./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2714751318 <...> [ 28.951857][ T3184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.969715][ T3184] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 36.009324][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 36.009334][ T27] audit: type=1400 audit(1664495475.535:73): avc: denied { transition } for pid=3388 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 36.043151][ T27] audit: type=1400 audit(1664495475.565:74): avc: denied { write } for pid=3388 comm="sh" path="pipe:[28465]" dev="pipefs" ino=28465 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.194' (ECDSA) to the list of known hosts. execve("./syz-executor2714751318", ["./syz-executor2714751318"], 0x7ffdd187e600 /* 10 vars */) = 0 brk(NULL) = 0x55555707b000 brk(0x55555707bc40) = 0x55555707bc40 arch_prctl(ARCH_SET_FS, 0x55555707b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2714751318", 4096) = 28 brk(0x55555709cc40) = 0x55555709cc40 brk(0x55555709d000) = 0x55555709d000 mprotect(0x7f6ecdaf8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555707b5d0) = 3605 ./strace-static-x86_64: Process 3605 attached [pid 3605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3605] setpgid(0, 0) = 0 [pid 3605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3605] write(3, "1000", 4) = 4 [pid 3605] close(3) = 0 [pid 3605] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY|O_CLOEXEC) = 3 [pid 3605] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 3605] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [ 45.612136][ T27] audit: type=1400 audit(1664495485.135:75): avc: denied { execmem } for pid=3604 comm="syz-executor271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 45.632490][ T27] audit: type=1400 audit(1664495485.135:76): avc: denied { read } for pid=3605 comm="syz-executor271" name="nbd0" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 3605] ioctl(6, NBD_SET_SOCK, 4) = 0 [pid 3605] ioctl(6, NBD_SET_SIZE_BLOCKS, 1023) = 0 [ 45.656498][ T27] audit: type=1400 audit(1664495485.135:77): avc: denied { open } for pid=3605 comm="syz-executor271" path="/dev/nbd0" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.680777][ T27] audit: type=1400 audit(1664495485.135:78): avc: denied { ioctl } for pid=3605 comm="syz-executor271" path="/dev/nbd0" dev="devtmpfs" ino=660 ioctlcmd=0xab00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 45.708618][ T3605] nbd0: detected capacity change from 0 to 2046 [pid 3605] ioctl(3, NBD_DO_IT [pid 3604] kill(-3605, SIGKILL) = 0 [pid 3605] <... ioctl resumed>) = ? [pid 3604] kill(3605, SIGKILL) = 0 [ 50.618506][ T3605] block nbd0: shutting down sockets [pid 3604] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3604] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3604] getdents64(3, 0x55555707c620 /* 2 entries */, 32768) = 48 [pid 3604] getdents64(3, 0x55555707c620 /* 0 entries */, 32768) = 0 [pid 3604] close(3) = 0 [ 76.199739][ T14] cfg80211: failed to load regulatory.db [ 76.208129][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 30 seconds [ 106.278005][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 60 seconds [ 108.003364][ T2971] udevd[2971]: worker [3607] /devices/virtual/block/nbd0 is taking a long time [ 136.357974][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 90 seconds [ 166.438079][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 120 seconds [ 196.518031][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 150 seconds [ 226.598052][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 180 seconds [ 228.358042][ T2971] udevd[2971]: worker [3607] /devices/virtual/block/nbd0 timeout; kill it [ 228.367211][ T2971] udevd[2971]: seq 7461 '/devices/virtual/block/nbd0' killed [ 256.678056][ T9] block nbd0: Possible stuck request ffff88801e530000: control (read@0,4096B). Runtime 210 seconds [ 286.118005][ T28] INFO: task syz-executor271:3605 blocked for more than 143 seconds. [ 286.126169][ T28] Not tainted 6.0.0-rc7-syzkaller-00130-g511cce163b75 #0 [ 286.133964][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.142753][ T28] task:syz-executor271 state:D stack:27832 pid: 3605 ppid: 3604 flags:0x00004006 [ 286.152297][ T28] Call Trace: [ 286.155602][ T28] [ 286.158582][ T28] __schedule+0xadf/0x52b0 [ 286.163104][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.168499][ T28] schedule+0xda/0x1b0 [ 286.172584][ T28] schedule_preempt_disabled+0xf/0x20 [ 286.178002][ T28] __mutex_lock+0xa44/0x1350 [ 286.182608][ T28] ? blkdev_put+0xbc/0x770 [ 286.187102][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 286.192759][ T28] ? locks_check_ctx_file_list+0x1d/0x110 [ 286.198590][ T28] ? do_raw_spin_unlock+0x171/0x230 [ 286.203779][ T28] ? _raw_spin_unlock+0x24/0x40 [ 286.208758][ T28] ? locks_remove_file+0x2f7/0x570 [ 286.213912][ T28] blkdev_put+0xbc/0x770 [ 286.218196][ T28] blkdev_close+0x64/0x80 [ 286.222538][ T28] __fput+0x277/0x9d0 [ 286.226518][ T28] ? blkdev_fsync+0xa0/0xa0 [ 286.231117][ T28] task_work_run+0xdd/0x1a0 [ 286.235637][ T28] do_exit+0xad5/0x29b0 [ 286.239834][ T28] ? find_held_lock+0x2d/0x110 [ 286.244614][ T28] ? mm_update_next_owner+0x7a0/0x7a0 [ 286.250076][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.254937][ T28] do_group_exit+0xd2/0x2f0 [ 286.259522][ T28] get_signal+0x238c/0x2610 [ 286.264056][ T28] ? map_id_up+0x178/0x2f0 [ 286.268604][ T28] ? exit_signals+0x8b0/0x8b0 [ 286.273303][ T28] ? __task_pid_nr_ns+0x168/0x4b0 [ 286.278374][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.283242][ T28] arch_do_signal_or_restart+0x82/0x2300 [ 286.289294][ T28] ? find_held_lock+0x2d/0x110 [ 286.294089][ T28] ? get_sigframe_size+0x10/0x10 [ 286.299080][ T28] ? ptrace_notify+0xfa/0x140 [ 286.303780][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.308925][ T28] ? send_sig+0xfe/0x160 [ 286.313183][ T28] ? send_sig_info+0x140/0x140 [ 286.317991][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.323206][ T28] ? exit_to_user_mode_prepare+0x137/0x250 [ 286.329105][ T28] exit_to_user_mode_prepare+0x15f/0x250 [ 286.334760][ T28] syscall_exit_to_user_mode+0x19/0x50 [ 286.340278][ T28] do_syscall_64+0x42/0xb0 [ 286.344732][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.350674][ T28] RIP: 0033:0x7f6ecda8b6b9 [ 286.355102][ T28] RSP: 002b:00007ffcb2e459e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.363587][ T28] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007f6ecda8b6b9 [ 286.371602][ T28] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 286.379621][ T28] RBP: 0000000000000000 R08: 00007ffcb2e45b88 R09: 00007ffcb2e45b88 [ 286.387604][ T28] R10: 00007ffcb2e45b88 R11: 0000000000000246 R12: 00007f6ecda4a740 [ 286.395643][ T28] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 286.403664][ T28] [ 286.406728][ T28] [ 286.406728][ T28] Showing all locks held in the system: [ 286.414518][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.419838][ T28] #0: ffffffff8bf85db0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.430323][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.435607][ T28] #0: ffffffff8bf85ab0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.446620][ T28] 1 lock held by khungtaskd/28: [ 286.451502][ T28] #0: ffffffff8bf86900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.461433][ T28] 2 locks held by getty/3284: [ 286.466111][ T28] #0: ffff8880280e5098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.475941][ T28] #1: ffffc90001c282f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 286.486137][ T28] 1 lock held by syz-executor271/3605: [ 286.491626][ T28] #0: ffff88801ccfa4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xbc/0x770 [ 286.500995][ T28] 1 lock held by udevd/3607: [ 286.505568][ T28] #0: ffff88801ccfa4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x9b/0xb90 [ 286.516177][ T28] [ 286.518618][ T28] ============================================= [ 286.518618][ T28] [ 286.527054][ T28] NMI backtrace for cpu 0 [ 286.531369][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc7-syzkaller-00130-g511cce163b75 #0 [ 286.541445][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.551575][ T28] Call Trace: [ 286.554840][ T28] [ 286.557759][ T28] dump_stack_lvl+0xcd/0x134 [ 286.562392][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 286.567665][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.572855][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 286.578854][ T28] watchdog+0xc18/0xf50 [ 286.582998][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.588986][ T28] kthread+0x2e4/0x3a0 [ 286.593049][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.598670][ T28] ret_from_fork+0x1f/0x30 [ 286.603093][ T28] [ 286.606299][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.611644][ C1] NMI backtrace for cpu 1 [ 286.611654][ C1] CPU: 1 PID: 8 Comm: kworker/u4:0 Not tainted 6.0.0-rc7-syzkaller-00130-g511cce163b75 #0 [ 286.611675][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.611686][ C1] Workqueue: 0x0 (events_unbound) [ 286.611708][ C1] RIP: 0010:match_held_lock+0x78/0xc0 [ 286.611730][ C1] Code: 20 81 e2 ff 1f 00 00 48 39 d0 0f 94 c0 48 83 c4 08 0f b6 c0 5b c3 31 f6 e8 c5 fe ff ff 48 85 c0 75 b2 31 c0 48 83 c4 08 5b c3 <48> 83 c4 08 b8 01 00 00 00 5b c3 e8 58 aa 7a fa 85 c0 74 e4 8b 05 [ 286.611747][ C1] RSP: 0018:ffffc900002efc90 EFLAGS: 00000046 [ 286.611761][ C1] RAX: 0000000000000000 RBX: ffff8880121d0c78 RCX: 0000000000000001 [ 286.611773][ C1] RDX: 0000000000000000 RSI: ffff8880b9b3a018 RDI: ffff8880121d0c78 [ 286.611786][ C1] RBP: ffff8880b9b3a018 R08: 0000000000000000 R09: ffffffff8dde4217 [ 286.611798][ C1] R10: fffffbfff1bbc842 R11: 0000000000000001 R12: ffff8880121d0200 [ 286.611815][ C1] R13: ffff8880121d0c78 R14: 00000000ffffffff R15: ffff8880121d0c78 [ 286.611828][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 286.611846][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.611861][ C1] CR2: 0000563fd9385ef8 CR3: 000000000bc8e000 CR4: 00000000003506e0 [ 286.611873][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.611884][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.611896][ C1] Call Trace: [ 286.611900][ C1] [ 286.611906][ C1] lock_is_held_type+0xa7/0x140 [ 286.611925][ C1] __schedule+0x65f/0x52b0 [ 286.611947][ C1] ? worker_thread+0x70/0x1080 [ 286.611968][ C1] ? io_schedule_timeout+0x140/0x140 [ 286.611990][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 286.612010][ C1] schedule+0xda/0x1b0 [ 286.612030][ C1] worker_thread+0x15c/0x1080 [ 286.612052][ C1] ? process_one_work+0x1610/0x1610 [ 286.612072][ C1] kthread+0x2e4/0x3a0 [ 286.612089][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 286.612109][ C1] ret_from_fork+0x1f/0x30 [ 286.612132][ C1] [ 286.612745][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.820258][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc7-syzkaller-00130-g511cce163b75 #0 [ 286.830067][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.840295][ T28] Call Trace: [ 286.843579][ T28] [ 286.846505][ T28] dump_stack_lvl+0xcd/0x134 [ 286.851098][ T28] panic+0x2c8/0x627 [ 286.855016][ T28] ? panic_print_sys_info.part.0+0x10b/0x10b [ 286.860999][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.866198][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 286.871571][ T28] ? watchdog.cold+0x130/0x158 [ 286.876348][ T28] watchdog.cold+0x141/0x158 [ 286.880940][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.886932][ T28] kthread+0x2e4/0x3a0 [ 286.891000][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.896631][ T28] ret_from_fork+0x1f/0x30 [ 286.901053][ T28] [ 286.904368][ T28] Kernel Offset: disabled [ 286.908691][ T28] Rebooting in 86400 seconds..