./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor612808922 <...> forked to background, child pid 3184 no interfaces have a carrier [ 21.606959][ T3185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.617438][ T3185] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.52' (ECDSA) to the list of known hosts. execve("./syz-executor612808922", ["./syz-executor612808922"], 0x7ffdd76207a0 /* 10 vars */) = 0 brk(NULL) = 0x555557400000 brk(0x555557400c40) = 0x555557400c40 arch_prctl(ARCH_SET_FS, 0x555557400300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555574005d0) = 3612 set_robust_list(0x5555574005e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7febbf910480, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7febbf910b50}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7febbf910520, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7febbf910b50}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor612808922", 4096) = 27 brk(0x555557421c40) = 0x555557421c40 brk(0x555557422000) = 0x555557422000 mprotect(0x7febbf9d2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3 write(3, "N", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3 write(3, "0", 1) = 1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574005d0) = 3613 ./strace-static-x86_64: Process 3613 attached [pid 3613] set_robust_list(0x5555574005e0, 24) = 0 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febbf8e0000 [pid 3613] mprotect(0x7febbf8e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3613] clone(child_stack=0x7febbf9003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7febbf900700, child_tidptr=0x7febbf9009d0) = 3614 [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7febbf9009e0, 24) = 0 [pid 3614] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_HAS_FLAGS|NBD_FLAG_READ_ONLY|NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... ioctl resumed>) = 0 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 0 [pid 3613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3614] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... openat resumed>) = 4 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 0 [pid 3613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3614] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... socketpair resumed>[5, 6]) = 0 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... futex resumed>) = 0 [pid 3613] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3614] ioctl(4, NBD_SET_SOCK, 5 [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... ioctl resumed>) = 0 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... openat resumed>) = 7 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] ioctl(7, NBD_SET_SOCK, 5 [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... ioctl resumed>) = 0 [pid 3614] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3613] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... openat resumed>) = 8 [pid 3614] write(8, "14", 2) = 2 [pid 3614] ioctl(7, NBD_DO_IT [pid 3613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) syzkaller login: [ 38.449791][ T3614] Increasing nr_hw_queues to 2 fails, fallback to 1 [pid 3613] exit_group(0 [pid 3614] <... ioctl resumed>) = ? [pid 3613] <... exit_group resumed>) = ? [pid 3614] +++ exited with 0 +++ [pid 3613] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3613, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3618 attached , child_tidptr=0x5555574005d0) = 3618 [pid 3618] set_robust_list(0x5555574005e0, 24) = 0 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3618] setpgid(0, 0) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febbf8e0000 [pid 3618] mprotect(0x7febbf8e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3618] clone(child_stack=0x7febbf9003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3619], tls=0x7febbf900700, child_tidptr=0x7febbf9009d0) = 3619 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3619 attached [pid 3619] set_robust_list(0x7febbf9009e0, 24) = 0 [pid 3619] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_HAS_FLAGS|NBD_FLAG_READ_ONLY|NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE) = 0 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [pid 3619] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... futex resumed>) = 1 [ 38.598973][ T3614] block nbd0: shutting down sockets [pid 3619] ioctl(4, NBD_SET_SOCK, 5) = 0 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 3618] <... futex resumed>) = 0 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... openat resumed>) = 7 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3619] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3618] <... futex resumed>) = 0 [pid 3619] ioctl(7, NBD_SET_SOCK, 5 [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... ioctl resumed>) = 0 [pid 3619] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3618] <... futex resumed>) = 0 [pid 3619] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3618] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3619] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3618] <... futex resumed>) = 0 [pid 3619] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3618] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3619] <... openat resumed>) = 8 [pid 3619] write(8, "14", 2) = 2 [pid 3619] ioctl(7, NBD_DO_IT [pid 3618] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3618] exit_group(0 [pid 3619] <... ioctl resumed>) = ? [pid 3618] <... exit_group resumed>) = ? [pid 3619] +++ exited with 0 +++ [pid 3618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3618, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574005d0) = 3620 ./strace-static-x86_64: Process 3620 attached [pid 3620] set_robust_list(0x5555574005e0, 24) = 0 [pid 3620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3620] setpgid(0, 0) = 0 [pid 3620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3620] write(3, "1000", 4) = 4 [pid 3620] close(3) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febbf8e0000 [pid 3620] mprotect(0x7febbf8e1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3620] clone(child_stack=0x7febbf9003f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3621], tls=0x7febbf900700, child_tidptr=0x7febbf9009d0) = 3621 [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3621 attached [pid 3621] set_robust_list(0x7febbf9009e0, 24) = 0 [pid 3621] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3621] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 1 [pid 3621] ioctl(3, NBD_SET_FLAGS, NBD_FLAG_HAS_FLAGS|NBD_FLAG_READ_ONLY|NBD_FLAG_SEND_FLUSH|NBD_FLAG_SEND_FUA|NBD_FLAG_ROTATIONAL|NBD_FLAG_SEND_TRIM|NBD_FLAG_SEND_WRITE_ZEROES|NBD_FLAG_SEND_DF|NBD_FLAG_CAN_MULTI_CONN|NBD_FLAG_SEND_RESIZE) = 0 [pid 3621] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 1 [pid 3621] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 3621] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 1 [pid 3621] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 3621] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... futex resumed>) = 1 [ 38.905724][ T3619] block nbd0: shutting down sockets [pid 3621] ioctl(4, NBD_SET_SOCK, 5 [pid 3620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3620] futex(0x7febbf9d84fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7febbf8bf000 [pid 3620] mprotect(0x7febbf8c0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3620] clone(child_stack=0x7febbf8df3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3622 attached [pid 3622] set_robust_list(0x7febbf8df9e0, 24 [pid 3620] <... clone resumed>, parent_tid=[3622], tls=0x7febbf8df700, child_tidptr=0x7febbf8df9d0) = 3622 [pid 3620] futex(0x7febbf9d84f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] <... set_robust_list resumed>) = 0 [pid 3622] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 7 [pid 3622] futex(0x7febbf9d84fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3620] futex(0x7febbf9d84f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3620] futex(0x7febbf9d84fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3622] ioctl(7, NBD_SET_SOCK, 5 [pid 3621] <... ioctl resumed>) = 0 [pid 3621] futex(0x7febbf9d84ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3621] futex(0x7febbf9d84e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3622] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 3622] futex(0x7febbf9d84fc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3620] <... futex resumed>) = 0 [pid 3622] futex(0x7febbf9d84f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3620] futex(0x7febbf9d84e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3621] <... futex resumed>) = 0 [pid 3620] <... futex resumed>) = 1 [pid 3621] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR [pid 3620] futex(0x7febbf9d84ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3621] <... openat resumed>) = 8 [pid 3621] write(8, "14", 2) = 2 [ 39.025429][ T3622] block nbd0: Device being setup by another task [ 39.065647][ T3621] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 39.077463][ T3621] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 39.085851][ T3621] CPU: 1 PID: 3621 Comm: syz-executor612 Not tainted 5.19.0-syzkaller-00428-g9de1f9c8ca51 #0 [ 39.095981][ T3621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 39.106018][ T3621] RIP: 0010:blk_mq_free_rqs+0x3f8/0x960 [ 39.111562][ T3621] Code: de e8 ec 6f 90 fd 83 fb 3f 0f 87 6a 46 58 05 e8 9e 73 90 fd b8 00 10 00 00 89 d9 48 d3 e0 4c 01 e8 48 89 44 24 08 48 8b 04 24 <0f> b6 00 84 c0 74 08 3c 03 0f 8e 96 03 00 00 41 8b 1f 31 ff 31 ed [ 39.131153][ T3621] RSP: 0018:ffffc9000330faa8 EFLAGS: 00010286 [ 39.137206][ T3621] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000004 [ 39.145251][ T3621] RDX: ffff888074e08000 RSI: ffffffff83ea0f82 RDI: 0000000000000005 [ 39.153384][ T3621] RBP: ffff888017238000 R08: 0000000000000005 R09: 000000000000003f [ 39.161606][ T3621] R10: 0000000000000004 R11: 0000000000000001 R12: ffffc9000330fb60 [ 39.169565][ T3621] R13: ffff8880737a0000 R14: ffff88801d33e800 R15: 0000000000000000 [ 39.177614][ T3621] FS: 00007febbf900700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 39.186622][ T3621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.193279][ T3621] CR2: 00007febbf9858b0 CR3: 000000007f541000 CR4: 0000000000350ee0 [ 39.201247][ T3621] Call Trace: [ 39.204515][ T3621] [ 39.207435][ T3621] ? _raw_spin_unlock_irq+0x1f/0x40 [ 39.212633][ T3621] blk_mq_sched_free_rqs+0x1d4/0x250 [ 39.218263][ T3621] ? blk_mq_sched_insert_requests+0x9a0/0x9a0 [ 39.224322][ T3621] ? kobject_put+0xb9/0x540 [ 39.228901][ T3621] ? kobject_del+0x44/0x60 [ 39.233392][ T3621] elevator_switch_mq+0xc2/0x6c0 [ 39.238323][ T3621] blk_mq_update_nr_hw_queues+0x3ee/0xdf0 [ 39.244330][ T3621] ? blk_mq_init_queue+0x140/0x140 [ 39.249691][ T3621] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 39.255581][ T3621] nbd_start_device+0x153/0xc30 [ 39.260431][ T3621] ? bpf_lsm_capable+0x5/0x10 [ 39.265097][ T3621] ? security_capable+0x8f/0xc0 [ 39.269940][ T3621] nbd_ioctl+0x5a5/0xbd0 [ 39.274259][ T3621] ? blkdev_bszset+0x1f0/0x1f0 [ 39.279013][ T3621] ? nbd_start_device+0xc30/0xc30 [ 39.284204][ T3621] ? find_held_lock+0x2d/0x110 [ 39.288960][ T3621] ? ptrace_notify+0xfa/0x140 [ 39.293626][ T3621] ? nbd_start_device+0xc30/0xc30 [ 39.298642][ T3621] blkdev_ioctl+0x36e/0x800 [ 39.303135][ T3621] ? blkdev_common_ioctl+0x1a50/0x1a50 [ 39.308584][ T3621] ? bpf_lsm_file_ioctl+0x5/0x10 [ 39.313512][ T3621] ? blkdev_common_ioctl+0x1a50/0x1a50 [ 39.318964][ T3621] __x64_sys_ioctl+0x193/0x200 [ 39.323721][ T3621] do_syscall_64+0x35/0xb0 [ 39.328130][ T3621] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 39.334014][ T3621] RIP: 0033:0x7febbf953369 [ 39.338417][ T3621] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 39.358454][ T3621] RSP: 002b:00007febbf9002e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 39.366860][ T3621] RAX: ffffffffffffffda RBX: 00007febbf9d84e0 RCX: 00007febbf953369 [pid 3621] ioctl(7, NBD_DO_IT [pid 3620] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 39.374819][ T3621] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000007 [ 39.383215][ T3621] RBP: 00007febbf9a5194 R08: 0000000000000002 R09: 0000000000003431 [ 39.391262][ T3621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007febbf9d84ec [ 39.399312][ T3621] R13: 00007febbf9002f0 R14: 00007febbf9d84e8 R15: 0000000000000002 [ 39.407454][ T3621] [ 39.410579][ T3621] Modules linked in: [ 39.414660][ T3621] ---[ end trace 0000000000000000 ]--- [ 39.420473][ T3621] RIP: 0010:blk_mq_free_rqs+0x3f8/0x960 [ 39.426177][ T3621] Code: de e8 ec 6f 90 fd 83 fb 3f 0f 87 6a 46 58 05 e8 9e 73 90 fd b8 00 10 00 00 89 d9 48 d3 e0 4c 01 e8 48 89 44 24 08 48 8b 04 24 <0f> b6 00 84 c0 74 08 3c 03 0f 8e 96 03 00 00 41 8b 1f 31 ff 31 ed [ 39.445925][ T3621] RSP: 0018:ffffc9000330faa8 EFLAGS: 00010286 [ 39.452014][ T3621] RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000004 [ 39.460020][ T3621] RDX: ffff888074e08000 RSI: ffffffff83ea0f82 RDI: 0000000000000005 [ 39.468010][ T3621] RBP: ffff888017238000 R08: 0000000000000005 R09: 000000000000003f [ 39.476265][ T3621] R10: 0000000000000004 R11: 0000000000000001 R12: ffffc9000330fb60 [ 39.484245][ T3621] R13: ffff8880737a0000 R14: ffff88801d33e800 R15: 0000000000000000 [ 39.492258][ T3621] FS: 00007febbf900700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 39.501228][ T3621] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.507894][ T3621] CR2: 00007febbf994510 CR3: 000000007f541000 CR4: 0000000000350ee0 [ 39.515912][ T3621] Kernel panic - not syncing: Fatal exception [ 39.522468][ T3621] Kernel Offset: disabled [ 39.526802][ T3621] Rebooting in 86400 seconds..