.769141][ C0] CR2: 00007f2f391c6130 CR3: 0000000120118000 CR4: 00000000003506b0 [ 123.769155][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.769164][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.769173][ C0] Call Trace: [ 123.769178][ C0] [ 123.769184][ C0] ? show_regs+0x58/0x60 [ 123.769200][ C0] ? nmi_cpu_backtrace+0x285/0x2f0 [ 123.769218][ C0] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 123.769236][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769251][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769268][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 123.769284][ C0] ? nmi_handle+0xa7/0x280 [ 123.769299][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769315][ C0] ? timerqueue_del+0x39/0x100 [ 123.769333][ C0] ? default_do_nmi+0x69/0x160 [ 123.769349][ C0] ? exc_nmi+0xaf/0x120 [ 123.769362][ C0] ? end_repeat_nmi+0x16/0x31 [ 123.769377][ C0] ? timerqueue_add+0x4a/0x270 [ 123.769396][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769412][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769433][ C0] ? __sanitizer_cov_trace_cmp8+0x17/0x80 [ 123.769449][ C0] [ 123.769453][ C0] [ 123.769457][ C0] timerqueue_add+0x4a/0x270 [ 123.769476][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 123.769495][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 123.769519][ C0] enqueue_hrtimer+0xca/0x250 [ 123.769538][ C0] ? __hrtimer_run_queues+0x46b/0xad0 [ 123.769559][ C0] __hrtimer_run_queues+0x478/0xad0 [ 123.769581][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 123.769600][ C0] ? clockevents_program_event+0x236/0x300 [ 123.769615][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 123.769632][ C0] hrtimer_interrupt+0x40c/0xaa0 [ 123.769655][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 123.769678][ C0] sysvec_apic_timer_interrupt+0x95/0xc0 [ 123.769694][ C0] [ 123.769698][ C0] [ 123.769703][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 123.769724][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 123.769744][ C0] Code: ef cd 86 e8 6c f6 bc fc 48 83 3d 54 a7 ce 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 35 0f 50 fc 65 8b 05 16 25 03 7b 85 c0 74 05 5b 41 5e 5d c3 e8 [ 123.769755][ C0] RSP: 0018:ffffc90000f679c8 EFLAGS: 00000206 [ 123.769767][ C0] RAX: 0000000000000001 RBX: ffff88810cc7f938 RCX: dffffc0000000000 [ 123.769777][ C0] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000001 [ 123.769786][ C0] RBP: ffffc90000f679d8 R08: ffffffff83e42667 R09: ffffed102125d68e [ 123.769797][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810cc7f8b0 [ 123.769812][ C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001 [ 123.769823][ C0] ? snd_timer_notify1+0x217/0x350 [ 123.769846][ C0] ? _raw_spin_unlock_irqrestore+0x46/0x80 [ 123.769864][ C0] snd_timer_stop1+0x7af/0x8f0 [ 123.769886][ C0] snd_timer_close_locked+0x22e/0x920 [ 123.769908][ C0] snd_timer_user_release+0x121/0x2c0 [ 123.769923][ C0] ? snd_timer_user_open+0x180/0x180 [ 123.769944][ C0] ? percpu_counter_add_batch+0x13d/0x160 [ 123.769964][ C0] ? snd_timer_user_open+0x180/0x180 [ 123.769984][ C0] __fput+0x3ab/0x870 [ 123.770007][ C0] ____fput+0x15/0x20 [ 123.770026][ C0] task_work_run+0x24d/0x2e0 [ 123.770047][ C0] ? task_work_cancel+0x2b0/0x2b0 [ 123.770068][ C0] ? __kasan_check_write+0x14/0x20 [ 123.770089][ C0] ? exit_task_namespaces+0xc2/0xd0 [ 123.770105][ C0] do_exit+0xbd5/0x2b80 [ 123.770122][ C0] ? put_task_struct+0x80/0x80 [ 123.770137][ C0] ? __kasan_check_write+0x14/0x20 [ 123.770157][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 123.770175][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 123.770194][ C0] ? zap_other_threads+0x29c/0x2d0 [ 123.770210][ C0] do_group_exit+0x21a/0x2d0 [ 123.770225][ C0] __x64_sys_exit_group+0x3f/0x40 [ 123.770240][ C0] do_syscall_64+0x3d/0xb0 [ 123.770253][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 123.770273][ C0] RIP: 0033:0x7f2f3914adb9 [ 123.770284][ C0] Code: Unable to access opcode bytes at 0x7f2f3914ad8f. [ 123.770291][ C0] RSP: 002b:00007ffe76b54bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 123.770305][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f3914adb9 [ 123.770315][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 123.770324][ C0] RBP: 00007f2f391c52b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 123.770334][ C0] R10: 00000000000000a0 R11: 0000000000000246 R12: 00007f2f391c52b0 [ 123.770343][ C0] R13: 0000000000000000 R14: 00007f2f391c5d20 R15: 00007f2f3911bf50 [ 123.770356][ C0] [ 123.770362][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.388 msecs [ 123.770969][ C1] CPU: 1 PID: 312 Comm: syz-executor358 Not tainted 6.1.75-syzkaller-00027-g77fec6cefe26 #0 [ 124.338408][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 124.348311][ C1] RIP: 0010:smp_call_function_many_cond+0x851/0x930 [ 124.354725][ C1] Code: 3e 44 89 fe 83 e6 01 31 ff e8 0b 9e 09 00 41 83 e7 01 49 bf 00 00 00 00 00 fc ff df 75 0a e8 46 9a 09 00 e9 2f ff ff ff f3 90 <42> 0f b6 04 3b 84 c0 75 14 41 f7 06 01 00 00 00 0f 84 12 ff ff ff [ 124.374250][ C1] RSP: 0018:ffffc90000f77860 EFLAGS: 00000293 [ 124.380151][ C1] RAX: ffffffff816bc3fc RBX: 1ffff1103ee07919 RCX: ffff88811b428000 [ 124.387976][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 124.395778][ C1] RBP: ffffc90000f77968 R08: ffffffff816bc3c5 R09: fffffbfff0dcdb58 [ 124.403673][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 124.411483][ C1] R13: 0000000800000000 R14: ffff8881f703c8c8 R15: dffffc0000000000 [ 124.419294][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 124.428063][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.434488][ C1] CR2: 00007ffe76b54b58 CR3: 0000000006c0f000 CR4: 00000000003506a0 [ 124.442302][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.450110][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.457923][ C1] Call Trace: [ 124.461137][ C1] [ 124.463827][ C1] ? show_regs+0x58/0x60 [ 124.467897][ C1] ? dump_cpu_task+0x3c/0x70 [ 124.472338][ C1] ? rcu_dump_cpu_stacks+0x1db/0x370 [ 124.477545][ C1] ? print_cpu_stall+0x2f8/0x590 [ 124.482320][ C1] ? rcu_sched_clock_irq+0x987/0x1330 [ 124.487626][ C1] ? rcu_boost_kthread_setaffinity+0x5a0/0x5a0 [ 124.493607][ C1] ? hrtimer_run_queues+0x15f/0x440 [ 124.498636][ C1] ? update_wall_time+0x25/0x30 [ 124.503326][ C1] ? update_process_times+0x149/0x1b0 [ 124.508529][ C1] ? tick_sched_timer+0x188/0x240 [ 124.513477][ C1] ? tick_setup_sched_timer+0x490/0x490 [ 124.518857][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 124.524069][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 124.529009][ C1] ? clockevents_program_event+0x22f/0x300 [ 124.534674][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 124.540561][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 124.545590][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 124.551491][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 124.557131][ C1] [ 124.560104][ C1] [ 124.562928][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 124.568869][ C1] ? smp_call_function_many_cond+0x835/0x930 [ 124.574852][ C1] ? smp_call_function_many_cond+0x86c/0x930 [ 124.580668][ C1] ? smp_call_function_many_cond+0x851/0x930 [ 124.586487][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 124.591876][ C1] ? smp_call_function_many+0x40/0x40 [ 124.597161][ C1] ? add_mm_counter+0x190/0x190 [ 124.601868][ C1] ? rwsem_mark_wake+0x6b0/0x6b0 [ 124.606676][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 124.612002][ C1] on_each_cpu_cond_mask+0x40/0x80 [ 124.617069][ C1] native_flush_tlb_multi+0x143/0x210 [ 124.622276][ C1] flush_tlb_mm_range+0x298/0x360 [ 124.627140][ C1] tlb_flush_mmu_tlbonly+0x1b7/0x420 [ 124.632259][ C1] tlb_finish_mmu+0xe1/0x3f0 [ 124.636783][ C1] exit_mmap+0x421/0x940 [ 124.640939][ C1] ? vm_brk+0x30/0x30 [ 124.644766][ C1] ? kiocb_set_cancel_fn+0x1d0/0x1d0 [ 124.649881][ C1] ? uprobe_clear_state+0x2cd/0x320 [ 124.654908][ C1] __mmput+0x95/0x310 [ 124.658731][ C1] mmput+0x56/0x170 [ 124.662379][ C1] do_exit+0xb29/0x2b80 [ 124.666367][ C1] ? put_task_struct+0x80/0x80 [ 124.670969][ C1] ? __kasan_check_write+0x14/0x20 [ 124.675911][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 124.680861][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 124.686254][ C1] ? zap_other_threads+0x29c/0x2d0 [ 124.691283][ C1] do_group_exit+0x21a/0x2d0 [ 124.695710][ C1] __x64_sys_exit_group+0x3f/0x40 [ 124.700744][ C1] do_syscall_64+0x3d/0xb0 [ 124.705084][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 124.710811][ C1] RIP: 0033:0x7f2f3914adb9 [ 124.715062][ C1] Code: Unable to access opcode bytes at 0x7f2f3914ad8f. [ 124.721920][ C1] RSP: 002b:00007ffe76b54bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.730266][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f3914adb9 [ 124.738063][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 124.745990][ C1] RBP: 00007f2f391c52b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 124.754040][ C1] R10: 00000000000000a0 R11: 0000000000000246 R12: 00007f2f391c52b0 [ 124.761842][ C1] R13: 0000000000000000 R14: 00007f2f391c5d20 R15: 00007f2f3911bf50 [ 124.769660][ C1] [ 265.066683][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 246s! [syz-executor358:312] [ 265.075120][ C1] Modules linked in: [ 265.078844][ C1] CPU: 1 PID: 312 Comm: syz-executor358 Not tainted 6.1.75-syzkaller-00027-g77fec6cefe26 #0 [ 265.088734][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.098898][ C1] RIP: 0010:smp_call_function_many_cond+0x851/0x930 [ 265.105321][ C1] Code: 3e 44 89 fe 83 e6 01 31 ff e8 0b 9e 09 00 41 83 e7 01 49 bf 00 00 00 00 00 fc ff df 75 0a e8 46 9a 09 00 e9 2f ff ff ff f3 90 <42> 0f b6 04 3b 84 c0 75 14 41 f7 06 01 00 00 00 0f 84 12 ff ff ff [ 265.125293][ C1] RSP: 0018:ffffc90000f77860 EFLAGS: 00000293 [ 265.131186][ C1] RAX: ffffffff816bc3fc RBX: 1ffff1103ee07919 RCX: ffff88811b428000 [ 265.138987][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 265.146800][ C1] RBP: ffffc90000f77968 R08: ffffffff816bc3c5 R09: fffffbfff0dcdb58 [ 265.154702][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 265.162515][ C1] R13: 0000000800000000 R14: ffff8881f703c8c8 R15: dffffc0000000000 [ 265.170345][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.179266][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.185686][ C1] CR2: 00007ffe76b54b58 CR3: 0000000006c0f000 CR4: 00000000003506a0 [ 265.193510][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.201402][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.209572][ C1] Call Trace: [ 265.212686][ C1] [ 265.215415][ C1] ? show_regs+0x58/0x60 [ 265.219476][ C1] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.224403][ C1] ? proc_watchdog_cpumask+0xf0/0xf0 [ 265.229524][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.234731][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.239771][ C1] ? clockevents_program_event+0x22f/0x300 [ 265.245403][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.251315][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.256355][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.262346][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.268064][ C1] [ 265.270851][ C1] [ 265.273614][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.279603][ C1] ? smp_call_function_many_cond+0x835/0x930 [ 265.285413][ C1] ? smp_call_function_many_cond+0x86c/0x930 [ 265.291232][ C1] ? smp_call_function_many_cond+0x851/0x930 [ 265.297045][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 265.302521][ C1] ? smp_call_function_many+0x40/0x40 [ 265.307811][ C1] ? add_mm_counter+0x190/0x190 [ 265.312511][ C1] ? rwsem_mark_wake+0x6b0/0x6b0 [ 265.317268][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 265.322661][ C1] on_each_cpu_cond_mask+0x40/0x80 [ 265.327596][ C1] native_flush_tlb_multi+0x143/0x210 [ 265.332805][ C1] flush_tlb_mm_range+0x298/0x360 [ 265.337666][ C1] tlb_flush_mmu_tlbonly+0x1b7/0x420 [ 265.342967][ C1] tlb_finish_mmu+0xe1/0x3f0 [ 265.347386][ C1] exit_mmap+0x421/0x940 [ 265.351467][ C1] ? vm_brk+0x30/0x30 [ 265.355285][ C1] ? kiocb_set_cancel_fn+0x1d0/0x1d0 [ 265.360408][ C1] ? uprobe_clear_state+0x2cd/0x320 [ 265.365443][ C1] __mmput+0x95/0x310 [ 265.369258][ C1] mmput+0x56/0x170 [ 265.372904][ C1] do_exit+0xb29/0x2b80 [ 265.376899][ C1] ? put_task_struct+0x80/0x80 [ 265.381495][ C1] ? __kasan_check_write+0x14/0x20 [ 265.386441][ C1] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 265.391472][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 265.396955][ C1] ? zap_other_threads+0x29c/0x2d0 [ 265.401899][ C1] do_group_exit+0x21a/0x2d0 [ 265.406327][ C1] __x64_sys_exit_group+0x3f/0x40 [ 265.411186][ C1] do_syscall_64+0x3d/0xb0 [ 265.415437][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 265.421166][ C1] RIP: 0033:0x7f2f3914adb9 [ 265.425421][ C1] Code: Unable to access opcode bytes at 0x7f2f3914ad8f. [ 265.432366][ C1] RSP: 002b:00007ffe76b54bf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 265.440708][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2f3914adb9 [ 265.448522][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 265.456327][ C1] RBP: 00007f2f391c52b0 R08: ffffffffffffffb8 R09: 00000000000000a0 [ 265.464142][ C1] R10: 00000000000000a0 R11: 0000000000000246 R12: 00007f2f391c52b0 [ 265.471948][ C1] R13: 0000000000000000 R14: 00007f2f391c5d20 R15: 00007f2f3911bf50 [ 265.479769][ C1]