./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2627584369 <...> Warning: Permanently added '10.128.1.48' (ED25519) to the list of known hosts. execve("./syz-executor2627584369", ["./syz-executor2627584369"], 0x7ffe662b8110 /* 10 vars */) = 0 brk(NULL) = 0x555556f8e000 brk(0x555556f8ed00) = 0x555556f8ed00 arch_prctl(ARCH_SET_FS, 0x555556f8e380) = 0 set_tid_address(0x555556f8e650) = 358 set_robust_list(0x555556f8e660, 24) = 0 rseq(0x555556f8eca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2627584369", 4096) = 28 getrandom("\x4f\xfc\x6f\xdb\xb1\x31\xf4\x2b", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556f8ed00 brk(0x555556fafd00) = 0x555556fafd00 brk(0x555556fb0000) = 0x555556fb0000 mprotect(0x7f49abdf1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f8e650) = 359 ./strace-static-x86_64: Process 359 attached [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] set_robust_list(0x555556f8e660, 24./strace-static-x86_64: Process 360 attached ) = 0 [pid 358] <... clone resumed>, child_tidptr=0x555556f8e650) = 360 [pid 360] set_robust_list(0x555556f8e660, 24 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 361 attached , child_tidptr=0x555556f8e650) = 361 [pid 360] <... set_robust_list resumed>) = 0 [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 359] <... clone resumed>, child_tidptr=0x555556f8e650) = 362 [pid 361] set_robust_list(0x555556f8e660, 24 [pid 358] <... clone resumed>, child_tidptr=0x555556f8e650) = 363 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 358] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] <... set_robust_list resumed>) = 0 [pid 358] <... clone resumed>, child_tidptr=0x555556f8e650) = 364 [pid 360] <... clone resumed>, child_tidptr=0x555556f8e650) = 365 ./strace-static-x86_64: Process 364 attached ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555556f8e660, 24 [pid 364] set_robust_list(0x555556f8e660, 24) = 0 [pid 365] <... set_robust_list resumed>) = 0 [pid 364] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 364] <... clone resumed>, child_tidptr=0x555556f8e650) = 366 ./strace-static-x86_64: Process 366 attached [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] set_robust_list(0x555556f8e660, 24 [pid 365] <... prctl resumed>) = 0 [pid 365] setpgid(0, 0 [pid 366] <... set_robust_list resumed>) = 0 [pid 365] <... setpgid resumed>) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 367 attached [pid 366] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 361] <... clone resumed>, child_tidptr=0x555556f8e650) = 367 ./strace-static-x86_64: Process 363 attached [pid 363] set_robust_list(0x555556f8e660, 24) = 0 [pid 363] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f8e650) = 368 [pid 365] <... openat resumed>) = 3 [pid 365] write(3, "1000", 4 [pid 366] <... prctl resumed>) = 0 [pid 367] set_robust_list(0x555556f8e660, 24 [pid 365] <... write resumed>) = 4 ./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555556f8e660, 24) = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0) = 0 [pid 367] <... set_robust_list resumed>) = 0 [pid 366] setpgid(0, 0 [pid 365] close(3) = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] <... setpgid resumed>) = 0 [pid 365] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 365] <... openat resumed>) = 3 [pid 362] <... openat resumed>) = 3 [pid 362] write(3, "1000", 4 [pid 365] close(3 [pid 362] <... write resumed>) = 4 [pid 365] <... close resumed>) = 0 [pid 365] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 362] close(3) = 0 [pid 365] <... openat resumed>) = 3 [pid 362] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 3 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100./strace-static-x86_64: Process 368 attached [pid 367] <... prctl resumed>) = 0 [pid 366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 365] <... ioctl resumed>) = 0 [pid 362] close(3 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 365] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 362] <... close resumed>) = 0 [pid 362] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 365] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 362] <... openat resumed>) = 3 [pid 366] <... openat resumed>) = 3 [pid 365] <... ioctl resumed>) = 0 [pid 365] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 366] write(3, "1000", 4 [pid 362] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 366] <... write resumed>) = 4 [pid 365] <... ioctl resumed>) = 0 [pid 362] <... ioctl resumed>) = 0 [pid 365] ioctl(3, SNDRV_TIMER_IOCTL_CONTINUE, 0 [pid 366] close(3 [pid 365] <... ioctl resumed>) = 0 [pid 366] <... close resumed>) = 0 [pid 365] exit_group(0) = ? [pid 362] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 362] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 362] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 365] +++ exited with 0 +++ [pid 362] <... ioctl resumed>) = 0 [pid 362] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 366] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 360] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 362] <... ioctl resumed>) = 0 [pid 360] restart_syscall(<... resuming interrupted clone ...> [pid 366] <... openat resumed>) = 3 [pid 362] ioctl(3, SNDRV_TIMER_IOCTL_CONTINUE, 0) = 0 [pid 362] exit_group(0) = ? [pid 366] close(3) = 0 [pid 366] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 360] <... restart_syscall resumed>) = 0 [pid 366] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 360] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 369 attached [pid 368] set_robust_list(0x555556f8e660, 24 [pid 367] setpgid(0, 0 [pid 366] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 362] +++ exited with 0 +++ [pid 366] <... ioctl resumed>) = 0 [pid 360] <... clone resumed>, child_tidptr=0x555556f8e650) = 369 [pid 359] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=362, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 367] <... setpgid resumed>) = 0 [pid 366] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 366] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 359] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 370 attached [pid 369] set_robust_list(0x555556f8e660, 24 [pid 368] <... set_robust_list resumed>) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 366] <... ioctl resumed>) = 0 [pid 366] ioctl(4, SNDRV_TIMER_IOCTL_START, 0 [pid 359] <... clone resumed>, child_tidptr=0x555556f8e650) = 370 [pid 366] <... ioctl resumed>) = 0 [pid 366] ioctl(3, SNDRV_TIMER_IOCTL_CONTINUE, 0) = 0 [pid 366] exit_group(0) = ? [pid 370] set_robust_list(0x555556f8e660, 24 [pid 369] <... set_robust_list resumed>) = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 367] <... openat resumed>) = 3 [pid 366] +++ exited with 0 +++ [pid 364] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=366, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- [pid 364] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 368] <... prctl resumed>) = 0 [pid 367] write(3, "1000", 4 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 370] <... set_robust_list resumed>) = 0 [pid 364] <... clone resumed>, child_tidptr=0x555556f8e650) = 371 ./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x555556f8e660, 24 [pid 368] setpgid(0, 0 [pid 371] <... set_robust_list resumed>) = 0 [pid 371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 371] setpgid(0, 0 [pid 368] <... setpgid resumed>) = 0 [pid 367] <... write resumed>) = 4 [pid 371] <... setpgid resumed>) = 0 [pid 371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 371] write(3, "1000", 4) = 4 [pid 371] close(3) = 0 [pid 371] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 3 [pid 371] close(3 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 367] close(3 [pid 371] <... close resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 368] <... openat resumed>) = 3 [pid 368] write(3, "1000", 4 [pid 367] <... close resumed>) = 0 [pid 371] <... openat resumed>) = 3 [pid 371] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 368] <... write resumed>) = 4 [pid 371] <... ioctl resumed>) = 0 [pid 371] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 368] close(3 [pid 367] <... openat resumed>) = 3 [pid 371] <... ioctl resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 371] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 371] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 371] ioctl(3, SNDRV_TIMER_IOCTL_CONTINUE, 0) = 0 [pid 371] exit_group(0 [pid 367] close(3 [pid 371] <... exit_group resumed>) = ? [pid 368] <... close resumed>) = 0 [pid 367] <... close resumed>) = 0 [pid 367] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 368] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 367] <... openat resumed>) = 3 [pid 368] <... openat resumed>) = 3 [pid 367] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 368] close(3 [pid 367] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 368] <... close resumed>) = 0 [pid 367] <... ioctl resumed>) = 0 [pid 369] <... prctl resumed>) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 368] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 367] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY [pid 369] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 368] <... openat resumed>) = 3 [pid 369] <... openat resumed>) = 3 [pid 367] <... openat resumed>) = 4 [pid 368] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 369] close(3 [pid 368] <... ioctl resumed>) = 0 [pid 367] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100 [pid 369] <... close resumed>) = 0 [pid 369] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 3 [pid 369] ioctl(3, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 369] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440) = 0 [pid 369] openat(AT_FDCWD, "/dev/snd/timer", O_RDONLY) = 4 [pid 369] ioctl(4, SNDRV_TIMER_IOCTL_SELECT, 0x20000100) = 0 [pid 369] ioctl(4, SNDRV_TIMER_IOCTL_START, 0) = 0 [pid 369] ioctl(3, SNDRV_TIMER_IOCTL_CONTINUE, 0) = 0 [pid 368] ioctl(3, SNDRV_TIMER_IOCTL_PARAMS, 0x20000440 [pid 367] <... ioctl resumed>) = 0 [ 26.375144][ T23] audit: type=1400 audit(1712453492.819:66): avc: denied { execmem } for pid=358 comm="syz-executor262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 178.216934][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 122s! [kworker/u4:0:7] [ 178.225676][ C0] Modules linked in: [ 178.229490][ C0] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.4.268-syzkaller-00012-gd0d34dcb02cc #0 [ 178.239521][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 178.249961][ C0] Workqueue: events_unbound toggle_allocation_gate [ 178.257084][ C0] RIP: 0010:smp_call_function_single+0x23a/0x4a0 [ 178.263952][ C0] Code: 00 44 8b 74 24 58 44 89 f6 83 e6 01 31 ff e8 6d b0 0a 00 41 83 e6 01 75 0a e8 72 ad 0a 00 e9 f4 00 00 00 f3 90 42 0f b6 04 2b <84> c0 75 15 f7 44 24 58 01 00 00 00 0f 84 d6 00 00 00 e8 4f ad 0a [ 178.286369][ C0] RSP: 0018:ffff8881f5dbf8a0 EFLAGS: 00000293 ORIG_RAX: ffffffffffffff13 [ 178.296316][ C0] RAX: 0000000000000000 RBX: 1ffff1103ebb7f1f RCX: ffff8881f5d62f40 [ 178.306061][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 178.314234][ C0] RBP: ffff8881f5dbf990 R08: ffffffff815999a3 R09: ffffed103edeb189 [ 178.323740][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1103ebb7f18 [ 178.333010][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 178.341392][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 178.351164][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.358855][ C0] CR2: 00007f49abd4c6a0 CR3: 00000001dc67b000 CR4: 00000000003406b0 [ 178.367786][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 178.376750][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 178.389373][ C0] Call Trace: [ 178.392713][ C0] [ 178.395594][ C0] ? watchdog_timer_fn+0x53d/0x600 [ 178.402125][ C0] ? proc_watchdog_cpumask+0xc0/0xc0 [ 178.407756][ C0] ? __hrtimer_run_queues+0x3e9/0xb90 [ 178.413239][ C0] ? hrtimer_interrupt+0x890/0x890 [ 178.421017][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 178.427662][ C0] ? sched_clock+0x36/0x40 [ 178.433261][ C0] ? ktime_get+0xf9/0x130 [ 178.437558][ C0] ? ktime_get_update_offsets_now+0x26c/0x280 [ 178.443751][ C0] ? hrtimer_interrupt+0x38a/0x890 [ 178.448760][ C0] ? smp_apic_timer_interrupt+0x110/0x460 [ 178.454667][ C0] ? apic_timer_interrupt+0xf/0x20 [ 178.459870][ C0] [ 178.462656][ C0] ? smp_call_function_single+0x223/0x4a0 [ 178.469112][ C0] ? smp_call_function_single+0x23a/0x4a0 [ 178.474947][ C0] ? text_poke_bp_batch+0x2b0/0x2b0 [ 178.481508][ C0] ? check_preemption_disabled+0x9f/0x320 [ 178.488340][ C0] ? generic_smp_call_function_single_interrupt+0x10/0x10 [ 178.496174][ C0] ? check_preemption_disabled+0x9f/0x320 [ 178.502712][ C0] ? text_poke_bp_batch+0x2b0/0x2b0 [ 178.508435][ C0] ? debug_smp_processor_id+0x20/0x20 [ 178.514297][ C0] ? check_preemption_disabled+0x9f/0x320 [ 178.521375][ C0] ? find_next_and_bit+0x156/0x190 [ 178.526633][ C0] ? cpumask_next_and+0x11/0x30 [ 178.531516][ C0] smp_call_function_many+0x6fe/0x9b0 [ 178.537926][ C0] ? cpumask_any_but+0x9c/0xb0 [ 178.542518][ C0] ? text_poke_bp_batch+0x2b0/0x2b0 [ 178.547884][ C0] ? flush_tlb_mm_range+0x214/0x2b0 [ 178.553121][ C0] ? smp_call_function_any+0x190/0x190 [ 178.558981][ C0] ? _raw_spin_unlock+0x49/0x60 [ 178.563877][ C0] ? text_poke_bp_batch+0x2b0/0x2b0 [ 178.569150][ C0] on_each_cpu+0xa5/0x1a0 [ 178.573688][ C0] ? text_poke+0x10/0x10 [ 178.577953][ C0] ? _raw_spin_lock+0xa4/0x1b0 [ 178.582556][ C0] ? smp_call_function+0x90/0x90 [ 178.587842][ C0] ? kvm_sched_clock_read+0x14/0x40 [ 178.593438][ C0] ? sched_clock+0x36/0x40 [ 178.597730][ C0] text_poke_bp_batch+0x11a/0x2b0 [ 178.603308][ C0] ? patch_cmp+0x40/0x40 [ 178.607733][ C0] arch_jump_label_transform_apply+0x27/0x40 [ 178.613926][ C0] static_key_enable_cpuslocked+0x12c/0x240 [ 178.620578][ C0] static_key_enable+0x16/0x20 [ 178.626060][ C0] toggle_allocation_gate+0xb1/0x240 [ 178.631749][ C0] ? kfence_protect+0x1e0/0x1e0 [ 178.636417][ C0] ? __schedule+0xb0d/0x1320 [ 178.641162][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 178.647352][ C0] ? read_word_at_a_time+0xe/0x20 [ 178.653363][ C0] ? strscpy+0x89/0x220 [ 178.658114][ C0] process_one_work+0x765/0xd20 [ 178.663868][ C0] worker_thread+0xaef/0x1470 [ 178.669468][ C0] kthread+0x2da/0x360 [ 178.673404][ C0] ? worker_clr_flags+0x170/0x170 [ 178.678454][ C0] ? kthread_blkcg+0xd0/0xd0 [ 178.683217][ C0] ret_from_fork+0x1f/0x30