./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1591180651 <...> Warning: Permanently added '10.128.0.155' (ED25519) to the list of known hosts. execve("./syz-executor1591180651", ["./syz-executor1591180651"], 0x7ffd54bc8b90 /* 10 vars */) = 0 brk(NULL) = 0x55555578a000 brk(0x55555578ad00) = 0x55555578ad00 arch_prctl(ARCH_SET_FS, 0x55555578a380) = 0 set_tid_address(0x55555578a650) = 357 set_robust_list(0x55555578a660, 24) = 0 rseq(0x55555578aca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1591180651", 4096) = 28 getrandom("\xeb\xa8\x48\x0e\xdb\x06\xe0\x7c", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555578ad00 brk(0x5555557abd00) = 0x5555557abd00 brk(0x5555557ac000) = 0x5555557ac000 mprotect(0x7f923ad8d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555578a650) = 358 ./strace-static-x86_64: Process 358 attached [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] set_robust_list(0x55555578a660, 24) = 0 ./strace-static-x86_64: Process 359 attached [pid 357] <... clone resumed>, child_tidptr=0x55555578a650) = 359 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] <... clone resumed>, child_tidptr=0x55555578a650) = 360 [pid 357] <... clone resumed>, child_tidptr=0x55555578a650) = 361 ./strace-static-x86_64: Process 361 attached ./strace-static-x86_64: Process 360 attached [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] set_robust_list(0x55555578a660, 24 [pid 359] set_robust_list(0x55555578a660, 24 [pid 360] set_robust_list(0x55555578a660, 24 [pid 361] <... set_robust_list resumed>) = 0 [pid 360] <... set_robust_list resumed>) = 0 [pid 359] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 362 attached [pid 357] <... clone resumed>, child_tidptr=0x55555578a650) = 362 [pid 357] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 362] set_robust_list(0x55555578a660, 24 [pid 361] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 363 attached [pid 357] <... clone resumed>, child_tidptr=0x55555578a650) = 363 [pid 362] <... set_robust_list resumed>) = 0 [pid 360] <... prctl resumed>) = 0 [pid 361] <... clone resumed>, child_tidptr=0x55555578a650) = 365 [pid 362] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] setpgid(0, 0./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x55555578a660, 24) = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 364 attached [pid 363] set_robust_list(0x55555578a660, 24 [pid 360] <... setpgid resumed>) = 0 [pid 359] <... clone resumed>, child_tidptr=0x55555578a650) = 364 [pid 362] <... clone resumed>, child_tidptr=0x55555578a650) = 366 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 365] <... openat resumed>) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 360] <... openat resumed>) = 3 [pid 360] write(3, "1000", 4 [pid 363] <... set_robust_list resumed>) = 0 [pid 360] <... write resumed>) = 4 [pid 364] set_robust_list(0x55555578a660, 24 [pid 360] close(3 [pid 363] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] <... close resumed>) = 0 [pid 364] <... set_robust_list resumed>) = 0 [pid 365] <... openat resumed>) = 3 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 360] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 365] <... ioctl resumed>) = 0 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x200002c0) = 0 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 365] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY./strace-static-x86_64: Process 367 attached ./strace-static-x86_64: Process 366 attached [pid 364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 363] <... clone resumed>, child_tidptr=0x55555578a650) = 367 [pid 360] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 365] <... openat resumed>) = 4 [pid 364] <... prctl resumed>) = 0 [pid 360] <... ioctl resumed>) = 0 [pid 366] set_robust_list(0x55555578a660, 24 [pid 365] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 365] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 360] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x200002c0 [pid 367] set_robust_list(0x55555578a660, 24 [pid 366] <... set_robust_list resumed>) = 0 [pid 364] setpgid(0, 0 [pid 360] <... ioctl resumed>) = 0 [pid 365] exit_group(0) = ? [pid 367] <... set_robust_list resumed>) = 0 [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 364] <... setpgid resumed>) = 0 [pid 360] ioctl(3, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 360] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 366] <... prctl resumed>) = 0 [pid 360] <... openat resumed>) = 4 [pid 364] <... openat resumed>) = 3 [pid 360] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 364] write(3, "1000", 4 [pid 360] <... ioctl resumed>) = 0 [pid 364] <... write resumed>) = 4 [pid 360] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 360] exit_group(0) = ? [ 24.365005][ T23] audit: type=1400 audit(1712276236.010:66): avc: denied { execmem } for pid=357 comm="syz-executor159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 364] close(3 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] setpgid(0, 0 [pid 364] <... close resumed>) = 0 [pid 366] <... setpgid resumed>) = 0 [pid 364] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 364] <... openat resumed>) = 3 [pid 366] <... openat resumed>) = 3 [pid 364] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 366] write(3, "1000", 4) = 4 [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 366] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 367] <... prctl resumed>) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [ 165.713289][ C0] rcu: INFO: rcu_preempt self-detected stall on CPU [ 165.719708][ C0] rcu: 0-...!: (2 ticks this GP) idle=f8a/1/0x4000000000000002 softirq=1165/1165 fqs=0 last_accelerate: 93a2/cad7, Nonlazy posted: ..D [ 165.733848][ C0] (t=14132 jiffies g=517 q=26) [ 165.738529][ C0] rcu: rcu_preempt kthread starved for 14132 jiffies! g517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0 [ 165.749546][ C0] rcu: RCU grace-period kthread stack dump: [ 165.755275][ C0] rcu_preempt I28920 11 2 0x80004000 [ 165.761446][ C0] Call Trace: [ 165.764572][ C0] __schedule+0xb05/0x1320 [ 165.768821][ C0] ? is_mmconf_reserved+0x430/0x430 [ 165.773846][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 165.779149][ C0] ? _raw_spin_unlock_irq+0x4a/0x60 [ 165.784184][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 165.788863][ C0] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 165.793815][ C0] schedule+0x12c/0x1d0 [ 165.797805][ C0] schedule_timeout+0x188/0x3d0 [ 165.802495][ C0] ? prepare_to_swait_event+0x35c/0x3a0 [ 165.807880][ C0] ? console_conditional_schedule+0x10/0x10 [ 165.813599][ C0] ? run_local_timers+0x160/0x160 [ 165.818466][ C0] rcu_gp_kthread+0xea0/0x1d10 [ 165.823060][ C0] ? _raw_spin_unlock_irq+0x4a/0x60 [ 165.828100][ C0] ? dump_blkd_tasks+0x790/0x790 [ 165.832868][ C0] ? rcu_barrier_callback+0x50/0x50 [ 165.837908][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 165.842590][ C0] ? is_mmconf_reserved+0x430/0x430 [ 165.847626][ C0] ? __wake_up_locked+0xb7/0x110 [ 165.852402][ C0] ? __kthread_parkme+0xb0/0x1b0 [ 165.857172][ C0] kthread+0x2da/0x360 [ 165.861075][ C0] ? rcu_barrier_callback+0x50/0x50 [ 165.866109][ C0] ? kthread_blkcg+0xd0/0xd0 [ 165.870538][ C0] ret_from_fork+0x1f/0x30 [ 165.874801][ C0] NMI backtrace for cpu 0 [ 165.878958][ C0] CPU: 0 PID: 365 Comm: syz-executor159 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 165.888933][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 165.898829][ C0] Call Trace: [ 165.901953][ C0] [ 165.904647][ C0] dump_stack+0x1d8/0x241 [ 165.908811][ C0] ? panic+0x896/0x896 [ 165.912717][ C0] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 165.918013][ C0] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 165.923665][ C0] ? _raw_spin_lock+0x1b0/0x1b0 [ 165.928354][ C0] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 165.934246][ C0] nmi_trigger_cpumask_backtrace+0x28c/0x2d0 [ 165.940061][ C0] rcu_dump_cpu_stacks+0x183/0x280 [ 165.945006][ C0] rcu_sched_clock_irq+0xc5e/0x13f0 [ 165.950040][ C0] update_process_times+0x147/0x1b0 [ 165.955072][ C0] tick_sched_timer+0x22d/0x3c0 [ 165.959763][ C0] ? tick_setup_sched_timer+0x460/0x460 [ 165.965140][ C0] __hrtimer_run_queues+0x3e9/0xb90 [ 165.970179][ C0] ? hrtimer_interrupt+0x890/0x890 [ 165.975208][ C0] ? sched_clock+0x36/0x40 [ 165.979460][ C0] ? sched_clock_cpu+0x18/0x3a0 [ 165.984149][ C0] ? ktime_get+0xf9/0x130 [ 165.988316][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 165.994217][ C0] hrtimer_interrupt+0x38a/0x890 [ 165.998993][ C0] smp_apic_timer_interrupt+0x110/0x460 [ 166.004373][ C0] apic_timer_interrupt+0xf/0x20 [ 166.009141][ C0] [ 166.011922][ C0] ? snd_timer_notify1+0x341/0x490 [ 166.016870][ C0] ? _raw_spin_unlock_irqrestore+0x4d/0x80 [ 166.022509][ C0] ? snd_timer_stop1+0x793/0x8f0 [ 166.027285][ C0] ? snd_timer_close_locked+0x1aa/0x860 [ 166.032664][ C0] ? snd_timer_user_release+0x11a/0x230 [ 166.038045][ C0] ? snd_timer_user_open+0x180/0x180 [ 166.043168][ C0] ? percpu_counter_add_batch+0x14d/0x170 [ 166.048726][ C0] ? snd_timer_user_open+0x180/0x180 [ 166.053856][ C0] ? __fput+0x262/0x680 [ 166.057847][ C0] ? task_work_run+0x140/0x170 [ 166.062440][ C0] ? do_exit+0xcaf/0x2bc0 [ 166.066602][ C0] ? check_preemption_disabled+0x153/0x320 [ 166.072242][ C0] ? put_task_struct+0x80/0x80 [ 166.076841][ C0] ? syscall_trace_enter+0x650/0x940 [ 166.081976][ C0] ? do_group_exit+0x138/0x300 [ 166.086560][ C0] ? __x64_sys_exit_group+0x3b/0x40 [ 166.091593][ C0] ? do_syscall_64+0xca/0x1c0 [ 166.096111][ C0] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 287.957964][ C1] watchdog: BUG: soft lockup - CPU#1 stuck for 123s! [kworker/u4:1:9] [ 287.965949][ C1] Modules linked in: [ 287.969689][ C1] CPU: 1 PID: 9 Comm: kworker/u4:1 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 287.979231][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 287.989135][ C1] Workqueue: events_unbound toggle_allocation_gate [ 287.995465][ C1] RIP: 0010:smp_call_function_single+0x235/0x4a0 [ 288.001626][ C1] Code: 0f 85 df 01 00 00 44 8b 74 24 58 44 89 f6 83 e6 01 31 ff e8 6d b0 0a 00 41 83 e6 01 75 0a e8 72 ad 0a 00 e9 f4 00 00 00 f3 90 <42> 0f b6 04 2b 84 c0 75 15 f7 44 24 58 01 00 00 00 0f 84 d6 00 00 [ 288.021499][ C1] RSP: 0018:ffff8881f5dd78a0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 288.029742][ C1] RAX: ffffffff815999d1 RBX: 1ffff1103ebbaf1f RCX: ffff8881f5dcaf40 [ 288.037552][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 288.045363][ C1] RBP: ffff8881f5dd7990 R08: ffffffff815999a3 R09: ffffed103edcb189 [ 288.053184][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103ebbaf18 [ 288.060985][ C1] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 288.068798][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 288.077662][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 288.084098][ C1] CR2: 000055555578a338 CR3: 00000001e23c3000 CR4: 00000000003406a0 [ 288.092039][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 288.099794][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 288.107603][ C1] Call Trace: [ 288.110728][ C1] [ 288.113428][ C1] ? watchdog_timer_fn+0x53d/0x600 [ 288.118377][ C1] ? proc_watchdog_cpumask+0xc0/0xc0 [ 288.123500][ C1] ? __hrtimer_run_queues+0x3e9/0xb90 [ 288.128706][ C1] ? hrtimer_interrupt+0x890/0x890 [ 288.133646][ C1] ? ktime_get+0xf9/0x130 [ 288.137813][ C1] ? ktime_get_update_offsets_now+0x26c/0x280 [ 288.143714][ C1] ? hrtimer_interrupt+0x38a/0x890 [ 288.148663][ C1] ? smp_apic_timer_interrupt+0x110/0x460 [ 288.154385][ C1] ? apic_timer_interrupt+0xf/0x20 [ 288.159313][ C1] [ 288.162098][ C1] ? smp_call_function_single+0x223/0x4a0 [ 288.167668][ C1] ? smp_call_function_single+0x251/0x4a0 [ 288.173206][ C1] ? smp_call_function_single+0x235/0x4a0 [ 288.178758][ C1] ? text_poke_bp_batch+0x2b0/0x2b0 [ 288.183790][ C1] ? check_preemption_disabled+0x9f/0x320 [ 288.189348][ C1] ? generic_smp_call_function_single_interrupt+0x10/0x10 [ 288.196287][ C1] ? check_preemption_disabled+0x9f/0x320 [ 288.201841][ C1] ? text_poke_bp_batch+0x2b0/0x2b0 [ 288.206875][ C1] ? debug_smp_processor_id+0x20/0x20 [ 288.212084][ C1] ? check_preemption_disabled+0x9f/0x320 [ 288.217641][ C1] ? find_next_and_bit+0x156/0x190 [ 288.222588][ C1] ? cpumask_next_and+0x11/0x30 [ 288.227275][ C1] smp_call_function_many+0x6fe/0x9b0 [ 288.232485][ C1] ? cpumask_any_but+0x9c/0xb0 [ 288.237081][ C1] ? text_poke_bp_batch+0x2b0/0x2b0 [ 288.242115][ C1] ? flush_tlb_mm_range+0x214/0x2b0 [ 288.247147][ C1] ? smp_call_function_any+0x190/0x190 [ 288.252442][ C1] ? _raw_spin_unlock+0x49/0x60 [ 288.257131][ C1] ? text_poke_bp_batch+0x2b0/0x2b0 [ 288.262159][ C1] on_each_cpu+0xa5/0x1a0 [ 288.266327][ C1] ? text_poke+0x10/0x10 [ 288.270406][ C1] ? smp_call_function+0x90/0x90 [ 288.275184][ C1] ? enqueue_task_fair+0xaac/0x1e40 [ 288.280218][ C1] text_poke_bp_batch+0x11a/0x2b0 [ 288.285080][ C1] ? patch_cmp+0x40/0x40 [ 288.289157][ C1] arch_jump_label_transform_apply+0x27/0x40 [ 288.294969][ C1] static_key_enable_cpuslocked+0x12c/0x240 [ 288.300699][ C1] static_key_enable+0x16/0x20 [ 288.305298][ C1] toggle_allocation_gate+0xb1/0x240 [ 288.310422][ C1] ? kfence_protect+0x1e0/0x1e0 [ 288.315110][ C1] ? cpus_share_cache+0x110/0x110 [ 288.319966][ C1] ? __schedule+0xb0d/0x1320 [ 288.324402][ C1] ? _raw_spin_lock_irqsave+0x210/0x210 [ 288.329778][ C1] ? read_word_at_a_time+0xe/0x20 [ 288.334639][ C1] ? strscpy+0x89/0x220 [ 288.338629][ C1] process_one_work+0x765/0xd20 [ 288.343321][ C1] worker_thread+0xaef/0x1470 [ 288.347834][ C1] kthread+0x2da/0x360 [ 288.351730][ C1] ? worker_clr_flags+0x170/0x170 [ 288.356590][ C1] ? kthread_blkcg+0xd0/0xd0 [ 288.361024][ C1] ret_from_fork+0x1f/0x30