./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1268651320
<...>
Warning: Permanently added '10.128.1.43' (ED25519) to the list of known hosts.
execve("./syz-executor1268651320", ["./syz-executor1268651320"], 0x7ffc567d1350 /* 10 vars */) = 0
brk(NULL) = 0x555556955000
brk(0x555556955d00) = 0x555556955d00
arch_prctl(ARCH_SET_FS, 0x555556955380) = 0
set_tid_address(0x555556955650) = 5018
set_robust_list(0x555556955660, 24) = 0
rseq(0x555556955ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1268651320", 4096) = 28
getrandom("\x77\xf1\x46\xa4\xfc\xc0\x82\xab", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555556955d00
brk(0x555556976d00) = 0x555556976d00
brk(0x555556977000) = 0x555556977000
mprotect(0x7f2446e92000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5019 attached
, child_tidptr=0x555556955650) = 5019
[pid 5019] set_robust_list(0x555556955660, 24) = 0
[pid 5019] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5019] setsid() = 1
[pid 5019] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5019] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5019] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5019] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5019] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5019] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5019] unshare(CLONE_NEWNS) = 0
[pid 5019] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5019] unshare(CLONE_NEWIPC) = 0
[pid 5019] unshare(CLONE_NEWCGROUP) = 0
[pid 5019] unshare(CLONE_NEWUTS) = 0
[pid 5019] unshare(CLONE_SYSVSEM) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "16777216", 8) = 8
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "536870912", 9) = 9
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1024", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "8192", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1024", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1024", 4) = 4
[pid 5019] close(3) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5019] close(3) = 0
[pid 5019] getpid() = 1
[pid 5019] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5019] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5019] unshare(CLONE_NEWNET) = 0
[pid 5019] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5019] write(3, "0 65535", 7) = 7
[pid 5019] close(3) = 0
[pid 5019] mkdir("/dev/binderfs", 0777) = 0
[pid 5019] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5019] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5019] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556955650) = 2
./strace-static-x86_64: Process 5022 attached
[pid 5022] set_robust_list(0x555556955660, 24) = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] openat(AT_FDCWD, "/dev/bus/usb/009/001", O_WRONLY|O_TRUNC|O_NONBLOCK|O_NOFOLLOW) = 3
[pid 5022] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
[pid 5022] openat(AT_FDCWD, "/sys/devices/platform/vhci_hcd.0/attach", O_WRONLY|O_CLOEXEC) = 6
[pid 5022] write(6, "0 4 0 3", 7) = 7
[pid 5022] close(6) = 0
syzkaller login: [ 40.326043][ T5022] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 40.332619][ T5022] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 40.340767][ T5022] vhci_hcd vhci_hcd.0: Device attached
[ 40.716018][ T27] usb 9-1: new high-speed USB device number 2 using vhci_hcd
[pid 5022] close(3 <unfinished ...>
[pid 5019] kill(-2, SIGKILL) = 0
[pid 5019] kill(2, SIGKILL) = 0
[pid 5019] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid 5019] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid 5019] getdents64(3, 0x5555569566f0 /* 2 entries */, 32768) = 48
[pid 5019] getdents64(3, 0x5555569566f0 /* 0 entries */, 32768) = 0
[pid 5019] close(3) = 0
[ 70.699006][ T3633] cfg80211: failed to load regulatory.db
[ 285.735817][ T28] INFO: task kworker/1:1:27 blocked for more than 143 seconds.
[ 285.743484][ T28] Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0
[ 285.751101][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 285.759820][ T28] task:kworker/1:1 state:D stack:26640 pid:27 ppid:2 flags:0x00004000
[ 285.769069][ T28] Workqueue: usb_hub_wq hub_event
[ 285.774136][ T28] Call Trace:
[ 285.777449][ T28] <TASK>
[ 285.780380][ T28] __schedule+0xee1/0x59f0
[ 285.784779][ T28] ? asm_sysvec_irq_work+0x1a/0x20
[ 285.789913][ T28] ? find_held_lock+0x2d/0x110
[ 285.794708][ T28] ? io_schedule_timeout+0x150/0x150
[ 285.800033][ T28] ? reacquire_held_locks+0x4b0/0x4b0
[ 285.805453][ T28] ? _raw_spin_unlock_irq+0x23/0x50
[ 285.810676][ T28] ? lockdep_hardirqs_on+0x7d/0x100
[ 285.815910][ T28] schedule+0xe7/0x1b0
[ 285.819966][ T28] usb_kill_urb.part.0+0x1c6/0x250
[ 285.825077][ T28] ? usb_anchor_suspend_wakeups+0x40/0x40
[ 285.830843][ T28] ? prepare_to_swait_exclusive+0x240/0x240
[ 285.836777][ T28] ? preempt_count_sub+0x150/0x150
[ 285.841882][ T28] usb_kill_urb+0x83/0xa0
[ 285.846235][ T28] usb_start_wait_urb+0x251/0x4c0
[ 285.851277][ T28] ? usb_api_blocking_completion+0xa0/0xa0
[ 285.857145][ T28] ? rcu_is_watching+0x12/0xb0
[ 285.861927][ T28] usb_control_msg+0x327/0x4a0
[ 285.866723][ T28] ? usb_start_wait_urb+0x4c0/0x4c0
[ 285.871937][ T28] ? hub_port_init+0x12b0/0x3850
[ 285.876938][ T28] hub_port_init+0x131c/0x3850
[ 285.881739][ T28] hub_event+0x2e34/0x5230
[ 285.886228][ T28] ? hub_port_debounce+0x3d0/0x3d0
[ 285.891461][ T28] ? reacquire_held_locks+0x4b0/0x4b0
[ 285.896900][ T28] ? spin_bug+0x1d0/0x1d0
[ 285.901243][ T28] process_one_work+0xaa2/0x16f0
[ 285.906214][ T28] ? lock_sync+0x190/0x190
[ 285.910640][ T28] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 285.916060][ T28] ? spin_bug+0x1d0/0x1d0
[ 285.920404][ T28] worker_thread+0x687/0x1110
[ 285.925069][ T28] ? __kthread_parkme+0x152/0x220
[ 285.930137][ T28] ? process_one_work+0x16f0/0x16f0
[ 285.935344][ T28] kthread+0x33a/0x430
[ 285.939453][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 285.945243][ T28] ret_from_fork+0x2c/0x70
[ 285.949693][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 285.955335][ T28] ret_from_fork_asm+0x11/0x20
[ 285.960150][ T28] RIP: 0000:0x0
[ 285.963612][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 285.971003][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 285.979447][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 285.987453][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 285.995427][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 286.003546][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 286.011569][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 286.019606][ T28] </TASK>
[ 286.022742][ T28] INFO: task syz-executor126:5022 blocked for more than 143 seconds.
[ 286.030831][ T28] Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0
[ 286.038485][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 286.047223][ T28] task:syz-executor126 state:D stack:26464 pid:5022 ppid:5019 flags:0x00004006
[ 286.056502][ T28] Call Trace:
[ 286.059761][ T28] <TASK>
[ 286.062670][ T28] __schedule+0xee1/0x59f0
[ 286.067120][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 286.073120][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 286.079166][ T28] ? print_usage_bug.part.0+0x670/0x670
[ 286.084729][ T28] ? io_schedule_timeout+0x150/0x150
[ 286.090065][ T28] ? __mutex_lock+0x962/0x1340
[ 286.094844][ T28] schedule+0xe7/0x1b0
[ 286.098963][ T28] schedule_preempt_disabled+0x13/0x20
[ 286.104423][ T28] __mutex_lock+0x967/0x1340
[ 286.109037][ T28] ? usbdev_release+0x87/0x4b0
[ 286.113816][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 286.119398][ T28] ? __fsnotify_parent+0x4fc/0xa10
[ 286.124511][ T28] ? __fsnotify_update_child_dentry_flags+0x360/0x360
[ 286.131307][ T28] ? locks_remove_file+0x399/0x5a0
[ 286.136500][ T28] ? free_async+0x520/0x520
[ 286.140995][ T28] ? usbdev_release+0x87/0x4b0
[ 286.145782][ T28] ? task_work_run+0x127/0x240
[ 286.150566][ T28] usbdev_release+0x87/0x4b0
[ 286.155173][ T28] ? free_async+0x520/0x520
[ 286.159741][ T28] __fput+0x3fd/0xac0
[ 286.163725][ T28] task_work_run+0x14d/0x240
[ 286.168433][ T28] ? task_work_cancel+0x30/0x30
[ 286.173297][ T28] ptrace_notify+0x10c/0x130
[ 286.177925][ T28] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 286.184271][ T28] syscall_exit_to_user_mode+0xd/0x50
[ 286.189671][ T28] do_syscall_64+0x44/0xb0
[ 286.194088][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 286.200030][ T28] RIP: 0033:0x7f2446e1e0e0
[ 286.204438][ T28] RSP: 002b:00007ffc83e9f8b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000003
[ 286.212882][ T28] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f2446e1e0e0
[ 286.220895][ T28] RDX: 0000000000000007 RSI: 00007ffc83e9f3f0 RDI: 0000000000000003
[ 286.228889][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 286.236893][ T28] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000f4240
[ 286.244844][ T28] R13: 00007ffc83e9fb68 R14: 0000000000000001 R15: 00007ffc83e9f900
[ 286.252856][ T28] </TASK>
[ 286.255918][ T28]
[ 286.255918][ T28] Showing all locks held in the system:
[ 286.264387][ T28] 1 lock held by rcu_tasks_kthre/13:
[ 286.269727][ T28] #0: ffffffff8c9a5830 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 286.280278][ T28] 1 lock held by rcu_tasks_trace/14:
[ 286.285570][ T28] #0: ffffffff8c9a5530 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 286.296614][ T28] 5 locks held by kworker/1:1/27:
[ 286.301637][ T28] #0: ffff888147e61538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x96a/0x16f0
[ 286.312385][ T28] #1: ffffc90000a3fd80 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x99e/0x16f0
[ 286.323696][ T28] #2: ffff888142f1f190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1c8/0x5230
[ 286.332712][ T28] #3: ffff888142f2b508 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x2a54/0x5230
[ 286.342736][ T28] #4: ffff888142bb4c68 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x2a7d/0x5230
[ 286.352432][ T28] 1 lock held by khungtaskd/28:
[ 286.357327][ T28] #0: ffffffff8c9a6440 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[ 286.367263][ T28] 2 locks held by getty/4771:
[ 286.371942][ T28] #0: ffff88814acee098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 286.381747][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480
[ 286.391884][ T28] 1 lock held by syz-executor126/5022:
[ 286.397393][ T28] #0: ffff888142f1f190 (&dev->mutex){....}-{3:3}, at: usbdev_release+0x87/0x4b0
[ 286.406590][ T28]
[ 286.409375][ T28] =============================================
[ 286.409375][ T28]
[ 286.417849][ T28] NMI backtrace for cpu 1
[ 286.422172][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0
[ 286.431972][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 286.442005][ T28] Call Trace:
[ 286.445262][ T28] <TASK>
[ 286.448176][ T28] dump_stack_lvl+0xd9/0x1b0
[ 286.452749][ T28] nmi_cpu_backtrace+0x277/0x380
[ 286.457673][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 286.462855][ T28] nmi_trigger_cpumask_backtrace+0x2ac/0x310
[ 286.468822][ T28] watchdog+0xf29/0x11b0
[ 286.473047][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.479013][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.484974][ T28] kthread+0x33a/0x430
[ 286.489020][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.494627][ T28] ret_from_fork+0x2c/0x70
[ 286.499025][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.504632][ T28] ret_from_fork_asm+0x11/0x20
[ 286.509635][ T28] RIP: 0000:0x0
[ 286.513076][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 286.520424][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 286.529093][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 286.537054][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 286.545012][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 286.552980][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 286.560940][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 286.568907][ T28] </TASK>
[ 286.571998][ T28] Sending NMI from CPU 1 to CPUs 0:
[ 286.577265][ C0] NMI backtrace for cpu 0
[ 286.577272][ C0] CPU: 0 PID: 2435 Comm: kworker/u4:5 Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0
[ 286.577286][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 286.577294][ C0] Workqueue: events_unbound toggle_allocation_gate
[ 286.577312][ C0] RIP: 0010:smp_call_function_many_cond+0x4db/0x1570
[ 286.577333][ C0] Code: 4d 48 b8 00 00 00 00 00 fc ff df 4d 89 fc 4c 89 fd 49 c1 ec 03 83 e5 07 49 01 c4 83 c5 03 e8 1c 5f 0b 00 f3 90 41 0f b6 04 24 <40> 38 c5 7c 08 84 c0 0f 85 3c 0e 00 00 8b 43 08 31 ff 83 e0 01 41
[ 286.577345][ C0] RSP: 0018:ffffc9000ac1f938 EFLAGS: 00000293
[ 286.577354][ C0] RAX: 0000000000000000 RBX: ffff8880b9943020 RCX: 0000000000000000
[ 286.577362][ C0] RDX: ffff888027bebb80 RSI: ffffffff817b1264 RDI: 0000000000000005
[ 286.577370][ C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000
[ 286.577377][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffffed1017328605
[ 286.577384][ C0] R13: 0000000000000001 R14: ffff8880b983d580 R15: ffff8880b9943028
[ 286.577395][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 286.577407][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.577415][ C0] CR2: 0000565463ead680 CR3: 000000000c776000 CR4: 0000000000350ef0
[ 286.577423][ C0] Call Trace:
[ 286.577427][ C0] <NMI>
[ 286.577431][ C0] ? nmi_cpu_backtrace+0x1d4/0x380
[ 286.577454][ C0] ? smp_call_function_many_cond+0x4db/0x1570
[ 286.577471][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10
[ 286.577490][ C0] ? nmi_handle+0x145/0x400
[ 286.577505][ C0] ? irqentry_nmi_enter+0x7f/0x90
[ 286.577521][ C0] ? smp_call_function_many_cond+0x4db/0x1570
[ 286.577538][ C0] ? default_do_nmi+0x69/0x160
[ 286.577551][ C0] ? exc_nmi+0x171/0x1e0
[ 286.577564][ C0] ? end_repeat_nmi+0x16/0x31
[ 286.577579][ C0] ? smp_call_function_many_cond+0x4d4/0x1570
[ 286.577596][ C0] ? smp_call_function_many_cond+0x4db/0x1570
[ 286.577613][ C0] ? smp_call_function_many_cond+0x4db/0x1570
[ 286.577631][ C0] ? smp_call_function_many_cond+0x4db/0x1570
[ 286.577648][ C0] </NMI>
[ 286.577651][ C0] <TASK>
[ 286.577655][ C0] ? __text_poke+0x8a0/0x8a0
[ 286.577669][ C0] ? generic_smp_call_function_single_interrupt+0x20/0x20
[ 286.577688][ C0] ? apply_relocation+0x680/0x680
[ 286.577699][ C0] ? rcu_is_watching+0x12/0xb0
[ 286.577720][ C0] ? __text_poke+0x8a0/0x8a0
[ 286.577731][ C0] ? __kmem_cache_alloc_node+0xc9/0x350
[ 286.577747][ C0] on_each_cpu_cond_mask+0x40/0x90
[ 286.577764][ C0] text_poke_bp_batch+0x250/0x780
[ 286.577777][ C0] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 286.577793][ C0] ? do_sync_core+0x30/0x30
[ 286.577804][ C0] ? __jump_label_patch+0x17c/0x340
[ 286.577822][ C0] ? arch_jump_label_transform_queue+0xa3/0x100
[ 286.577843][ C0] text_poke_finish+0x1a/0x30
[ 286.577855][ C0] arch_jump_label_transform_apply+0x17/0x30
[ 286.577873][ C0] jump_label_update+0x32e/0x410
[ 286.577890][ C0] static_key_disable_cpuslocked+0x154/0x1b0
[ 286.577906][ C0] static_key_disable+0x1a/0x20
[ 286.577921][ C0] toggle_allocation_gate+0x13f/0x250
[ 286.577939][ C0] ? wake_up_kfence_timer+0x30/0x30
[ 286.577951][ C0] ? spin_bug+0x1d0/0x1d0
[ 286.577971][ C0] process_one_work+0xaa2/0x16f0
[ 286.577988][ C0] ? lock_sync+0x190/0x190
[ 286.578003][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 286.578019][ C0] ? spin_bug+0x1d0/0x1d0
[ 286.578037][ C0] worker_thread+0x687/0x1110
[ 286.578054][ C0] ? __kthread_parkme+0x152/0x220
[ 286.578066][ C0] ? process_one_work+0x16f0/0x16f0
[ 286.578081][ C0] kthread+0x33a/0x430
[ 286.578093][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 286.578108][ C0] ret_from_fork+0x2c/0x70
[ 286.578122][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 286.578135][ C0] ret_from_fork_asm+0x11/0x20
[ 286.578153][ C0] RIP: 0000:0x0
[ 286.578167][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 286.578173][ C0] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 286.578183][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 286.578191][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 286.578198][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 286.578205][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 286.578212][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 286.578223][ C0] </TASK>
[ 286.578270][ T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 287.017626][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-syzkaller-00019-g74f1456c4a5f #0
[ 287.027415][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[ 287.037455][ T28] Call Trace:
[ 287.040723][ T28] <TASK>
[ 287.043644][ T28] dump_stack_lvl+0xd9/0x1b0
[ 287.048232][ T28] panic+0x6a4/0x750
[ 287.052120][ T28] ? panic_smp_self_stop+0xa0/0xa0
[ 287.057225][ T28] ? irq_work_claim+0x76/0x90
[ 287.061896][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 287.067097][ T28] ? irq_work_queue+0x2a/0x70
[ 287.071769][ T28] ? __wake_up_klogd.part.0+0x99/0xf0
[ 287.077132][ T28] ? watchdog+0xce1/0x11b0
[ 287.081541][ T28] watchdog+0xcf2/0x11b0
[ 287.085778][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 287.091754][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 287.097725][ T28] kthread+0x33a/0x430
[ 287.101784][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 287.107402][ T28] ret_from_fork+0x2c/0x70
[ 287.111809][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 287.117431][ T28] ret_from_fork_asm+0x11/0x20
[ 287.122187][ T28] RIP: 0000:0x0
[ 287.125638][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[ 287.132985][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[ 287.141385][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 287.149345][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 287.157303][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 287.165260][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 287.173218][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 287.181185][ T28] </TASK>
[ 287.185050][ T28] Kernel Offset: disabled
[ 287.189447][ T28] Rebooting in 86400 seconds..