./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3171762409 <...> Warning: Permanently added '10.128.0.23' (ED25519) to the list of known hosts. execve("./syz-executor3171762409", ["./syz-executor3171762409"], 0x7fff25029690 /* 10 vars */) = 0 brk(NULL) = 0x55555672e000 brk(0x55555672ed00) = 0x55555672ed00 arch_prctl(ARCH_SET_FS, 0x55555672e380) = 0 set_tid_address(0x55555672e650) = 296 set_robust_list(0x55555672e660, 24) = 0 rseq(0x55555672eca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3171762409", 4096) = 28 getrandom("\x9b\xee\xac\x4e\x97\xc5\x50\x6d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555672ed00 brk(0x55555674fd00) = 0x55555674fd00 brk(0x555556750000) = 0x555556750000 mprotect(0x7f23c56d4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 297 attached , child_tidptr=0x55555672e650) = 297 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] set_robust_list(0x55555672e660, 24) = 0 ./strace-static-x86_64: Process 298 attached [pid 296] <... clone resumed>, child_tidptr=0x55555672e650) = 298 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555672e650) = 299 [pid 297] mkdir("./syzkaller.3ymlrx", 0700 [pid 298] set_robust_list(0x55555672e660, 24 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x55555672e660, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x55555672e650) = 300 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] chmod("./syzkaller.3ymlrx", 0777./strace-static-x86_64: Process 299 attached [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 301 attached [pid 297] <... chmod resumed>) = 0 [pid 301] set_robust_list(0x55555672e660, 24) = 0 [pid 296] <... clone resumed>, child_tidptr=0x55555672e650) = 301 [pid 297] chdir("./syzkaller.3ymlrx" [pid 298] mkdir("./syzkaller.fzlu0I", 0700 [pid 301] mkdir("./syzkaller.owc4sY", 0700 [pid 297] <... chdir resumed>) = 0 [pid 299] set_robust_list(0x55555672e660, 24 [pid 297] mkdir("./0", 0777 [pid 300] mkdir("./syzkaller.Z78grb", 0700 [pid 299] <... set_robust_list resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555672e650) = 302 ./strace-static-x86_64: Process 302 attached [pid 302] set_robust_list(0x55555672e660, 24) = 0 [pid 302] chdir("./0" [pid 299] mkdir("./syzkaller.A1vnGw", 0700 [pid 302] <... chdir resumed>) = 0 [pid 302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 302] setpgid(0, 0) = 0 [pid 302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... mkdir resumed>) = 0 [pid 298] chmod("./syzkaller.fzlu0I", 0777) = 0 [pid 298] chdir("./syzkaller.fzlu0I" [pid 302] <... openat resumed>) = 3 [pid 302] write(3, "1000", 4) = 4 [pid 302] close(3) = 0 [pid 302] symlink("/dev/binderfs", "./binderfs" [pid 298] <... chdir resumed>) = 0 [pid 298] mkdir("./0", 0777 [pid 301] <... mkdir resumed>) = 0 [pid 302] <... symlink resumed>) = 0 [pid 302] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 298] <... mkdir resumed>) = 0 [pid 302] <... openat resumed>) = 3 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 301] chmod("./syzkaller.owc4sY", 0777 [pid 300] <... mkdir resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 302] <... ioctl resumed>) = 0 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 302] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 302] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 302] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 302] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 302] exit_group(0) = ? [pid 298] <... clone resumed>, child_tidptr=0x55555672e650) = 303 ./strace-static-x86_64: Process 303 attached [pid 301] <... chmod resumed>) = 0 [pid 300] chmod("./syzkaller.Z78grb", 0777 [pid 299] chmod("./syzkaller.A1vnGw", 0777 [pid 301] chdir("./syzkaller.owc4sY" [pid 300] <... chmod resumed>) = 0 [pid 299] <... chmod resumed>) = 0 [pid 303] set_robust_list(0x55555672e660, 24 [pid 301] <... chdir resumed>) = 0 [pid 300] chdir("./syzkaller.Z78grb" [pid 299] chdir("./syzkaller.A1vnGw" [pid 301] mkdir("./0", 0777 [pid 300] <... chdir resumed>) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 300] mkdir("./0", 0777 [pid 299] <... chdir resumed>) = 0 [pid 300] <... mkdir resumed>) = 0 [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] mkdir("./0", 0777 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 303] <... set_robust_list resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 304 attached [pid 304] set_robust_list(0x55555672e660, 24) = 0 [pid 304] chdir("./0") = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 304] <... prctl resumed>) = 0 [pid 304] setpgid(0, 0) = 0 [pid 301] <... clone resumed>, child_tidptr=0x55555672e650) = 304 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] <... clone resumed>, child_tidptr=0x55555672e650) = 305 [pid 303] chdir("./0" [pid 299] <... clone resumed>, child_tidptr=0x55555672e650) = 306 [pid 303] <... chdir resumed>) = 0 [pid 302] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=302, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 303] <... prctl resumed>) = 0 [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 297] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./0/binderfs") = 0 [pid 297] getdents64(3, 0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./0") = 0 [pid 297] mkdir("./1", 0777) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555672e650) = 307 [pid 304] write(3, "1000", 4) = 4 [pid 304] close(3) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 304] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 304] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 304] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 304] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 304] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 304] exit_group(0) = ? [pid 304] +++ exited with 0 +++ ./strace-static-x86_64: Process 306 attached [pid 306] set_robust_list(0x55555672e660, 24) = 0 [pid 306] chdir("./0") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100./strace-static-x86_64: Process 307 attached ) = 0 [pid 307] set_robust_list(0x55555672e660, 24 [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 306] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 307] <... set_robust_list resumed>) = 0 [pid 306] <... ioctl resumed>) = 0 [pid 306] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 307] chdir("./1" [pid 306] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 306] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 307] <... chdir resumed>) = 0 [pid 306] exit_group(0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 306] <... exit_group resumed>) = ? [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs" [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=304, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] setpgid(0, 0./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x55555672e660, 24 [pid 303] <... setpgid resumed>) = 0 [pid 303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 301] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 305] <... set_robust_list resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 307] <... symlink resumed>) = 0 [pid 305] chdir("./0" [pid 303] write(3, "1000", 4 [pid 301] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 306] +++ exited with 0 +++ [pid 307] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 303] <... write resumed>) = 4 [pid 301] <... openat resumed>) = 3 [pid 307] <... openat resumed>) = 3 [pid 303] close(3 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 305] <... chdir resumed>) = 0 [pid 301] newfstatat(3, "", [pid 303] <... close resumed>) = 0 [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 303] symlink("/dev/binderfs", "./binderfs" [pid 301] getdents64(3, [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 303] <... symlink resumed>) = 0 [pid 299] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 303] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 305] <... prctl resumed>) = 0 [pid 301] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 307] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 307] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 305] setpgid(0, 0 [pid 303] <... openat resumed>) = 3 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 307] <... openat resumed>) = 4 [pid 305] <... setpgid resumed>) = 0 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 301] newfstatat(AT_FDCWD, "./0/binderfs", [pid 299] <... openat resumed>) = 3 [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] newfstatat(3, "", [pid 303] <... ioctl resumed>) = 0 [pid 301] unlink("./0/binderfs" [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 307] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 301] <... unlink resumed>) = 0 [pid 307] <... ioctl resumed>) = 0 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 299] getdents64(3, [pid 301] getdents64(3, [pid 305] <... openat resumed>) = 3 [pid 299] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 305] write(3, "1000", 4 [pid 303] <... ioctl resumed>) = 0 [pid 301] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 303] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 305] <... write resumed>) = 4 [pid 301] close(3 [pid 299] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 307] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 303] <... ioctl resumed>) = 0 [pid 305] close(3 [pid 301] <... close resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 305] <... close resumed>) = 0 [pid 303] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 301] rmdir("./0" [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", [pid 303] <... openat resumed>) = 4 [pid 307] <... ioctl resumed>) = 0 [pid 307] exit_group(0) = ? [pid 303] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 301] <... rmdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 24.315468][ T30] audit: type=1400 audit(1714776753.017:66): avc: denied { execmem } for pid=296 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 307] +++ exited with 0 +++ [pid 305] <... symlink resumed>) = 0 [pid 303] <... ioctl resumed>) = 0 [pid 301] mkdir("./1", 0777 [pid 299] unlink("./0/binderfs" [pid 305] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 303] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 303] <... ioctl resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 297] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 301] <... mkdir resumed>) = 0 [pid 297] newfstatat(3, "", [pid 303] exit_group(0 [pid 299] getdents64(3, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 305] <... openat resumed>) = 3 [pid 303] <... exit_group resumed>) = ? [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, 0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 297] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./1/binderfs" [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 299] close(3 [pid 297] <... unlink resumed>) = 0 [pid 297] getdents64(3, 0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 297] close(3 [pid 299] <... close resumed>) = 0 [pid 305] <... ioctl resumed>) = 0 [pid 303] +++ exited with 0 +++ [pid 301] <... clone resumed>, child_tidptr=0x55555672e650) = 308 [pid 299] rmdir("./0" [pid 297] <... close resumed>) = 0 [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=303, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] rmdir("./1" [pid 305] <... ioctl resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 297] <... rmdir resumed>) = 0 [pid 305] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 299] mkdir("./1", 0777 [pid 298] <... restart_syscall resumed>) = 0 [pid 297] mkdir("./2", 0777 [pid 305] <... ioctl resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 305] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 305] <... openat resumed>) = 4 [pid 298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 305] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 299] <... clone resumed>, child_tidptr=0x55555672e650) = 309 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... clone resumed>, child_tidptr=0x55555672e650) = 310 [pid 305] <... ioctl resumed>) = 0 [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 305] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 298] <... openat resumed>) = 3 ./strace-static-x86_64: Process 308 attached [pid 305] <... ioctl resumed>) = 0 [pid 298] newfstatat(3, "", [pid 308] set_robust_list(0x55555672e660, 24 [pid 305] exit_group(0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 308] <... set_robust_list resumed>) = 0 [pid 305] <... exit_group resumed>) = ? [pid 298] getdents64(3, [pid 308] chdir("./1" [pid 298] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 308] <... chdir resumed>) = 0 [pid 305] +++ exited with 0 +++ [pid 298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 308] <... prctl resumed>) = 0 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", [pid 308] setpgid(0, 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 308] <... setpgid resumed>) = 0 [pid 298] unlink("./0/binderfs" [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... unlink resumed>) = 0 [pid 308] <... openat resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] getdents64(3, [pid 308] write(3, "1000", 4 [pid 300] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 308] <... write resumed>) = 4 [pid 300] <... openat resumed>) = 3 [pid 298] close(3 [pid 308] close(3 [pid 300] newfstatat(3, "", [pid 298] <... close resumed>) = 0 [pid 308] <... close resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] rmdir("./0" [pid 308] symlink("/dev/binderfs", "./binderfs" [pid 300] getdents64(3, [pid 298] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 310 attached [pid 308] <... symlink resumed>) = 0 [pid 300] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 298] mkdir("./1", 0777 [pid 310] set_robust_list(0x55555672e660, 24 [pid 308] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 300] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... mkdir resumed>) = 0 [pid 310] <... set_robust_list resumed>) = 0 [pid 308] <... openat resumed>) = 3 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 311 attached ./strace-static-x86_64: Process 309 attached [pid 310] chdir("./2" [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 300] newfstatat(AT_FDCWD, "./0/binderfs", [pid 310] <... chdir resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x55555672e650) = 311 [pid 311] set_robust_list(0x55555672e660, 24 [pid 310] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] set_robust_list(0x55555672e660, 24 [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 310] <... prctl resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 300] unlink("./0/binderfs" [pid 310] setpgid(0, 0 [pid 308] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 300] <... unlink resumed>) = 0 [pid 310] <... setpgid resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 300] getdents64(3, [pid 311] <... set_robust_list resumed>) = 0 [pid 310] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... set_robust_list resumed>) = 0 [pid 308] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 311] chdir("./1" [pid 310] <... openat resumed>) = 3 [pid 309] chdir("./1" [pid 308] <... openat resumed>) = 4 [pid 300] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 310] write(3, "1000", 4 [pid 308] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 300] close(3 [pid 310] <... write resumed>) = 4 [pid 308] <... ioctl resumed>) = 0 [pid 300] <... close resumed>) = 0 [pid 310] close(3 [pid 308] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 300] rmdir("./0" [pid 311] <... chdir resumed>) = 0 [pid 310] <... close resumed>) = 0 [pid 309] <... chdir resumed>) = 0 [pid 308] <... ioctl resumed>) = 0 [pid 310] symlink("/dev/binderfs", "./binderfs" [pid 308] exit_group(0 [pid 300] <... rmdir resumed>) = 0 [pid 311] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 310] <... symlink resumed>) = 0 [pid 309] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 308] <... exit_group resumed>) = ? [pid 311] <... prctl resumed>) = 0 [pid 310] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 309] <... prctl resumed>) = 0 [pid 308] +++ exited with 0 +++ [pid 300] mkdir("./1", 0777 [pid 301] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 310] <... openat resumed>) = 3 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 310] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 310] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 300] <... mkdir resumed>) = 0 [pid 310] <... openat resumed>) = 4 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 310] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 310] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 310] exit_group(0) = ? [pid 301] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 311] setpgid(0, 0 [pid 310] +++ exited with 0 +++ [pid 309] setpgid(0, 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] <... clone resumed>, child_tidptr=0x55555672e650) = 312 [pid 301] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 312 attached ) = 3 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=310, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 301] newfstatat(3, "", [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 301] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] getdents64(3, [pid 297] <... restart_syscall resumed>) = 0 [pid 312] set_robust_list(0x55555672e660, 24 [pid 301] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 301] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] <... set_robust_list resumed>) = 0 [pid 312] chdir("./1" [pid 311] <... setpgid resumed>) = 0 [pid 309] <... setpgid resumed>) = 0 [pid 301] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] newfstatat(AT_FDCWD, "./1/binderfs", [pid 297] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 301] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] unlink("./1/binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 312] <... chdir resumed>) = 0 [pid 312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 301] <... unlink resumed>) = 0 [pid 312] setpgid(0, 0 [pid 301] getdents64(3, [pid 297] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 301] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 297] <... openat resumed>) = 3 [pid 301] close(3 [pid 297] newfstatat(3, "", [pid 301] <... close resumed>) = 0 [pid 312] <... setpgid resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 301] rmdir("./1" [pid 297] getdents64(3, [pid 312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 301] <... rmdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 301] mkdir("./2", 0777 [pid 297] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] write(3, "1000", 4) = 4 [pid 312] close(3) = 0 [pid 301] <... mkdir resumed>) = 0 [pid 312] symlink("/dev/binderfs", "./binderfs" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 301] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] newfstatat(AT_FDCWD, "./2/binderfs", [pid 312] <... symlink resumed>) = 0 [pid 312] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 301] <... clone resumed>, child_tidptr=0x55555672e650) = 313 [pid 297] unlink("./2/binderfs" [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 297] <... unlink resumed>) = 0 [pid 297] getdents64(3, [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 297] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 312] <... ioctl resumed>) = 0 [pid 297] close(3 [pid 311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 312] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 297] <... close resumed>) = 0 [pid 312] <... ioctl resumed>) = 0 [pid 297] rmdir("./2" [pid 312] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 312] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 312] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 297] mkdir("./3", 0777 [pid 312] <... ioctl resumed>) = 0 [pid 312] exit_group(0) = ? [pid 312] +++ exited with 0 +++ [pid 311] <... openat resumed>) = 3 [pid 309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 297] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 313 attached [pid 311] write(3, "1000", 4 [pid 309] <... openat resumed>) = 3 [pid 300] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=312, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 311] <... write resumed>) = 4 [pid 313] set_robust_list(0x55555672e660, 24) = 0 [pid 313] chdir("./2") = 0 [pid 300] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... clone resumed>, child_tidptr=0x55555672e650) = 314 [pid 311] close(3 [pid 309] write(3, "1000", 4 [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 311] <... close resumed>) = 0 [pid 309] <... write resumed>) = 4 [pid 300] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 311] symlink("/dev/binderfs", "./binderfs" [pid 300] <... openat resumed>) = 3 [pid 300] newfstatat(3, "", [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 300] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 313] <... prctl resumed>) = 0 [pid 300] getdents64(3, [pid 309] close(3 [pid 313] setpgid(0, 0 [pid 300] <... getdents64 resumed>0x55555672f6f0 /* 3 entries */, 32768) = 80 [pid 309] <... close resumed>) = 0 [pid 311] <... symlink resumed>) = 0 [pid 300] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 309] symlink("/dev/binderfs", "./binderfs" [pid 300] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 300] newfstatat(AT_FDCWD, "./1/binderfs", [pid 313] <... setpgid resumed>) = 0 [pid 300] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 300] unlink("./1/binderfs" [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 300] <... unlink resumed>) = 0 [pid 300] getdents64(3, [pid 313] <... openat resumed>) = 3 [pid 311] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 309] <... symlink resumed>) = 0 [pid 300] <... getdents64 resumed>0x55555672f6f0 /* 0 entries */, 32768) = 0 [pid 300] close(3 [pid 313] write(3, "1000", 4 [pid 300] <... close resumed>) = 0 [pid 311] <... openat resumed>) = 3 [pid 309] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 300] rmdir("./1" [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 313] <... write resumed>) = 4 ./strace-static-x86_64: Process 314 attached [pid 313] close(3 [pid 314] set_robust_list(0x55555672e660, 24 [pid 313] <... close resumed>) = 0 [pid 311] <... ioctl resumed>) = 0 [pid 300] <... rmdir resumed>) = 0 [pid 309] <... openat resumed>) = 3 [pid 300] mkdir("./2", 0777 [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 314] <... set_robust_list resumed>) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs" [pid 314] chdir("./3" [pid 313] <... symlink resumed>) = 0 [pid 311] <... ioctl resumed>) = 0 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 300] <... mkdir resumed>) = 0 [pid 311] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 300] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 309] <... ioctl resumed>) = 0 [pid 314] <... chdir resumed>) = 0 [pid 313] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 314] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 313] <... openat resumed>) = 3 [pid 311] <... ioctl resumed>) = 0 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 300] <... clone resumed>, child_tidptr=0x55555672e650) = 315 [pid 314] <... prctl resumed>) = 0 [pid 313] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 311] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 309] <... ioctl resumed>) = 0 [pid 314] setpgid(0, 0 [pid 313] <... ioctl resumed>) = 0 [pid 314] <... setpgid resumed>) = 0 [pid 313] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 313] <... ioctl resumed>) = 0 [pid 311] <... openat resumed>) = 4 [pid 309] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 314] <... openat resumed>) = 3 [pid 313] ioctl(3, SNDRV_TIMER_IOCTL_START, 0 [pid 314] write(3, "1000", 4 [pid 313] <... ioctl resumed>) = 0 [pid 314] <... write resumed>) = 4 [pid 313] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 314] close(3 [pid 313] <... openat resumed>) = 4 [pid 314] <... close resumed>) = 0 [pid 313] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 314] symlink("/dev/binderfs", "./binderfs" [pid 313] <... ioctl resumed>) = 0 [pid 311] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 309] <... ioctl resumed>) = 0 [pid 314] <... symlink resumed>) = 0 [pid 313] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 311] <... ioctl resumed>) = 0 [pid 314] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 313] <... ioctl resumed>) = 0 [pid 311] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 309] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 314] <... openat resumed>) = 3 [pid 313] exit_group(0 [pid 311] <... ioctl resumed>) = 0 [pid 314] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 313] <... exit_group resumed>) = ? [ 124.427627][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 124.434478][ C1] (detected by 1, t=10002 jiffies, g=621, q=69) [ 124.440627][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4294949661-4294939659), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 124.453824][ C1] rcu: rcu_preempt kthread starved for 10002 jiffies! g621 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 124.464665][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 124.474472][ C1] rcu: RCU grace-period kthread stack dump: [ 124.480210][ C1] task:rcu_preempt state:R running task stack:28328 pid: 14 ppid: 2 flags:0x00004000 [ 124.490811][ C1] Call Trace: [ 124.493924][ C1] [ 124.496718][ C1] __schedule+0xccc/0x1590 [ 124.500949][ C1] ? __sched_text_start+0x8/0x8 [ 124.505719][ C1] ? __kasan_check_write+0x14/0x20 [ 124.510794][ C1] schedule+0x11f/0x1e0 [ 124.514782][ C1] schedule_timeout+0x18c/0x370 [ 124.519469][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 124.524688][ C1] ? console_conditional_schedule+0x30/0x30 [ 124.530418][ C1] ? update_process_times+0x200/0x200 [ 124.535620][ C1] ? prepare_to_swait_event+0x308/0x320 [ 124.541004][ C1] rcu_gp_fqs_loop+0x2af/0xf80 [ 124.545604][ C1] ? debug_smp_processor_id+0x17/0x20 [ 124.550809][ C1] ? __note_gp_changes+0x4ab/0x920 [ 124.555758][ C1] ? rcu_gp_init+0xc30/0xc30 [ 124.560192][ C1] ? _raw_spin_unlock_irq+0x4e/0x70 [ 124.565304][ C1] ? rcu_gp_init+0x9cf/0xc30 [ 124.569733][ C1] rcu_gp_kthread+0xa4/0x350 [ 124.574157][ C1] ? _raw_spin_lock+0x1b0/0x1b0 [ 124.578845][ C1] ? rcu_barrier_callback+0x50/0x50 [ 124.583875][ C1] ? __kasan_check_read+0x11/0x20 [ 124.588739][ C1] ? __kthread_parkme+0xb2/0x200 [ 124.593513][ C1] kthread+0x421/0x510 [ 124.597414][ C1] ? rcu_barrier_callback+0x50/0x50 [ 124.602448][ C1] ? kthread_blkcg+0xd0/0xd0 [ 124.606886][ C1] ret_from_fork+0x1f/0x30 [ 124.611134][ C1] [ 124.614008][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 124.620159][ C1] Sending NMI from CPU 1 to CPUs 0: [ 124.625206][ C0] NMI backtrace for cpu 0 [ 124.625229][ C0] CPU: 0 PID: 311 Comm: syz-executor317 Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 124.625247][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 124.625260][ C0] RIP: 0010:__wake_up+0x93/0x1c0 [ 124.625279][ C0] Code: 03 42 c7 04 30 f1 f1 f1 f1 42 c7 44 30 09 f3 f3 f3 f3 66 42 c7 44 30 0d f3 f3 48 89 44 24 10 42 c6 44 30 0f f3 4c 8d 64 24 58 18 00 00 00 31 f6 e8 d1 b2 5f 00 4c 89 e0 48 c1 e8 03 42 80 3c [ 124.625293][ C0] RSP: 0018:ffffc90000007a40 EFLAGS: 00000802 [ 124.625308][ C0] RAX: 1ffff92000000f4c RBX: ffff88811cbd6f70 RCX: 0000000000000000 [ 124.625321][ C0] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffffc90000007a80 [ 124.625331][ C0] RBP: ffffc90000007b38 R08: ffffffff83c325fe R09: 0000000000000003 [ 124.625343][ C0] R10: fffff52000000f58 R11: dffffc0000000001 R12: ffffc90000007a98 [ 124.625356][ C0] R13: 0000000000000001 R14: dffffc0000000000 R15: 0000000000000003 [ 124.625366][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 124.625381][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.625392][ C0] CR2: 00007ffe357db0cc CR3: 000000011cbf1000 CR4: 00000000003506b0 [ 124.625407][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.625417][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 124.625427][ C0] Call Trace: [ 124.625432][ C0] [ 124.625438][ C0] ? show_regs+0x58/0x60 [ 124.625475][ C0] ? nmi_cpu_backtrace+0x29f/0x300 [ 124.625495][ C0] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 124.625515][ C0] ? __wake_up+0x93/0x1c0 [ 124.625530][ C0] ? __wake_up+0x93/0x1c0 [ 124.625546][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 124.625564][ C0] ? nmi_handle+0xa8/0x280 [ 124.625581][ C0] ? __wake_up+0x93/0x1c0 [ 124.625597][ C0] ? default_do_nmi+0x69/0x160 [ 124.625626][ C0] ? exc_nmi+0xaf/0x120 [ 124.625641][ C0] ? end_repeat_nmi+0x16/0x31 [ 124.625657][ C0] ? snd_timer_user_interrupt+0x13e/0x470 [ 124.625675][ C0] ? __wake_up+0x93/0x1c0 [ 124.625690][ C0] ? __wake_up+0x93/0x1c0 [ 124.625710][ C0] ? __wake_up+0x93/0x1c0 [ 124.625725][ C0] [ 124.625730][ C0] [ 124.625735][ C0] ? remove_wait_queue+0x140/0x140 [ 124.625751][ C0] ? __kasan_check_write+0x14/0x20 [ 124.625767][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 124.625784][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 124.625802][ C0] ? snd_kill_fasync+0x152/0x2a0 [ 124.625820][ C0] snd_timer_user_interrupt+0x2e5/0x470 [ 124.625838][ C0] ? snd_timer_user_tinterrupt+0xc90/0xc90 [ 124.625854][ C0] snd_timer_process_callbacks+0x24b/0x310 [ 124.625871][ C0] snd_timer_interrupt+0xe94/0x1050 [ 124.625890][ C0] snd_hrtimer_callback+0x1db/0x330 [ 124.625906][ C0] ? snd_hrtimer_stop+0xa0/0xa0 [ 124.625922][ C0] __hrtimer_run_queues+0x41a/0xad0 [ 124.625940][ C0] ? hrtimer_interrupt+0xaa0/0xaa0 [ 124.625956][ C0] ? clockevents_program_event+0x236/0x300 [ 124.625973][ C0] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 124.625991][ C0] hrtimer_interrupt+0x40c/0xaa0 [ 124.626010][ C0] __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 124.626027][ C0] sysvec_apic_timer_interrupt+0x95/0xc0 [ 124.626045][ C0] [ 124.626049][ C0] [ 124.626054][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 124.626071][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x57/0x80 [ 124.626090][ C0] Code: 8d 86 e8 bc 6c e9 fc 48 83 3d 9c 78 c4 01 00 74 35 48 89 df e8 0e 0a 8c fc 66 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 84 4d 83 fc 65 8b 05 25 91 39 7b 85 c0 74 05 5b 41 5e 5d c3 e8 [ 124.626103][ C0] RSP: 0018:ffffc90000a77a68 EFLAGS: 00000206 [ 124.626116][ C0] RAX: 0000000000000001 RBX: ffff88810aad5d38 RCX: dffffc0000000000 [ 124.626128][ C0] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000001 [ 124.626138][ C0] RBP: ffffc90000a77a78 R08: ffffffff83c297e7 R09: ffffed102397ac0e [ 124.626150][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810aad5cb0 [ 124.626162][ C0] R13: dffffc0000000000 R14: 0000000000000246 R15: 0000000000000001 [ 124.626174][ C0] ? snd_timer_notify1+0x217/0x350 [ 124.626190][ C0] ? _raw_spin_unlock_irqrestore+0x46/0x80 [ 124.626209][ C0] snd_timer_stop1+0x7af/0x8f0 [ 124.626225][ C0] snd_timer_close_locked+0x22e/0x920 [ 124.626242][ C0] snd_timer_user_release+0x121/0x2c0 [ 124.626259][ C0] ? snd_timer_user_open+0x180/0x180 [ 124.626274][ C0] ? percpu_counter_add_batch+0x13d/0x160 [ 124.626291][ C0] ? snd_timer_user_open+0x180/0x180 [ 124.626306][ C0] __fput+0x3fe/0x910 [ 124.626324][ C0] ____fput+0x15/0x20 [ 124.626338][ C0] task_work_run+0x129/0x190 [ 124.626354][ C0] do_exit+0xc48/0x2ca0 [ 124.626371][ C0] ? put_task_struct+0x80/0x80 [ 124.626387][ C0] ? ptrace_notify+0x24c/0x350 [ 124.626403][ C0] ? do_notify_parent+0xa30/0xa30 [ 124.626421][ C0] do_group_exit+0x141/0x310 [ 124.626437][ C0] __x64_sys_exit_group+0x3f/0x40 [ 124.626453][ C0] do_syscall_64+0x3d/0xb0 [ 124.626468][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 124.626487][ C0] RIP: 0033:0x7f23c565f339 [ 124.626506][ C0] Code: Unable to access opcode bytes at RIP 0x7f23c565f30f. [ 124.626514][ C0] RSP: 002b:00007ffe357dc148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.626529][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f23c565f339 [ 124.626541][ C0] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 124.626551][ C0] RBP: 00007f23c56da370 R08: ffffffffffffffb8 R09: 0000000000000004 [ 124.626562][ C0] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f23c56da370 [ 124.626572][ C0] R13: 0000000000000000 R14: 00007f23c56dade0 R15: 00007f23c5630280 [ 124.626586][ C0] [ 124.626596][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.387 msecs [ 265.055407][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 225s! [syz-executor317:309] [ 265.063940][ C1] Modules linked in: [ 265.067802][ C1] CPU: 1 PID: 309 Comm: syz-executor317 Not tainted 5.15.149-syzkaller-00490-g5d96939590c0 #0 [ 265.077821][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 265.087805][ C1] RIP: 0010:smp_call_function_many_cond+0x843/0x9b0 [ 265.094320][ C1] Code: 45 8b 7d 00 44 89 fe 83 e6 01 31 ff e8 76 a8 0a 00 41 83 e7 01 49 bf 00 00 00 00 00 fc ff df 75 07 e8 b1 a4 0a 00 eb 38 f3 90 <42> 0f b6 04 3b 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 95 a4 [ 265.114271][ C1] RSP: 0018:ffffc90000a478e0 EFLAGS: 00000293 [ 265.120177][ C1] RAX: ffffffff8165819b RBX: 1ffff1103ee07971 RCX: ffff88811ff093c0 [ 265.127986][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 265.135796][ C1] RBP: ffffc90000a479f8 R08: ffffffff8165816a R09: fffffbfff0d49f51 [ 265.143606][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 265.151484][ C1] R13: ffff8881f703cb88 R14: ffff8881f7138280 R15: dffffc0000000000 [ 265.159232][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 265.167995][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.174415][ C1] CR2: 00007ffe357dc0a8 CR3: 000000000680f000 CR4: 00000000003506a0 [ 265.182245][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 265.190044][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 265.197850][ C1] Call Trace: [ 265.200999][ C1] [ 265.203673][ C1] ? show_regs+0x58/0x60 [ 265.207832][ C1] ? watchdog_timer_fn+0x4b1/0x5f0 [ 265.212782][ C1] ? proc_watchdog_cpumask+0xd0/0xd0 [ 265.217904][ C1] ? __hrtimer_run_queues+0x41a/0xad0 [ 265.223111][ C1] ? hrtimer_interrupt+0xaa0/0xaa0 [ 265.228055][ C1] ? clockevents_program_event+0x22f/0x300 [ 265.233698][ C1] ? ktime_get_update_offsets_now+0x2ba/0x2d0 [ 265.239602][ C1] ? hrtimer_interrupt+0x40c/0xaa0 [ 265.244550][ C1] ? __sysvec_apic_timer_interrupt+0xfd/0x3c0 [ 265.250449][ C1] ? sysvec_apic_timer_interrupt+0x95/0xc0 [ 265.256088][ C1] [ 265.258898][ C1] [ 265.261650][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 265.267641][ C1] ? smp_call_function_many_cond+0x82a/0x9b0 [ 265.273449][ C1] ? smp_call_function_many_cond+0x85b/0x9b0 [ 265.279265][ C1] ? smp_call_function_many_cond+0x843/0x9b0 [ 265.285081][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 265.290462][ C1] ? smp_call_function_many+0x40/0x40 [ 265.295772][ C1] ? native_flush_tlb_multi+0x210/0x210 [ 265.301134][ C1] on_each_cpu_cond_mask+0x40/0x80 [ 265.306083][ C1] native_flush_tlb_multi+0x141/0x210 [ 265.311297][ C1] flush_tlb_mm_range+0x223/0x310 [ 265.316151][ C1] tlb_flush_mmu_tlbonly+0x1b7/0x420 [ 265.321272][ C1] tlb_finish_mmu+0xd4/0x320 [ 265.325699][ C1] exit_mmap+0x3ef/0x6f0 [ 265.329777][ C1] ? exit_aio+0x25e/0x3c0 [ 265.333945][ C1] ? vm_brk+0x30/0x30 [ 265.337762][ C1] ? mutex_unlock+0xb2/0x260 [ 265.342192][ C1] ? uprobe_clear_state+0x2cd/0x320 [ 265.347225][ C1] __mmput+0x95/0x310 [ 265.351043][ C1] mmput+0x5b/0x170 [ 265.354685][ C1] do_exit+0xb9c/0x2ca0 [ 265.358775][ C1] ? put_task_struct+0x80/0x80 [ 265.363366][ C1] ? ptrace_notify+0x24c/0x350 [ 265.367973][ C1] ? do_notify_parent+0xa30/0xa30 [ 265.372828][ C1] do_group_exit+0x141/0x310 [ 265.377253][ C1] __x64_sys_exit_group+0x3f/0x40 [ 265.382110][ C1] do_syscall_64+0x3d/0xb0 [ 265.386363][ C1] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 265.392092][ C1] RIP: 0033:0x7f23c565f339 [ 265.396361][ C1] Code: Unable to access opcode bytes at RIP 0x7f23c565f30f. [ 265.403551][ C1] RSP: 002b:00007ffe357dc148 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 265.411793][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f23c565f339 [ 265.419606][ C1] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 265.427419][ C1] RBP: 00007f23c56da370 R08: ffffffffffffffb8 R09: 0000000000000004 [ 265.435230][ C1] R10: 0000000000000004 R11: 0000000000000246 R12: 00007f23c56da370 [ 265.443044][ C1] R13: 0000000000000000 R14: 00007f23c56dade0 R15: 00007f23c5630280 [ 265.450853][ C1]