./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1906504416 <...> no interfaces have a carrier [ 30.774387][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 39.782868][ T27] kauditd_printk_skb: 37 callbacks suppressed [ 39.782879][ T27] audit: type=1400 audit(1662630968.905:73): avc: denied { transition } for pid=3393 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.812936][ T27] audit: type=1400 audit(1662630968.935:74): avc: denied { write } for pid=3393 comm="sh" path="pipe:[28266]" dev="pipefs" ino=28266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.1.89' (ECDSA) to the list of known hosts. execve("./syz-executor1906504416", ["./syz-executor1906504416"], 0x7ffe0bd59590 /* 10 vars */) = 0 brk(NULL) = 0x555557217000 brk(0x555557217c40) = 0x555557217c40 arch_prctl(ARCH_SET_FS, 0x555557217300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1906504416", 4096) = 28 brk(0x555557238c40) = 0x555557238c40 brk(0x555557239000) = 0x555557239000 mprotect(0x7feb3a3f9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555572175d0) = 3607 ./strace-static-x86_64: Process 3607 attached [pid 3607] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setsid() = 1 [pid 3607] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_CORE, {rlim_cur=0, rlim_max=0}, NULL) = 0 [pid 3607] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 3607] unshare(CLONE_NEWNS) = 0 [pid 3607] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 3607] unshare(CLONE_NEWIPC) = 0 [pid 3607] unshare(CLONE_NEWCGROUP) = 0 [pid 3607] unshare(CLONE_NEWUTS) = 0 [pid 3607] unshare(CLONE_SYSVSEM) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "16777216", 8) = 8 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "536870912", 9) = 9 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [ 48.940721][ T27] audit: type=1400 audit(1662630978.065:75): avc: denied { execmem } for pid=3606 comm="syz-executor190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 48.962846][ T27] audit: type=1400 audit(1662630978.085:76): avc: denied { mounton } for pid=3607 comm="syz-executor190" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "8192", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1024 1048576 500 1024", 21) = 21 [pid 3607] close(3) = 0 [pid 3607] getpid() = 1 [pid 3607] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 3607] kill(-2, SIGKILL) = 0 [pid 3607] kill(2, SIGKILL) = 0 [pid 3607] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3607] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3607] getdents64(3, 0x555557218620 /* 2 entries */, 32768) = 48 [pid 3607] getdents64(3, 0x555557218620 /* 0 entries */, 32768) = 0 [pid 3607] close(3) = 0 [ 76.419661][ T14] cfg80211: failed to load regulatory.db [ 286.328154][ T28] INFO: task syz-executor190:3622 blocked for more than 143 seconds. [ 286.336580][ T28] Not tainted 6.0.0-rc4-syzkaller-00062-g0066f1b0e275 #0 [ 286.347562][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.356308][ T28] task:syz-executor190 state:D stack:25904 pid: 3622 ppid: 3607 flags:0x00004006 [ 286.365908][ T28] Call Trace: [ 286.370131][ T28] [ 286.373255][ T28] __schedule+0xadf/0x52b0 [ 286.378050][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.384087][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.390095][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.396134][ T28] schedule+0xda/0x1b0 [ 286.400328][ T28] schedule_timeout+0x1db/0x2a0 [ 286.405321][ T28] ? usleep_range_state+0x1b0/0x1b0 [ 286.410623][ T28] ? __wait_for_common+0x1b5/0x530 [ 286.415852][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.421462][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.426577][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.433277][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.438707][ T28] __wait_for_common+0x1be/0x530 [ 286.443660][ T28] ? usleep_range_state+0x1b0/0x1b0 [ 286.449891][ T28] ? bit_wait_timeout+0x160/0x160 [ 286.454931][ T28] ? lockdep_hardirqs_off+0x90/0xd0 [ 286.460448][ T28] __flush_work+0x56c/0xb10 [ 286.464960][ T28] ? queue_delayed_work_on+0x120/0x120 [ 286.471360][ T28] ? flush_workqueue_prep_pwqs+0x4f0/0x4f0 [ 286.477174][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.482026][ T28] ? __cancel_work_timer+0x408/0x570 [ 286.487599][ T28] __cancel_work_timer+0x3f9/0x570 [ 286.492749][ T28] ? cancel_delayed_work+0x20/0x20 [ 286.498480][ T28] ? lock_release+0x780/0x780 [ 286.503262][ T28] tls_sk_proto_close+0x4a7/0xaf0 [ 286.508718][ T28] ? wait_on_pending_writer+0x440/0x440 [ 286.514325][ T28] ? ip_mc_drop_socket+0x16/0x260 [ 286.519842][ T28] inet_release+0x12e/0x270 [ 286.525061][ T28] inet6_release+0x4c/0x70 [ 286.530365][ T28] __sock_release+0xcd/0x280 [ 286.535478][ T28] sock_close+0x18/0x20 [ 286.540364][ T28] __fput+0x277/0x9d0 [ 286.544487][ T28] ? __sock_release+0x280/0x280 [ 286.549433][ T28] task_work_run+0xdd/0x1a0 [ 286.553976][ T28] ptrace_notify+0x114/0x140 [ 286.558693][ T28] syscall_exit_to_user_mode_prepare+0x129/0x280 [ 286.565056][ T28] syscall_exit_to_user_mode+0x9/0x50 [ 286.570540][ T28] do_syscall_64+0x42/0xb0 [ 286.575013][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.581005][ T28] RIP: 0033:0x7feb3a347743 [ 286.585609][ T28] RSP: 002b:00007fff4f8e9b48 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 286.594121][ T28] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00007feb3a347743 [ 286.602226][ T28] RDX: fffffffffffffe60 RSI: 00000000200005c0 RDI: 0000000000000005 [ 286.610276][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffffffffffe60 [ 286.618769][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff4f8e9b60 [ 286.626945][ T28] R13: 00000000000f4240 R14: 0000000000000000 R15: 0000000000000000 [ 286.635003][ T28] [ 286.638596][ T28] [ 286.638596][ T28] Showing all locks held in the system: [ 286.646412][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.651783][ T28] #0: ffffffff8bf85db0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.662606][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.668926][ T28] #0: ffffffff8bf85ab0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.680022][ T28] 1 lock held by khungtaskd/28: [ 286.684937][ T28] #0: ffffffff8bf86900 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.696761][ T28] 1 lock held by klogd/2961: [ 286.701794][ T28] #0: ffff8880b9b3a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2b/0x120 [ 286.711781][ T28] 2 locks held by getty/3286: [ 286.716491][ T28] #0: ffff88801c816098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.727079][ T28] #1: ffffc90001c482f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 286.737348][ T28] 3 locks held by kworker/0:4/3613: [ 286.742572][ T28] #0: ffff888011867d38 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 286.753470][ T28] #1: ffffc90002fbfda8 ((work_completion)(&(&sw_ctx_tx->tx_work.work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 286.767324][ T28] #2: ffff88807a695cd8 (&ctx->tx_lock){+.+.}-{3:3}, at: tx_work_handler+0x127/0x190 [ 286.776881][ T28] 1 lock held by syz-executor190/3622: [ 286.782687][ T28] #0: ffff888070507990 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: __sock_release+0x86/0x280 [ 286.793407][ T28] [ 286.795743][ T28] ============================================= [ 286.795743][ T28] [ 286.804508][ T28] NMI backtrace for cpu 0 [ 286.809127][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc4-syzkaller-00062-g0066f1b0e275 #0 [ 286.818946][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 286.829006][ T28] Call Trace: [ 286.832296][ T28] [ 286.835231][ T28] dump_stack_lvl+0xcd/0x134 [ 286.839918][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 286.845218][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.850446][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 286.856494][ T28] watchdog+0xc18/0xf50 [ 286.860689][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.866696][ T28] kthread+0x2e4/0x3a0 [ 286.870774][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.876416][ T28] ret_from_fork+0x1f/0x30 [ 286.880847][ T28] [ 286.884112][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.889433][ C1] NMI backtrace for cpu 1 [ 286.889442][ C1] CPU: 1 PID: 55 Comm: kworker/u4:4 Not tainted 6.0.0-rc4-syzkaller-00062-g0066f1b0e275 #0 [ 286.889464][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 286.889475][ C1] Workqueue: 0x0 (events_unbound) [ 286.889496][ C1] RIP: 0010:pwq_dec_nr_in_flight+0x0/0x2a0 [ 286.889523][ C1] Code: c6 f2 78 00 e9 b6 fd ff ff 48 89 df e8 b9 f2 78 00 e9 82 fd ff ff 4c 89 f7 e8 ac f2 78 00 e9 52 fd ff ff 0f 1f 80 00 00 00 00 <41> 55 41 54 55 48 89 fd 53 48 89 f3 e8 3f 54 2d 00 49 89 dc 83 e3 [ 286.889541][ C1] RSP: 0018:ffffc90001c1fd10 EFLAGS: 00000046 [ 286.889555][ C1] RAX: 0000000000000000 RBX: ffff888011874a10 RCX: 0000000000000000 [ 286.889567][ C1] RDX: 1ffff11002f78f25 RSI: ffff888011875005 RDI: ffff888011875000 [ 286.889580][ C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 [ 286.889591][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 286.889602][ C1] R13: ffffc90001c1fda8 R14: ffff888017bc7900 R15: ffff888011874800 [ 286.889615][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 286.889631][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.889644][ C1] CR2: 0000556f6c8b6000 CR3: 000000000bc8e000 CR4: 00000000003506e0 [ 286.889656][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.889667][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.889678][ C1] Call Trace: [ 286.889683][ C1] [ 286.889688][ C1] process_one_work+0xc76/0x1610 [ 286.889710][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.889731][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 286.889751][ C1] ? _raw_spin_lock_irq+0x41/0x50 [ 286.889772][ C1] worker_thread+0x665/0x1080 [ 286.889792][ C1] ? __kthread_parkme+0x15f/0x220 [ 286.889810][ C1] ? process_one_work+0x1610/0x1610 [ 286.889831][ C1] kthread+0x2e4/0x3a0 [ 286.889847][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 286.889867][ C1] ret_from_fork+0x1f/0x30 [ 286.889890][ C1] [ 286.891092][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.096850][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc4-syzkaller-00062-g0066f1b0e275 #0 [ 287.106662][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 287.116730][ T28] Call Trace: [ 287.120011][ T28] [ 287.123023][ T28] dump_stack_lvl+0xcd/0x134 [ 287.127617][ T28] panic+0x2c8/0x627 [ 287.131536][ T28] ? panic_print_sys_info.part.0+0x10b/0x10b [ 287.137541][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.142757][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 287.148142][ T28] ? watchdog.cold+0x130/0x158 [ 287.153013][ T28] watchdog.cold+0x141/0x158 [ 287.157665][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.163641][ T28] kthread+0x2e4/0x3a0 [ 287.167700][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.173341][ T28] ret_from_fork+0x1f/0x30 [ 287.177787][ T28] [ 287.181101][ T28] Kernel Offset: disabled [ 287.185442][ T28] Rebooting in 86400 seconds..