./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1643865654 <...> syzkaller syzkaller login: [ 60.845933][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 60.845952][ T26] audit: type=1400 audit(1683451094.350:77): avc: denied { transition } for pid=4844 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 60.875490][ T26] audit: type=1400 audit(1683451094.350:78): avc: denied { noatsecure } for pid=4844 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 60.897494][ T26] audit: type=1400 audit(1683451094.400:79): avc: denied { write } for pid=4844 comm="sh" path="pipe:[29191]" dev="pipefs" ino=29191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 60.920343][ T26] audit: type=1400 audit(1683451094.400:80): avc: denied { rlimitinh } for pid=4844 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 60.939522][ T26] audit: type=1400 audit(1683451094.400:81): avc: denied { siginh } for pid=4844 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 61.779922][ T26] audit: type=1400 audit(1683451095.280:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 Warning: Permanently added '10.128.1.158' (ECDSA) to the list of known hosts. execve("./syz-executor1643865654", ["./syz-executor1643865654"], 0x7fff1777f7a0 /* 10 vars */) = 0 brk(NULL) = 0x5555558e0000 brk(0x5555558e0c40) = 0x5555558e0c40 arch_prctl(ARCH_SET_FS, 0x5555558e0300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555558e05d0) = 4995 set_robust_list(0x5555558e05e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fd887fe1420, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fd887fe1af0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fd887fe14c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd887fe1af0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 79.593105][ T26] audit: type=1400 audit(1683451113.100:83): avc: denied { write } for pid=4992 comm="strace-static-x" path="pipe:[30148]" dev="pipefs" ino=30148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1643865654", 4096) = 28 brk(0x555555901c40) = 0x555555901c40 brk(0x555555902000) = 0x555555902000 mprotect(0x7fd8880a2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558e05d0) = 4996 ./strace-static-x86_64: Process 4996 attached [pid 4996] set_robust_list(0x5555558e05e0, 24) = 0 [pid 4996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4996] setpgid(0, 0) = 0 [pid 4996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4996] write(3, "1000", 4) = 4 [pid 4996] close(3) = 0 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 4996] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4996] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4997], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 4997 [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 4997 attached [pid 4997] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 4997] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 4997] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] <... futex resumed>) = 0 [ 79.623708][ T26] audit: type=1400 audit(1683451113.130:84): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.647333][ T26] audit: type=1400 audit(1683451113.130:85): avc: denied { open } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... futex resumed>) = 1 [pid 4997] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 4997] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] <... futex resumed>) = 0 [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... futex resumed>) = 1 [pid 4997] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 4997] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 4996] <... futex resumed>) = 0 [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... futex resumed>) = 1 [pid 4997] ioctl(6, NBD_SET_SOCK, 4) = 0 [ 79.672683][ T26] audit: type=1400 audit(1683451113.130:86): avc: denied { getattr } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 79.697316][ T26] audit: type=1400 audit(1683451113.150:87): avc: denied { execmem } for pid=4995 comm="syz-executor164" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 79.717832][ T26] audit: type=1400 audit(1683451113.190:88): avc: denied { read } for pid=4996 comm="syz-executor164" name="nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 4997] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4996] <... futex resumed>) = 0 [pid 4997] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 4996] <... futex resumed>) = 0 [pid 4997] ioctl(3, NBD_SET_SOCK, 4 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 4996] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887f90000 [pid 4996] mprotect(0x7fd887f91000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 4996] clone(child_stack=0x7fd887fb03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4997] <... ioctl resumed>) = 0 [pid 4997] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 4998 attached [pid 4997] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4996] <... clone resumed>, parent_tid=[4998], tls=0x7fd887fb0700, child_tidptr=0x7fd887fb09d0) = 4998 [pid 4998] set_robust_list(0x7fd887fb09e0, 24) = 0 [pid 4996] futex(0x7fd8880a84d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4998] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 4996] futex(0x7fd8880a84dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... ioctl resumed>) = 0 [pid 4998] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 4996] <... futex resumed>) = 0 [pid 4998] futex(0x7fd8880a84d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4996] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... futex resumed>) = 0 [pid 4996] <... futex resumed>) = 1 [pid 4997] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 4996] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] write(7, "18", 2) = 2 [ 79.741885][ T26] audit: type=1400 audit(1683451113.190:89): avc: denied { open } for pid=4996 comm="syz-executor164" path="/dev/nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 79.766382][ T26] audit: type=1400 audit(1683451113.210:90): avc: denied { ioctl } for pid=4996 comm="syz-executor164" path="/dev/nbd0" dev="devtmpfs" ino=664 ioctlcmd=0xab00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 4997] ioctl(3, NBD_DO_IT [pid 4996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 79.870509][ T4997] FAULT_INJECTION: forcing a failure. [ 79.870509][ T4997] name failslab, interval 1, probability 0, space 0, times 1 [ 79.883489][ T4997] CPU: 0 PID: 4997 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 79.893598][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 79.903673][ T4997] Call Trace: [ 79.906993][ T4997] [ 79.909974][ T4997] dump_stack_lvl+0x136/0x150 [ 79.914744][ T4997] should_fail_ex+0x4a3/0x5b0 [ 79.919493][ T4997] should_failslab+0x9/0x20 [ 79.924058][ T4997] __kmem_cache_alloc_node+0x5b/0x3f0 [ 79.929492][ T4997] kmalloc_node_trace+0x21/0xd0 [ 79.934377][ T4997] blk_mq_init_tags+0x6e/0x190 [ 79.939207][ T4997] blk_mq_alloc_rq_map+0x1c7/0x3b0 [ 79.944374][ T4997] blk_mq_alloc_map_and_rqs+0x58/0x190 [ 79.949879][ T4997] blk_mq_map_swqueue+0xb03/0x1190 [ 79.955025][ T4997] ? blk_mq_alloc_map_and_rqs+0x190/0x190 [ 79.960772][ T4997] ? blk_mq_update_nr_hw_queues+0xcf9/0x1020 [pid 4996] exit_group(0) = ? [pid 4998] <... futex resumed>) = ? [pid 4998] +++ exited with 0 +++ [ 79.966814][ T4997] ? blk_mq_update_queue_map+0x113/0x4a0 [ 79.972486][ T4997] blk_mq_update_nr_hw_queues+0x607/0x1020 [ 79.978349][ T4997] ? blk_mq_map_swqueue+0x1190/0x1190 [ 79.983759][ T4997] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 79.989604][ T4997] nbd_start_device+0x153/0xdb0 [ 79.994488][ T4997] ? security_capable+0x93/0xc0 [ 79.999383][ T4997] nbd_ioctl+0x21a/0xce0 [ 80.003648][ T4997] ? blkdev_bszset+0x1f0/0x1f0 [ 80.008440][ T4997] ? nbd_start_device+0xdb0/0xdb0 [ 80.013503][ T4997] ? find_held_lock+0x2d/0x110 [ 80.018293][ T4997] ? ptrace_notify+0xfe/0x140 [ 80.023000][ T4997] ? nbd_start_device+0xdb0/0xdb0 [ 80.028062][ T4997] blkdev_ioctl+0x372/0x7f0 [ 80.032581][ T4997] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.038057][ T4997] ? selinux_file_ioctl+0xba/0x280 [ 80.043197][ T4997] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.048721][ T4997] __x64_sys_ioctl+0x197/0x210 [ 80.053550][ T4997] do_syscall_64+0x39/0xb0 [ 80.058029][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.063957][ T4997] RIP: 0033:0x7fd888024309 [ 80.068390][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.088037][ T4997] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.096495][ T4997] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 80.104487][ T4997] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 80.112481][ T4997] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [pid 4997] <... ioctl resumed>) = ? [pid 4997] +++ exited with 0 +++ [pid 4996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4996, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5001 attached , child_tidptr=0x5555558e05d0) = 5001 [pid 5001] set_robust_list(0x5555558e05e0, 24) = 0 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 5001] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5001] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5002 attached , parent_tid=[5002], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 5002 [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 5002] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.120486][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 80.128485][ T4997] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 80.136494][ T4997] [ 80.157394][ T4997] block nbd0: shutting down sockets [pid 5002] ioctl(6, NBD_SET_SOCK, 4) = 0 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5001] <... futex resumed>) = 0 [pid 5002] ioctl(3, NBD_SET_SOCK, 4 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... ioctl resumed>) = 0 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5001] <... futex resumed>) = 0 [pid 5002] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... ioctl resumed>) = 0 [pid 5002] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5001] <... futex resumed>) = 0 [pid 5002] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5001] <... futex resumed>) = 0 [pid 5002] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5001] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... openat resumed>) = 7 [pid 5002] write(7, "18", 2) = 2 [pid 5002] ioctl(3, NBD_DO_IT [pid 5001] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 80.290481][ T5002] FAULT_INJECTION: forcing a failure. [ 80.290481][ T5002] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 80.304009][ T5002] CPU: 0 PID: 5002 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 80.314112][ T5002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 80.324185][ T5002] Call Trace: [ 80.327488][ T5002] [ 80.330447][ T5002] dump_stack_lvl+0x136/0x150 [ 80.335208][ T5002] should_fail_ex+0x4a3/0x5b0 [ 80.339941][ T5002] prepare_alloc_pages+0x178/0x570 [ 80.345116][ T5002] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 80.351170][ T5002] __alloc_pages+0x149/0x4a0 [ 80.355814][ T5002] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 80.362633][ T5002] ? find_held_lock+0x2d/0x110 [ 80.367477][ T5002] ? lock_downgrade+0x690/0x690 [ 80.372352][ T5002] ? do_raw_spin_lock+0x124/0x2b0 [ 80.377418][ T5002] ? spin_bug+0x1c0/0x1c0 [ 80.381895][ T5002] alloc_pages+0x1aa/0x270 [ 80.386366][ T5002] __get_free_pages+0xc/0x40 [ 80.391005][ T5002] inode_doinit_with_dentry+0x8eb/0x12d0 [ 80.396704][ T5002] ? hrtimer_run_queues+0x147/0x440 [ 80.401947][ T5002] ? selinux_sem_semctl+0x1a0/0x1a0 [ 80.407188][ T5002] ? current_time+0x1fe/0x2c0 [ 80.411927][ T5002] ? mode_strip_sgid+0x1c0/0x1c0 [ 80.416919][ T5002] selinux_d_instantiate+0x27/0x30 [ 80.422097][ T5002] security_d_instantiate+0x54/0xe0 [ 80.427336][ T5002] d_instantiate+0x5e/0xa0 [ 80.431783][ T5002] __debugfs_create_file+0x20f/0x5e0 [pid 5001] exit_group(0) = ? [ 80.437121][ T5002] debugfs_create_u64+0x70/0xa0 [ 80.442029][ T5002] nbd_start_device+0x462/0xdb0 [ 80.446898][ T5002] ? security_capable+0x93/0xc0 [ 80.451769][ T5002] nbd_ioctl+0x21a/0xce0 [ 80.456039][ T5002] ? blkdev_bszset+0x1f0/0x1f0 [ 80.460830][ T5002] ? nbd_start_device+0xdb0/0xdb0 [ 80.465903][ T5002] ? find_held_lock+0x2d/0x110 [ 80.470689][ T5002] ? ptrace_notify+0xfe/0x140 [ 80.475389][ T5002] ? nbd_start_device+0xdb0/0xdb0 [ 80.480433][ T5002] blkdev_ioctl+0x372/0x7f0 [ 80.484952][ T5002] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.490441][ T5002] ? selinux_file_ioctl+0xba/0x280 [ 80.495571][ T5002] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.501061][ T5002] __x64_sys_ioctl+0x197/0x210 [ 80.505859][ T5002] do_syscall_64+0x39/0xb0 [ 80.510340][ T5002] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.516291][ T5002] RIP: 0033:0x7fd888024309 [ 80.520722][ T5002] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.540376][ T5002] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.548829][ T5002] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 80.557008][ T5002] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 80.564999][ T5002] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 80.572992][ T5002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 80.581002][ T5002] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 80.589005][ T5002] [pid 5002] <... ioctl resumed>) = ? [pid 5002] +++ exited with 0 +++ [pid 5001] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555558e05d0) = 5003 ./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x5555558e05e0, 24) = 0 [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5003] setpgid(0, 0) = 0 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1000", 4) = 4 [pid 5003] close(3) = 0 [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 5003] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5003] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5004 attached , parent_tid=[5004], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 5004 [pid 5004] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [ 80.596310][ T5002] block nbd0: shutting down sockets [pid 5004] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... openat resumed>) = 3 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5003] <... futex resumed>) = 1 [pid 5004] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... socketpair resumed>[4, 5]) = 0 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5004] <... futex resumed>) = 0 [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] <... futex resumed>) = 0 [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5004] ioctl(6, NBD_SET_SOCK, 4 [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... ioctl resumed>) = 0 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] <... futex resumed>) = 0 [pid 5004] ioctl(3, NBD_SET_SOCK, 4 [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... ioctl resumed>) = 0 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] <... futex resumed>) = 0 [pid 5004] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... ioctl resumed>) = 0 [pid 5004] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5004] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5003] <... futex resumed>) = 0 [pid 5004] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5003] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... openat resumed>) = 7 [pid 5004] write(7, "18", 2) = 2 [pid 5004] ioctl(3, NBD_DO_IT [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 80.739822][ T5004] FAULT_INJECTION: forcing a failure. [ 80.739822][ T5004] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 80.753324][ T5004] CPU: 1 PID: 5004 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 80.763438][ T5004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 80.773526][ T5004] Call Trace: [ 80.776816][ T5004] [ 80.779761][ T5004] dump_stack_lvl+0x136/0x150 [ 80.784503][ T5004] should_fail_ex+0x4a3/0x5b0 [ 80.789251][ T5004] prepare_alloc_pages+0x178/0x570 [ 80.794428][ T5004] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 80.800463][ T5004] __alloc_pages+0x149/0x4a0 [ 80.805110][ T5004] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 80.811938][ T5004] ? find_held_lock+0x2d/0x110 [ 80.816747][ T5004] ? lock_downgrade+0x690/0x690 [ 80.821625][ T5004] ? do_raw_spin_lock+0x124/0x2b0 [ 80.826697][ T5004] ? spin_bug+0x1c0/0x1c0 [ 80.831094][ T5004] alloc_pages+0x1aa/0x270 [ 80.835581][ T5004] __get_free_pages+0xc/0x40 [ 80.840224][ T5004] inode_doinit_with_dentry+0x8eb/0x12d0 [ 80.845916][ T5004] ? hrtimer_run_queues+0x147/0x440 [ 80.851171][ T5004] ? selinux_sem_semctl+0x1a0/0x1a0 [ 80.856404][ T5004] ? current_time+0x1fe/0x2c0 [ 80.861144][ T5004] ? mode_strip_sgid+0x1c0/0x1c0 [ 80.866143][ T5004] selinux_d_instantiate+0x27/0x30 [ 80.871339][ T5004] security_d_instantiate+0x54/0xe0 [ 80.876577][ T5004] d_instantiate+0x5e/0xa0 [ 80.881033][ T5004] __debugfs_create_file+0x20f/0x5e0 [ 80.886350][ T5004] debugfs_create_u64+0x70/0xa0 [ 80.891235][ T5004] nbd_start_device+0x462/0xdb0 [ 80.896116][ T5004] ? security_capable+0x93/0xc0 [ 80.901003][ T5004] nbd_ioctl+0x21a/0xce0 [ 80.905269][ T5004] ? blkdev_bszset+0x1f0/0x1f0 [ 80.910064][ T5004] ? nbd_start_device+0xdb0/0xdb0 [ 80.915115][ T5004] ? find_held_lock+0x2d/0x110 [ 80.919905][ T5004] ? ptrace_notify+0xfe/0x140 [ 80.924608][ T5004] ? nbd_start_device+0xdb0/0xdb0 [ 80.929653][ T5004] blkdev_ioctl+0x372/0x7f0 [ 80.934184][ T5004] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.939669][ T5004] ? selinux_file_ioctl+0xba/0x280 [ 80.944810][ T5004] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 80.950295][ T5004] __x64_sys_ioctl+0x197/0x210 [ 80.955082][ T5004] do_syscall_64+0x39/0xb0 [ 80.959537][ T5004] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 80.965470][ T5004] RIP: 0033:0x7fd888024309 [ 80.969911][ T5004] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 80.989542][ T5004] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.997982][ T5004] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 81.005971][ T5004] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 81.013964][ T5004] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 81.021955][ T5004] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 81.029945][ T5004] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 81.037949][ T5004] [pid 5003] exit_group(0) = ? [pid 5004] <... ioctl resumed>) = ? [pid 5004] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5005 attached , child_tidptr=0x5555558e05d0) = 5005 [pid 5005] set_robust_list(0x5555558e05e0, 24) = 0 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5005] setpgid(0, 0) = 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5005] write(3, "1000", 4) = 4 [pid 5005] close(3) = 0 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 5005] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5005] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5006], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 5006 [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5006 attached [pid 5006] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 5006] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5006] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5006] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [pid 5006] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 5006] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] <... futex resumed>) = 1 [ 81.106936][ T5004] block nbd0: shutting down sockets [pid 5006] ioctl(6, NBD_SET_SOCK, 4 [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5005] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887f90000 [pid 5005] mprotect(0x7fd887f91000, 131072, PROT_READ|PROT_WRITE [pid 5006] <... ioctl resumed>) = 0 [pid 5006] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] <... mprotect resumed>) = 0 [pid 5006] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] clone(child_stack=0x7fd887fb03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5007 attached [pid 5007] set_robust_list(0x7fd887fb09e0, 24 [pid 5005] <... clone resumed>, parent_tid=[5007], tls=0x7fd887fb0700, child_tidptr=0x7fd887fb09d0) = 5007 [pid 5007] <... set_robust_list resumed>) = 0 [pid 5005] futex(0x7fd8880a84d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5005] futex(0x7fd8880a84dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] ioctl(3, NBD_SET_SOCK, 4) = -1 EBUSY (Device or resource busy) [pid 5007] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... futex resumed>) = 0 [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 1 [pid 5006] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5007] <... futex resumed>) = 1 [pid 5006] <... ioctl resumed>) = 0 [pid 5007] futex(0x7fd8880a84d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5005] <... futex resumed>) = 0 [pid 5006] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5005] <... futex resumed>) = 0 [pid 5006] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 7 [pid 5005] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5006] write(7, "18", 2) = 2 [ 81.232566][ T5007] block nbd0: Device being setup by another task [pid 5006] ioctl(3, NBD_DO_IT [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 81.286573][ T5006] FAULT_INJECTION: forcing a failure. [ 81.286573][ T5006] name failslab, interval 1, probability 0, space 0, times 0 [ 81.299512][ T5006] CPU: 1 PID: 5006 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 81.309624][ T5006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 81.319713][ T5006] Call Trace: [ 81.323029][ T5006] [ 81.325995][ T5006] dump_stack_lvl+0x136/0x150 [ 81.330749][ T5006] should_fail_ex+0x4a3/0x5b0 [ 81.335497][ T5006] should_failslab+0x9/0x20 [ 81.340060][ T5006] kmem_cache_alloc+0x5d/0x3f0 [ 81.344991][ T5006] __kernfs_new_node+0xd4/0x8b0 [ 81.349891][ T5006] ? do_syscall_64+0x39/0xb0 [ 81.354529][ T5006] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.360634][ T5006] ? kernfs_path_from_node+0x60/0x60 [ 81.365978][ T5006] ? print_usage_bug.part.0+0x660/0x660 [ 81.371589][ T5006] ? debug_check_no_obj_freed+0x210/0x420 [ 81.377390][ T5006] ? lock_downgrade+0x690/0x690 [pid 5005] exit_group(0 [pid 5007] <... futex resumed>) = ? [pid 5005] <... exit_group resumed>) = ? [pid 5007] +++ exited with 0 +++ [ 81.382290][ T5006] kernfs_create_dir_ns+0xa0/0x230 [ 81.387460][ T5006] sysfs_create_dir_ns+0x12b/0x290 [ 81.392606][ T5006] ? sysfs_create_mount_point+0xb0/0xb0 [ 81.398202][ T5006] ? kfree_const+0x55/0x60 [ 81.402642][ T5006] ? lockdep_hardirqs_on+0x7d/0x100 [ 81.407873][ T5006] kobject_add_internal+0x2c9/0x9c0 [ 81.413108][ T5006] kobject_add+0x158/0x230 [ 81.417569][ T5006] ? kset_create_and_add+0x1a0/0x1a0 [ 81.422881][ T5006] ? xas_find+0x820/0x820 [ 81.427266][ T5006] blk_mq_register_hctx+0x276/0x490 [ 81.432513][ T5006] blk_mq_sysfs_register_hctxs+0x15b/0x180 [ 81.438389][ T5006] ? blk_mq_sysfs_unregister_hctxs+0x2d0/0x2d0 [ 81.444619][ T5006] ? blk_mq_update_queue_map+0x113/0x4a0 [ 81.450378][ T5006] blk_mq_update_nr_hw_queues+0x744/0x1020 [ 81.456223][ T5006] ? blk_mq_map_swqueue+0x1190/0x1190 [ 81.461634][ T5006] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 81.467513][ T5006] nbd_start_device+0x153/0xdb0 [ 81.472426][ T5006] ? security_capable+0x93/0xc0 [ 81.477322][ T5006] nbd_ioctl+0x21a/0xce0 [ 81.481604][ T5006] ? blkdev_bszset+0x1f0/0x1f0 [ 81.486404][ T5006] ? nbd_start_device+0xdb0/0xdb0 [ 81.491452][ T5006] ? find_held_lock+0x2d/0x110 [ 81.496254][ T5006] ? ptrace_notify+0xfe/0x140 [ 81.500977][ T5006] ? nbd_start_device+0xdb0/0xdb0 [ 81.506022][ T5006] blkdev_ioctl+0x372/0x7f0 [ 81.510572][ T5006] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 81.516068][ T5006] ? selinux_file_ioctl+0xba/0x280 [ 81.521212][ T5006] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 81.526725][ T5006] __x64_sys_ioctl+0x197/0x210 [ 81.531529][ T5006] do_syscall_64+0x39/0xb0 [ 81.535981][ T5006] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.541904][ T5006] RIP: 0033:0x7fd888024309 [ 81.546336][ T5006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 81.565969][ T5006] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.574403][ T5006] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [pid 5006] <... ioctl resumed>) = ? [pid 5006] +++ exited with 0 +++ [pid 5005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5008 attached , child_tidptr=0x5555558e05d0) = 5008 [pid 5008] set_robust_list(0x5555558e05e0, 24) = 0 [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5008] setpgid(0, 0) = 0 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5008] write(3, "1000", 4) = 4 [pid 5008] close(3) = 0 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 5008] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5008] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5009], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 5009 [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5009 attached [pid 5009] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 5009] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5009] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5009] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [pid 5009] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 5009] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... futex resumed>) = 1 [ 81.582411][ T5006] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 81.590399][ T5006] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 81.598390][ T5006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 81.606416][ T5006] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 81.614425][ T5006] [ 81.618106][ T5006] kobject: kobject_add_internal failed for cpu1 (error: -12 parent: 0) [ 81.632787][ T5006] block nbd0: shutting down sockets [pid 5009] ioctl(6, NBD_SET_SOCK, 4 [pid 5008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5008] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887f90000 [pid 5008] mprotect(0x7fd887f91000, 131072, PROT_READ|PROT_WRITE [pid 5009] <... ioctl resumed>) = 0 [pid 5008] <... mprotect resumed>) = 0 [pid 5009] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] clone(child_stack=0x7fd887fb03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5010 attached [pid 5009] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] set_robust_list(0x7fd887fb09e0, 24 [pid 5008] <... clone resumed>, parent_tid=[5010], tls=0x7fd887fb0700, child_tidptr=0x7fd887fb09d0) = 5010 [pid 5010] <... set_robust_list resumed>) = 0 [pid 5008] futex(0x7fd8880a84d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] ioctl(3, NBD_SET_SOCK, 4 [pid 5008] <... futex resumed>) = 0 [pid 5008] futex(0x7fd8880a84dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5010] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 5010] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5010] futex(0x7fd8880a84d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5008] <... futex resumed>) = 1 [pid 5009] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... ioctl resumed>) = 0 [pid 5009] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5008] <... futex resumed>) = 0 [pid 5009] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5008] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5008] <... futex resumed>) = 0 [pid 5009] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5008] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5009] <... openat resumed>) = 7 [pid 5009] write(7, "18", 2) = 2 [ 81.752654][ T5010] block nbd0: Device being setup by another task [ 81.767712][ T5009] FAULT_INJECTION: forcing a failure. [ 81.767712][ T5009] name failslab, interval 1, probability 0, space 0, times 0 [ 81.781020][ T5009] CPU: 1 PID: 5009 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 81.791150][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 81.801258][ T5009] Call Trace: [ 81.804581][ T5009] [ 81.807548][ T5009] dump_stack_lvl+0x136/0x150 [ 81.812313][ T5009] should_fail_ex+0x4a3/0x5b0 [ 81.817051][ T5009] should_failslab+0x9/0x20 [ 81.821598][ T5009] kmem_cache_alloc_lru+0x59/0x640 [ 81.826751][ T5009] alloc_inode+0x168/0x230 [ 81.831222][ T5009] new_inode+0x2b/0x280 [ 81.835414][ T5009] debugfs_get_inode+0x1a/0x130 [ 81.840302][ T5009] __debugfs_create_file+0x11a/0x5e0 [ 81.845605][ T5009] debugfs_create_u32+0x70/0xa0 [ 81.850494][ T5009] nbd_start_device+0x47a/0xdb0 [ 81.855376][ T5009] ? security_capable+0x93/0xc0 [ 81.860278][ T5009] nbd_ioctl+0x21a/0xce0 [ 81.864563][ T5009] ? blkdev_bszset+0x1f0/0x1f0 [ 81.869361][ T5009] ? nbd_start_device+0xdb0/0xdb0 [ 81.874432][ T5009] ? find_held_lock+0x2d/0x110 [ 81.879240][ T5009] ? ptrace_notify+0xfe/0x140 [ 81.883947][ T5009] ? nbd_start_device+0xdb0/0xdb0 [ 81.888998][ T5009] blkdev_ioctl+0x372/0x7f0 [ 81.893540][ T5009] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 81.899041][ T5009] ? selinux_file_ioctl+0xba/0x280 [ 81.904184][ T5009] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 81.909679][ T5009] __x64_sys_ioctl+0x197/0x210 [ 81.914479][ T5009] do_syscall_64+0x39/0xb0 [ 81.918945][ T5009] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 81.924884][ T5009] RIP: 0033:0x7fd888024309 [ 81.929355][ T5009] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [pid 5009] ioctl(3, NBD_DO_IT [pid 5008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 81.949014][ T5009] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 81.957454][ T5009] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 81.965447][ T5009] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 81.973440][ T5009] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 81.981433][ T5009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 81.989426][ T5009] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 81.997424][ T5009] [ 82.003435][ T5009] debugfs: out of free dentries, can not create file 'timeout' [pid 5008] exit_group(0 [pid 5010] <... futex resumed>) = ? [pid 5008] <... exit_group resumed>) = ? [pid 5010] +++ exited with 0 +++ [pid 5009] <... ioctl resumed>) = ? [pid 5009] +++ exited with 0 +++ [pid 5008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5008, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5011 attached , child_tidptr=0x5555558e05d0) = 5011 [pid 5011] set_robust_list(0x5555558e05e0, 24) = 0 [pid 5011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5011] setpgid(0, 0) = 0 [pid 5011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5011] write(3, "1000", 4) = 4 [pid 5011] close(3) = 0 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887fb1000 [pid 5011] mprotect(0x7fd887fb2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7fd887fd13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5012], tls=0x7fd887fd1700, child_tidptr=0x7fd887fd19d0) = 5012 ./strace-static-x86_64: Process 5012 attached [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] set_robust_list(0x7fd887fd19e0, 24) = 0 [pid 5012] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5012] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5012] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... socketpair resumed>[4, 5]) = 0 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... openat resumed>) = 6 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... futex resumed>) = 0 [pid 5011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] ioctl(6, NBD_SET_SOCK, 4 [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 82.155522][ T5009] block nbd0: shutting down sockets [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... ioctl resumed>) = 0 [pid 5012] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5011] <... futex resumed>) = 0 [pid 5012] futex(0x7fd8880a84c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5011] <... futex resumed>) = 0 [pid 5012] ioctl(3, NBD_SET_SOCK, 4 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5011] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd887f90000 [pid 5011] mprotect(0x7fd887f91000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5011] clone(child_stack=0x7fd887fb03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5013 attached , parent_tid=[5013], tls=0x7fd887fb0700, child_tidptr=0x7fd887fb09d0) = 5013 [pid 5013] set_robust_list(0x7fd887fb09e0, 24) = 0 [pid 5013] futex(0x7fd8880a84d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] futex(0x7fd8880a84d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5013] <... futex resumed>) = 0 [pid 5013] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE|NBD_FLAG_SEND_CACHE|0x7800 [pid 5011] futex(0x7fd8880a84dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] <... ioctl resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 5013] futex(0x7fd8880a84dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5012] futex(0x7fd8880a84cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5013] futex(0x7fd8880a84d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] <... futex resumed>) = 0 [pid 5011] futex(0x7fd8880a84c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 5011] <... futex resumed>) = 0 [pid 5012] <... openat resumed>) = 7 [pid 5011] futex(0x7fd8880a84cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5012] write(7, "18", 2) = 2 [pid 5012] ioctl(3, NBD_DO_IT [pid 5011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 82.349340][ T5012] ------------[ cut here ]------------ [ 82.355005][ T5012] kernfs: can not remove 'nr_tags', no directory [ 82.361771][ T5012] WARNING: CPU: 0 PID: 5012 at fs/kernfs/dir.c:1656 kernfs_remove_by_name_ns+0x101/0x120 [ 82.371713][ T5012] Modules linked in: [ 82.375704][ T5012] CPU: 0 PID: 5012 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 82.386031][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 82.396186][ T5012] RIP: 0010:kernfs_remove_by_name_ns+0x101/0x120 [ 82.402619][ T5012] Code: c3 e8 d3 19 77 ff 4c 89 e7 41 bc fe ff ff ff e8 95 45 57 ff eb da e8 be 19 77 ff 4c 89 ee 48 c7 c7 a0 38 5f 8a e8 7f d6 3e ff <0f> 0b 41 bc fe ff ff ff eb bc e8 60 e8 c8 ff e9 61 ff ff ff e8 56 [ 82.422335][ T5012] RSP: 0018:ffffc900033a7a38 EFLAGS: 00010286 [ 82.428468][ T5012] RAX: 0000000000000000 RBX: ffffffff8d09c108 RCX: 0000000000000000 [ 82.436532][ T5012] RDX: ffff88807da3c0c0 RSI: ffffffff814b2457 RDI: 0000000000000001 [pid 5011] exit_group(0) = ? [pid 5013] <... futex resumed>) = ? [pid 5013] +++ exited with 0 +++ [ 82.444581][ T5012] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 82.452664][ T5012] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 82.460684][ T5012] R13: ffffffff8aa4bc00 R14: 0000000000000000 R15: 0000000000000002 [ 82.468740][ T5012] FS: 00007fd887fd1700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 82.477783][ T5012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 82.484455][ T5012] CR2: 00007f1d209f2304 CR3: 000000001f431000 CR4: 00000000003506f0 [ 82.492907][ T5012] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 82.500907][ T5012] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 82.508960][ T5012] Call Trace: [ 82.512274][ T5012] [ 82.515290][ T5012] remove_files+0x96/0x1c0 [ 82.519760][ T5012] sysfs_remove_group+0x8b/0x170 [ 82.524795][ T5012] sysfs_remove_groups+0x60/0xa0 [ 82.529810][ T5012] __kobject_del+0x89/0x1f0 [ 82.534420][ T5012] kobject_del+0x40/0x60 [ 82.538713][ T5012] blk_mq_sysfs_unregister_hctxs+0x24b/0x2d0 [ 82.544777][ T5012] ? blk_mq_sysfs_unregister+0x3f0/0x3f0 [ 82.550475][ T5012] ? blk_mq_debugfs_register_hctxs+0x140/0x140 [ 82.556721][ T5012] blk_mq_update_nr_hw_queues+0x45c/0x1020 [ 82.562616][ T5012] ? blk_mq_map_swqueue+0x1190/0x1190 [ 82.568044][ T5012] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 82.573941][ T5012] nbd_start_device+0x153/0xdb0 [ 82.578845][ T5012] ? security_capable+0x93/0xc0 [ 82.583766][ T5012] nbd_ioctl+0x21a/0xce0 [ 82.588135][ T5012] ? blkdev_bszset+0x1f0/0x1f0 [ 82.592981][ T5012] ? nbd_start_device+0xdb0/0xdb0 [ 82.598060][ T5012] ? find_held_lock+0x2d/0x110 [ 82.602914][ T5012] ? ptrace_notify+0xfe/0x140 [ 82.607630][ T5012] ? nbd_start_device+0xdb0/0xdb0 [ 82.612731][ T5012] blkdev_ioctl+0x372/0x7f0 [ 82.617365][ T5012] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 82.622890][ T5012] ? selinux_file_ioctl+0xba/0x280 [ 82.628051][ T5012] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 82.633615][ T5012] __x64_sys_ioctl+0x197/0x210 [ 82.638438][ T5012] do_syscall_64+0x39/0xb0 [ 82.642978][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 82.648957][ T5012] RIP: 0033:0x7fd888024309 [ 82.653432][ T5012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 82.673137][ T5012] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 82.681590][ T5012] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 82.689661][ T5012] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 82.697714][ T5012] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 82.705767][ T5012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 82.713800][ T5012] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 82.721810][ T5012] [ 82.724937][ T5012] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 82.732260][ T5012] CPU: 0 PID: 5012 Comm: syz-executor164 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 82.742353][ T5012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 82.752438][ T5012] Call Trace: [ 82.755746][ T5012] [ 82.758791][ T5012] dump_stack_lvl+0xd9/0x150 [ 82.763430][ T5012] panic+0x686/0x730 [ 82.767363][ T5012] ? panic_smp_self_stop+0xa0/0xa0 [ 82.772516][ T5012] ? show_trace_log_lvl+0x285/0x390 [ 82.777756][ T5012] ? kernfs_remove_by_name_ns+0x101/0x120 [ 82.783518][ T5012] check_panic_on_warn+0xb1/0xc0 [ 82.788511][ T5012] __warn+0xf2/0x390 [ 82.792457][ T5012] ? preempt_schedule_notrace+0x5f/0xd0 [ 82.798054][ T5012] ? kernfs_remove_by_name_ns+0x101/0x120 [ 82.803836][ T5012] report_bug+0x2da/0x500 [ 82.808224][ T5012] handle_bug+0x3c/0x70 [ 82.812409][ T5012] exc_invalid_op+0x18/0x50 [ 82.816943][ T5012] asm_exc_invalid_op+0x1a/0x20 [ 82.821836][ T5012] RIP: 0010:kernfs_remove_by_name_ns+0x101/0x120 [ 82.828218][ T5012] Code: c3 e8 d3 19 77 ff 4c 89 e7 41 bc fe ff ff ff e8 95 45 57 ff eb da e8 be 19 77 ff 4c 89 ee 48 c7 c7 a0 38 5f 8a e8 7f d6 3e ff <0f> 0b 41 bc fe ff ff ff eb bc e8 60 e8 c8 ff e9 61 ff ff ff e8 56 [ 82.847848][ T5012] RSP: 0018:ffffc900033a7a38 EFLAGS: 00010286 [ 82.853944][ T5012] RAX: 0000000000000000 RBX: ffffffff8d09c108 RCX: 0000000000000000 [ 82.861933][ T5012] RDX: ffff88807da3c0c0 RSI: ffffffff814b2457 RDI: 0000000000000001 [ 82.869927][ T5012] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 82.877922][ T5012] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000 [ 82.885917][ T5012] R13: ffffffff8aa4bc00 R14: 0000000000000000 R15: 0000000000000002 [ 82.893909][ T5012] ? __warn_printk+0x187/0x310 [ 82.898709][ T5012] ? kernfs_remove_by_name_ns+0x101/0x120 [ 82.904471][ T5012] remove_files+0x96/0x1c0 [ 82.908918][ T5012] sysfs_remove_group+0x8b/0x170 [ 82.913890][ T5012] sysfs_remove_groups+0x60/0xa0 [ 82.918879][ T5012] __kobject_del+0x89/0x1f0 [ 82.923426][ T5012] kobject_del+0x40/0x60 [ 82.927697][ T5012] blk_mq_sysfs_unregister_hctxs+0x24b/0x2d0 [ 82.933728][ T5012] ? blk_mq_sysfs_unregister+0x3f0/0x3f0 [ 82.939428][ T5012] ? blk_mq_debugfs_register_hctxs+0x140/0x140 [ 82.945624][ T5012] blk_mq_update_nr_hw_queues+0x45c/0x1020 [ 82.951476][ T5012] ? blk_mq_map_swqueue+0x1190/0x1190 [ 82.956889][ T5012] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 82.962751][ T5012] nbd_start_device+0x153/0xdb0 [ 82.967623][ T5012] ? security_capable+0x93/0xc0 [ 82.972519][ T5012] nbd_ioctl+0x21a/0xce0 [ 82.976787][ T5012] ? blkdev_bszset+0x1f0/0x1f0 [ 82.981597][ T5012] ? nbd_start_device+0xdb0/0xdb0 [ 82.986646][ T5012] ? find_held_lock+0x2d/0x110 [ 82.991443][ T5012] ? ptrace_notify+0xfe/0x140 [ 82.996147][ T5012] ? nbd_start_device+0xdb0/0xdb0 [ 83.001194][ T5012] blkdev_ioctl+0x372/0x7f0 [ 83.005717][ T5012] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 83.011199][ T5012] ? selinux_file_ioctl+0xba/0x280 [ 83.016333][ T5012] ? blkdev_common_ioctl+0x1a40/0x1a40 [ 83.021835][ T5012] __x64_sys_ioctl+0x197/0x210 [ 83.026641][ T5012] do_syscall_64+0x39/0xb0 [ 83.031099][ T5012] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.037031][ T5012] RIP: 0033:0x7fd888024309 [ 83.041471][ T5012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.061101][ T5012] RSP: 002b:00007fd887fd12e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.069538][ T5012] RAX: ffffffffffffffda RBX: 00007fd8880a84c0 RCX: 00007fd888024309 [ 83.077532][ T5012] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 83.085521][ T5012] RBP: 00007fd888075194 R08: 0000000000000002 R09: 0000000000003831 [ 83.093511][ T5012] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd8880a84cc [ 83.101501][ T5012] R13: 00007fd887fd12f0 R14: 00007fd8880a84c8 R15: 0000000000000002 [ 83.109495][ T5012] [ 83.112750][ T5012] Kernel Offset: disabled [ 83.117187][ T5012] Rebooting in 86400 seconds..