./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor642404544 <...> Warning: Permanently added '10.128.0.153' (ED25519) to the list of known hosts. execve("./syz-executor642404544", ["./syz-executor642404544"], 0x7ffdfa674560 /* 10 vars */) = 0 brk(NULL) = 0x55555d4da000 brk(0x55555d4dad00) = 0x55555d4dad00 arch_prctl(ARCH_SET_FS, 0x55555d4da380) = 0 set_tid_address(0x55555d4da650) = 5840 set_robust_list(0x55555d4da660, 24) = 0 rseq(0x55555d4daca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor642404544", 4096) = 27 getrandom("\x11\xe8\x00\x95\xb8\x67\xd4\xe5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555d4dad00 brk(0x55555d4fbd00) = 0x55555d4fbd00 brk(0x55555d4fc000) = 0x55555d4fc000 mprotect(0x7fee2811e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d4da650) = 5841 ./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x55555d4da660, 24) = 0 [pid 5841] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5841] setpgid(0, 0) = 0 [pid 5841] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5841] write(3, "1000", 4) = 4 [pid 5841] close(3) = 0 [pid 5841] write(1, "executing program\n", 18executing program ) = 18 [ 280.331284][ T29] audit: type=1400 audit(1733627681.909:88): avc: denied { execmem } for pid=5840 comm="syz-executor642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5841] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5841] socket(AF_INET, SOCK_SEQPACKET, IPPROTO_IP) = 4 [ 280.398018][ T29] audit: type=1400 audit(1733627681.979:89): avc: denied { read } for pid=5841 comm="syz-executor642" name="nbd0" dev="devtmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 280.421923][ T29] audit: type=1400 audit(1733627681.979:90): avc: denied { open } for pid=5841 comm="syz-executor642" path="/dev/nbd0" dev="devtmpfs" ino=679 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 280.446073][ T29] audit: type=1400 audit(1733627681.979:91): avc: denied { ioctl } for pid=5841 comm="syz-executor642" path="/dev/nbd0" dev="devtmpfs" ino=679 ioctlcmd=0xab00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5841] ioctl(3, NBD_SET_SOCK, 4) = 0 [pid 5841] listen(4, 7757) = 0 [ 280.533421][ T29] audit: type=1400 audit(1733627682.119:92): avc: denied { module_request } for pid=5841 comm="syz-executor642" kmod="crypto-hmac(md5)" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [pid 5841] ioctl(3, NBD_DO_IT [pid 5840] kill(-5841, SIGKILL) = 0 [pid 5840] kill(5841, SIGKILL) = 0 [ 285.365750][ T5841] block nbd0: shutting down sockets [pid 5840] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5840] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5840] getdents64(3, 0x55555d4db6f0 /* 2 entries */, 32768) = 48 [pid 5840] getdents64(3, 0x55555d4db6f0 /* 0 entries */, 32768) = 0 [pid 5840] close(3) = 0 [ 429.391634][ T30] INFO: task syz-executor642:5841 blocked for more than 143 seconds. [ 429.399749][ T30] Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 429.407464][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.416255][ T30] task:syz-executor642 state:D stack:25648 pid:5841 tgid:5841 ppid:5840 flags:0x00004006 [ 429.426496][ T30] Call Trace: [ 429.429774][ T30] [ 429.432720][ T30] __schedule+0xe58/0x5ad0 [ 429.437164][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 429.442369][ T30] ? __lock_acquire+0x15a9/0x3c40 [ 429.447406][ T30] ? __pfx___schedule+0x10/0x10 [ 429.452266][ T30] ? schedule+0x298/0x350 [ 429.456603][ T30] ? __pfx_lock_release+0x10/0x10 [ 429.461652][ T30] ? lock_acquire+0x2f/0xb0 [ 429.466154][ T30] ? schedule+0x1fd/0x350 [ 429.470461][ T30] schedule+0xe7/0x350 [ 429.474557][ T30] schedule_timeout+0x244/0x280 [ 429.479403][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 429.484791][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 429.489991][ T30] __wait_for_common+0x3e1/0x600 [ 429.494948][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 429.500311][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 429.505772][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 429.510989][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 429.516821][ T30] ? check_flush_dependency+0x86/0x450 [ 429.522323][ T30] __flush_workqueue+0x39e/0x1200 [ 429.527353][ T30] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 429.533196][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.538404][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 429.543906][ T30] ? blk_mq_unquiesce_queue+0xbf/0x100 [ 429.549368][ T30] nbd_ioctl+0x308/0xfd0 [ 429.553640][ T30] ? __pfx_nbd_ioctl+0x10/0x10 [ 429.558400][ T30] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 429.565284][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 429.571352][ T30] ? __pfx_nbd_ioctl+0x10/0x10 [ 429.576130][ T30] blkdev_ioctl+0x276/0x6d0 [ 429.580637][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 429.585668][ T30] ? selinux_file_ioctl+0x180/0x270 [ 429.590864][ T30] ? selinux_file_ioctl+0xb4/0x270 [ 429.595981][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 429.600997][ T30] __x64_sys_ioctl+0x190/0x200 [ 429.605769][ T30] do_syscall_64+0xcd/0x250 [ 429.610272][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.616177][ T30] RIP: 0033:0x7fee280ab879 [ 429.620596][ T30] RSP: 002b:00007ffc772252b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.629015][ T30] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fee280ab879 [ 429.636997][ T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 429.644967][ T30] RBP: 00007fee2811e5f0 R08: 0000000000000006 R09: 0000000000000006 [ 429.652975][ T30] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000001 [ 429.660952][ T30] R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 [ 429.668959][ T30] [ 429.672019][ T30] [ 429.672019][ T30] Showing all locks held in the system: [ 429.679733][ T30] 1 lock held by khungtaskd/30: [ 429.684607][ T30] #0: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 429.694523][ T30] 2 locks held by kworker/u9:1/5142: [ 429.699780][ T30] #0: ffff888025bb9148 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 [ 429.710478][ T30] #1: ffffc9000f5e7d80 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 429.721652][ T30] 2 locks held by getty/5574: [ 429.726307][ T30] #0: ffff888031f420a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 429.736067][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 429.746199][ T30] [ 429.748498][ T30] ============================================= [ 429.748498][ T30] [ 429.756905][ T30] NMI backtrace for cpu 0 [ 429.761230][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 429.771706][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 429.781731][ T30] Call Trace: [ 429.784983][ T30] [ 429.787888][ T30] dump_stack_lvl+0x116/0x1f0 [ 429.792545][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 429.797471][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 429.803437][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 429.809395][ T30] watchdog+0xf14/0x1240 [ 429.813624][ T30] ? __pfx_watchdog+0x10/0x10 [ 429.818289][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 429.823480][ T30] ? __kthread_parkme+0x148/0x220 [ 429.828498][ T30] ? __pfx_watchdog+0x10/0x10 [ 429.833161][ T30] kthread+0x2c1/0x3a0 [ 429.837222][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 429.842409][ T30] ? __pfx_kthread+0x10/0x10 [ 429.846999][ T30] ret_from_fork+0x45/0x80 [ 429.851402][ T30] ? __pfx_kthread+0x10/0x10 [ 429.855986][ T30] ret_from_fork_asm+0x1a/0x30 [ 429.860748][ T30] [ 429.863808][ T30] Sending NMI from CPU 0 to CPUs 1: [ 429.869007][ C1] NMI backtrace for cpu 1 [ 429.869016][ C1] CPU: 1 UID: 0 PID: 2936 Comm: kworker/u8:8 Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 429.869031][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 429.869039][ C1] Workqueue: events_unbound toggle_allocation_gate [ 429.869058][ C1] RIP: 0010:kasan_check_range+0x10e/0x1a0 [ 429.869077][ C1] Code: 00 7c 0b 44 89 c2 e8 e1 ea ff ff 83 f0 01 5b 5d 41 5c c3 cc cc cc cc 48 85 d2 74 4f 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 41 <80> 38 00 74 f2 eb b2 41 bc 08 00 00 00 45 29 dc 49 8d 14 2c eb 0c [ 429.869088][ C1] RSP: 0018:ffffc9000c2777b0 EFLAGS: 00000086 [ 429.869098][ C1] RAX: fffffbfff2dca59b RBX: fffffbfff2dca59c RCX: ffffffff8175c37e [ 429.869110][ C1] RDX: fffffbfff2dca59c RSI: 0000000000000008 RDI: ffffffff96e52cd8 [ 429.869118][ C1] RBP: fffffbfff2dca59b R08: 0000000000000000 R09: fffffbfff2dca59b [ 429.869126][ C1] R10: ffffffff96e52cdf R11: 0000000000000006 R12: ffff888030db0000 [ 429.869134][ C1] R13: 0000000000000040 R14: 0000000000000006 R15: 1ffff9200184ef02 [ 429.869141][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 429.869155][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 429.869164][ C1] CR2: 0000556aa8767680 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 429.869172][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 429.869179][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 429.869187][ C1] Call Trace: [ 429.869191][ C1] [ 429.869196][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 429.869210][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 429.869222][ C1] ? nmi_handle+0x1ac/0x5d0 [ 429.869237][ C1] ? kasan_check_range+0x10e/0x1a0 [ 429.869253][ C1] ? default_do_nmi+0x6a/0x160 [ 429.869266][ C1] ? exc_nmi+0x170/0x1e0 [ 429.869278][ C1] ? end_repeat_nmi+0xf/0x53 [ 429.869297][ C1] ? hlock_class+0x4e/0x130 [ 429.869315][ C1] ? kasan_check_range+0x10e/0x1a0 [ 429.869331][ C1] ? kasan_check_range+0x10e/0x1a0 [ 429.869348][ C1] ? kasan_check_range+0x10e/0x1a0 [ 429.869365][ C1] [ 429.869369][ C1] [ 429.869374][ C1] hlock_class+0x4e/0x130 [ 429.869389][ C1] mark_lock+0xb5/0xc60 [ 429.869401][ C1] ? rcu_is_watching+0x12/0xc0 [ 429.869419][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 429.869434][ C1] ? __pfx_mark_lock+0x10/0x10 [ 429.869446][ C1] ? lock_acquire+0x2f/0xb0 [ 429.869458][ C1] ? __page_table_check_pte_clear+0xb1/0x580 [ 429.869474][ C1] ? __pfx___page_table_check_pte_clear+0x10/0x10 [ 429.869490][ C1] ? __pte_offset_map_lock+0x156/0x300 [ 429.869509][ C1] ? rcu_is_watching+0x12/0xc0 [ 429.869526][ C1] mark_held_locks+0x9f/0xe0 [ 429.869539][ C1] lockdep_hardirqs_on_prepare+0x27a/0x420 [ 429.869553][ C1] ? kmem_cache_alloc_lru_noprof+0x8b/0x3d0 [ 429.869567][ C1] trace_hardirqs_on+0x36/0x40 [ 429.869582][ C1] __text_poke+0x8d5/0xca0 [ 429.869597][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 429.869614][ C1] ? __pfx___text_poke+0x10/0x10 [ 429.869629][ C1] ? kmem_cache_alloc_lru_noprof+0x8b/0x3d0 [ 429.869644][ C1] text_poke_bp_batch+0x493/0x760 [ 429.869661][ C1] ? __kmalloc_node_track_caller_noprof+0xe5/0x510 [ 429.869677][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 429.869692][ C1] ? __jump_label_patch+0x1db/0x400 [ 429.869710][ C1] ? arch_jump_label_transform_queue+0xc0/0x120 [ 429.869729][ C1] text_poke_finish+0x30/0x40 [ 429.869745][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 429.869763][ C1] jump_label_update+0x1d7/0x400 [ 429.869781][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 429.869799][ C1] static_key_enable+0x1a/0x20 [ 429.869816][ C1] toggle_allocation_gate+0xfc/0x260 [ 429.869830][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 429.869844][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 429.869861][ C1] ? process_one_work+0x921/0x1ba0 [ 429.869875][ C1] ? lock_acquire+0x2f/0xb0 [ 429.869887][ C1] ? process_one_work+0x921/0x1ba0 [ 429.869901][ C1] process_one_work+0x9c5/0x1ba0 [ 429.869917][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 429.869931][ C1] ? __pfx_process_one_work+0x10/0x10 [ 429.869943][ C1] ? rcu_is_watching+0x12/0xc0 [ 429.869961][ C1] ? assign_work+0x1a0/0x250 [ 429.869974][ C1] worker_thread+0x6c8/0xf00 [ 429.869990][ C1] ? __pfx_worker_thread+0x10/0x10 [ 429.870004][ C1] kthread+0x2c1/0x3a0 [ 429.870018][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 429.870032][ C1] ? __pfx_kthread+0x10/0x10 [ 429.870048][ C1] ret_from_fork+0x45/0x80 [ 429.870059][ C1] ? __pfx_kthread+0x10/0x10 [ 429.870075][ C1] ret_from_fork_asm+0x1a/0x30 [ 429.870096][ C1] [ 429.870101][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.093 msecs [ 429.871007][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 430.335178][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc1-syzkaller-00337-g7503345ac5f5 #0 [ 430.345646][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 430.355681][ T30] Call Trace: [ 430.358933][ T30] [ 430.361840][ T30] dump_stack_lvl+0x3d/0x1f0 [ 430.366411][ T30] panic+0x71d/0x800 [ 430.370284][ T30] ? __pfx_panic+0x10/0x10 [ 430.374676][ T30] ? __irq_work_queue_local+0xdd/0x460 [ 430.380106][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 430.386055][ T30] ? irq_work_queue+0x2a/0x80 [ 430.390703][ T30] ? watchdog+0xd7e/0x1240 [ 430.395097][ T30] ? watchdog+0xd71/0x1240 [ 430.399493][ T30] watchdog+0xd8f/0x1240 [ 430.403710][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.408358][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 430.413535][ T30] ? __kthread_parkme+0x148/0x220 [ 430.418534][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.423182][ T30] kthread+0x2c1/0x3a0 [ 430.427222][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.432389][ T30] ? __pfx_kthread+0x10/0x10 [ 430.436952][ T30] ret_from_fork+0x45/0x80 [ 430.441339][ T30] ? __pfx_kthread+0x10/0x10 [ 430.445902][ T30] ret_from_fork_asm+0x1a/0x30 [ 430.450645][ T30] [ 430.453866][ T30] Kernel Offset: disabled [ 430.458167][ T30] Rebooting in 86400 seconds..