./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3172657479 <...> [ 30.301457][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.317197][ T3188] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 41.242876][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 41.242904][ T27] audit: type=1400 audit(1665142199.103:73): avc: denied { transition } for pid=3395 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 41.272105][ T27] audit: type=1400 audit(1665142199.113:74): avc: denied { write } for pid=3395 comm="sh" path="pipe:[27976]" dev="pipefs" ino=27976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. execve("./syz-executor3172657479", ["./syz-executor3172657479"], 0x7ffcac3492d0 /* 10 vars */) = 0 brk(NULL) = 0x555556a38000 brk(0x555556a38c40) = 0x555556a38c40 arch_prctl(ARCH_SET_FS, 0x555556a38300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3172657479", 4096) = 28 brk(0x555556a59c40) = 0x555556a59c40 brk(0x555556a5a000) = 0x555556a5a000 mprotect(0x7f66bc0bc000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a385d0) = 3609 ./strace-static-x86_64: Process 3609 attached [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3609] ioctl(3, NBD_SET_SIZE_BLOCKS, 1) = 0 [pid 3609] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [ 58.742654][ T27] audit: type=1400 audit(1665142216.603:75): avc: denied { execmem } for pid=3608 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 58.768376][ T27] audit: type=1400 audit(1665142216.633:76): avc: denied { read } for pid=3609 comm="syz-executor317" name="nbd0" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 3609] ioctl(3, NBD_SET_SOCK, 4) = 0 [pid 3609] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [ 58.792404][ T27] audit: type=1400 audit(1665142216.633:77): avc: denied { open } for pid=3609 comm="syz-executor317" path="/dev/nbd0" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 58.817350][ T27] audit: type=1400 audit(1665142216.633:78): avc: denied { ioctl } for pid=3609 comm="syz-executor317" path="/dev/nbd0" dev="devtmpfs" ino=660 ioctlcmd=0xab07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 58.849420][ T3609] nbd0: detected capacity change from 0 to 2 [pid 3609] ioctl(6, NBD_DO_IT [pid 3608] kill(-3609, SIGKILL) = 0 [pid 3608] kill(3609, SIGKILL) = 0 [pid 3609] <... ioctl resumed>) = ? [ 63.764170][ T3609] block nbd0: shutting down sockets [pid 3608] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3608] getdents64(3, 0x555556a39620 /* 2 entries */, 32768) = 48 [pid 3608] getdents64(3, 0x555556a39620 /* 0 entries */, 32768) = 0 [pid 3608] close(3) = 0 [ 76.257554][ T142] cfg80211: failed to load regulatory.db [ 89.054994][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 30 seconds [ 119.134883][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 60 seconds [ 120.273178][ T2975] udevd[2975]: worker [3611] /devices/virtual/block/nbd0 is taking a long time [ 149.214892][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 90 seconds [ 179.294921][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 120 seconds [ 209.374897][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 150 seconds [ 239.454837][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 180 seconds [ 240.434934][ T2975] udevd[2975]: worker [3611] /devices/virtual/block/nbd0 timeout; kill it [ 240.443624][ T2975] udevd[2975]: seq 7470 '/devices/virtual/block/nbd0' killed [ 269.534880][ T51] block nbd0: Possible stuck request ffff88801ed70000: control (read@0,1024B). Runtime 210 seconds [ 286.174953][ T28] INFO: task syz-executor317:3609 blocked for more than 143 seconds. [ 286.183152][ T28] Not tainted 6.0.0-syzkaller-06205-gffb39098bf87 #0 [ 286.190438][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.199231][ T28] task:syz-executor317 state:D stack:27832 pid: 3609 ppid: 3608 flags:0x00004006 [ 286.208659][ T28] Call Trace: [ 286.211951][ T28] [ 286.215091][ T28] __schedule+0xadf/0x52b0 [ 286.219676][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.225145][ T28] schedule+0xda/0x1b0 [ 286.229233][ T28] schedule_preempt_disabled+0xf/0x20 [ 286.234964][ T28] __mutex_lock+0xa44/0x1350 [ 286.239597][ T28] ? blkdev_put+0xbc/0x770 [ 286.244048][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 286.249838][ T28] ? locks_check_ctx_file_list+0x1d/0x110 [ 286.255725][ T28] ? do_raw_spin_unlock+0x171/0x230 [ 286.261309][ T28] ? _raw_spin_unlock+0x24/0x40 [ 286.266496][ T28] ? locks_remove_file+0x2f7/0x570 [ 286.271637][ T28] blkdev_put+0xbc/0x770 [ 286.276088][ T28] blkdev_close+0x64/0x80 [ 286.280448][ T28] __fput+0x277/0x9d0 [ 286.284423][ T28] ? blkdev_fsync+0xa0/0xa0 [ 286.289184][ T28] task_work_run+0xdd/0x1a0 [ 286.293807][ T28] do_exit+0xad5/0x29b0 [ 286.298168][ T28] ? find_held_lock+0x2d/0x110 [ 286.302973][ T28] ? mm_update_next_owner+0x7a0/0x7a0 [ 286.308686][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.313586][ T28] do_group_exit+0xd2/0x2f0 [ 286.318257][ T28] get_signal+0x2387/0x2610 [ 286.322878][ T28] ? map_id_up+0x178/0x2f0 [ 286.327495][ T28] ? exit_signals+0x8b0/0x8b0 [ 286.332186][ T28] ? __task_pid_nr_ns+0x168/0x4b0 [ 286.337403][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.342282][ T28] arch_do_signal_or_restart+0x82/0x2300 [ 286.348114][ T28] ? find_held_lock+0x2d/0x110 [ 286.352901][ T28] ? get_sigframe_size+0x10/0x10 [ 286.358040][ T28] ? ptrace_notify+0xfa/0x140 [ 286.362747][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.367791][ T28] ? send_sig+0xfe/0x160 [ 286.372094][ T28] ? send_sig_info+0x140/0x140 [ 286.377101][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.382320][ T28] ? exit_to_user_mode_prepare+0x137/0x250 [ 286.388360][ T28] exit_to_user_mode_prepare+0x15f/0x250 [ 286.394009][ T28] syscall_exit_to_user_mode+0x19/0x50 [ 286.399699][ T28] do_syscall_64+0x42/0xb0 [ 286.404138][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.410388][ T28] RIP: 0033:0x7f66bc04f6a9 [ 286.414980][ T28] RSP: 002b:00007ffc26c5fad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.423560][ T28] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f66bc04f6a9 [ 286.431675][ T28] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 [ 286.439726][ T28] RBP: 0000000000000000 R08: 00007ffc26c5fc78 R09: 00007ffc26c5fc78 [ 286.447807][ T28] R10: 000000000000ffff R11: 0000000000000246 R12: 00007f66bc00e730 [ 286.455889][ T28] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 286.464001][ T28] [ 286.467082][ T28] [ 286.467082][ T28] Showing all locks held in the system: [ 286.474866][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.480140][ T28] #0: ffffffff8bf82df0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.490717][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.496036][ T28] #0: ffffffff8bf82af0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.507059][ T28] 1 lock held by khungtaskd/28: [ 286.511915][ T28] #0: ffffffff8bf83940 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.521967][ T28] 2 locks held by getty/3286: [ 286.526674][ T28] #0: ffff88814b574098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.536528][ T28] #1: ffffc900020582f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 286.546684][ T28] 1 lock held by syz-executor317/3609: [ 286.552154][ T28] #0: ffff88801ecb74c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xbc/0x770 [ 286.561517][ T28] 1 lock held by udevd/3611: [ 286.566143][ T28] #0: ffff88801ecb74c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x9b/0xb90 [ 286.576748][ T28] [ 286.579085][ T28] ============================================= [ 286.579085][ T28] [ 286.587555][ T28] NMI backtrace for cpu 1 [ 286.591889][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-syzkaller-06205-gffb39098bf87 #0 [ 286.601351][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.611412][ T28] Call Trace: [ 286.614692][ T28] [ 286.617629][ T28] dump_stack_lvl+0xcd/0x134 [ 286.622303][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 286.627605][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.632820][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 286.638845][ T28] watchdog+0xc18/0xf50 [ 286.643012][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.649004][ T28] kthread+0x2e4/0x3a0 [ 286.653078][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.658716][ T28] ret_from_fork+0x1f/0x30 [ 286.663146][ T28] [ 286.666251][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.671487][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1fd/0x2a0 [ 286.672469][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.687954][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-syzkaller-06205-gffb39098bf87 #0 [ 286.697397][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.707448][ T28] Call Trace: [ 286.710803][ T28] [ 286.713725][ T28] dump_stack_lvl+0xcd/0x134 [ 286.718313][ T28] panic+0x2c8/0x627 [ 286.722197][ T28] ? panic_print_sys_info.part.0+0x10b/0x10b [ 286.728178][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.733366][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 286.738738][ T28] ? watchdog.cold+0x130/0x158 [ 286.743528][ T28] watchdog.cold+0x141/0x158 [ 286.748114][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.754085][ T28] kthread+0x2e4/0x3a0 [ 286.758141][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.763760][ T28] ret_from_fork+0x1f/0x30 [ 286.768170][ T28] [ 286.771480][ T28] Kernel Offset: disabled [ 286.775814][ T28] Rebooting in 86400 seconds..