./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3179183580 <...> Warning: Permanently added '10.128.0.192' (ED25519) to the list of known hosts. execve("./syz-executor3179183580", ["./syz-executor3179183580"], 0x7fffbc627430 /* 10 vars */) = 0 brk(NULL) = 0x55555ddba000 brk(0x55555ddbad40) = 0x55555ddbad40 arch_prctl(ARCH_SET_FS, 0x55555ddba3c0) = 0 set_tid_address(0x55555ddba690) = 5074 set_robust_list(0x55555ddba6a0, 24) = 0 rseq(0x55555ddbace0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3179183580", 4096) = 28 getrandom("\xe4\x88\xaf\x3c\x14\x9d\xe9\xec", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555ddbad40 brk(0x55555dddbd40) = 0x55555dddbd40 brk(0x55555dddc000) = 0x55555dddc000 mprotect(0x7f5bf308d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555ddba690) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x55555ddba6a0, 24) = 0 [pid 5075] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setsid() = 1 [pid 5075] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [ 93.785925][ T28] audit: type=1400 audit(1714480120.026:87): avc: denied { execmem } for pid=5074 comm="syz-executor317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5075] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5075] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5075] unshare(CLONE_NEWNS) = 0 [ 93.812768][ T28] audit: type=1400 audit(1714480120.056:88): avc: denied { mounton } for pid=5075 comm="syz-executor317" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 93.837426][ T28] audit: type=1400 audit(1714480120.056:89): avc: denied { mount } for pid=5075 comm="syz-executor317" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 5075] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5075] unshare(CLONE_NEWIPC) = 0 [pid 5075] unshare(CLONE_NEWCGROUP) = 0 [pid 5075] unshare(CLONE_NEWUTS) = 0 [pid 5075] unshare(CLONE_SYSVSEM) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "16777216", 8) = 8 [pid 5075] close(3) = 0 [ 93.883771][ T28] audit: type=1400 audit(1714480120.126:90): avc: denied { mounton } for pid=5075 comm="syz-executor317" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "536870912", 9) = 9 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "8192", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5075] close(3) = 0 [pid 5075] getpid() = 1 [pid 5075] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< {parent_tid=[3]}, 88) = 3 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] rseq(0x7f5bf2fc3fe0, 0x20, 0, 0x53053053) = 0 [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] set_robust_list(0x7f5bf2fc39a0, 24 [pid 5078] <... futex resumed>) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY|O_SYNC|O_LARGEFILE|0x800000) = 3 [pid 5079] futex(0x7f5bf30933ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5079] futex(0x7f5bf30933e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 5079] futex(0x7f5bf30933ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] dup2(4, 3 [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... dup2 resumed>) = 3 [pid 5079] futex(0x7f5bf30933ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f5bf30933e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5078] <... futex resumed>) = 0 [pid 5079] <... socketpair resumed>[5, 6]) = 0 [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] futex(0x7f5bf30933ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] ioctl(4, NBD_SET_SIZE_BLOCKS, 2 [ 94.336616][ T28] audit: type=1400 audit(1714480120.576:93): avc: denied { read } for pid=5078 comm="syz-executor317" name="nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 94.361098][ T28] audit: type=1400 audit(1714480120.576:94): avc: denied { open } for pid=5078 comm="syz-executor317" path="/dev/nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7f5bf30933fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5bf2f82000 [pid 5078] mprotect(0x7f5bf2f83000, 131072, PROT_READ|PROT_WRITE [pid 5079] <... ioctl resumed>) = 0 [pid 5079] futex(0x7f5bf30933ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... mprotect resumed>) = 0 [pid 5079] <... futex resumed>) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5079] futex(0x7f5bf30933e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5bf2fa2990, parent_tid=0x7f5bf2fa2990, exit_signal=0, stack=0x7f5bf2f82000, stack_size=0x20300, tls=0x7f5bf2fa26c0}./strace-static-x86_64: Process 5080 attached => {parent_tid=[4]}, 88) = 4 [pid 5080] rseq(0x7f5bf2fa2fe0, 0x20, 0, 0x53053053 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] <... rseq resumed>) = 0 [ 94.385734][ T28] audit: type=1400 audit(1714480120.616:95): avc: denied { ioctl } for pid=5078 comm="syz-executor317" path="/dev/nbd0" dev="devtmpfs" ino=664 ioctlcmd=0xab07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5080] set_robust_list(0x7f5bf2fa29a0, 24 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5078] futex(0x7f5bf30933f8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... futex resumed>) = 0 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] futex(0x7f5bf30933fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] ioctl(3, NBD_SET_SOCK, 5) = 0 [pid 5080] futex(0x7f5bf30933fc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5080] <... futex resumed>) = 0 [pid 5078] futex(0x7f5bf30933e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f5bf30933f8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5079] ioctl(3, NBD_DO_IT [pid 5078] futex(0x7f5bf30933ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 94.549731][ T5079] nbd0: detected capacity change from 0 to 4 [pid 5078] close(3) = 0 [pid 5078] close(4) = 0 [pid 5078] close(5) = 0 [pid 5078] close(6) = 0 [pid 5078] close(7) = -1 EBADF (Bad file descriptor) [pid 5078] close(8) = -1 EBADF (Bad file descriptor) [pid 5078] close(9) = -1 EBADF (Bad file descriptor) [pid 5078] close(10) = -1 EBADF (Bad file descriptor) [pid 5078] close(11) = -1 EBADF (Bad file descriptor) [pid 5078] close(12) = -1 EBADF (Bad file descriptor) [pid 5078] close(13) = -1 EBADF (Bad file descriptor) [pid 5078] close(14) = -1 EBADF (Bad file descriptor) [pid 5078] close(15) = -1 EBADF (Bad file descriptor) [pid 5078] close(16) = -1 EBADF (Bad file descriptor) [pid 5078] close(17) = -1 EBADF (Bad file descriptor) [pid 5078] close(18) = -1 EBADF (Bad file descriptor) [pid 5078] close(19) = -1 EBADF (Bad file descriptor) [pid 5078] close(20) = -1 EBADF (Bad file descriptor) [pid 5078] close(21) = -1 EBADF (Bad file descriptor) [pid 5078] close(22) = -1 EBADF (Bad file descriptor) [pid 5078] close(23) = -1 EBADF (Bad file descriptor) [pid 5078] close(24) = -1 EBADF (Bad file descriptor) [pid 5078] close(25) = -1 EBADF (Bad file descriptor) [pid 5078] close(26) = -1 EBADF (Bad file descriptor) [pid 5078] close(27) = -1 EBADF (Bad file descriptor) [pid 5078] close(28) = -1 EBADF (Bad file descriptor) [pid 5078] close(29) = -1 EBADF (Bad file descriptor) [pid 5078] exit_group(0 [pid 5080] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5080] +++ exited with 0 +++ [ 94.778111][ T4469] block nbd0: Receive control failed (result -104) [ 98.451969][ T928] cfg80211: failed to load regulatory.db [pid 5075] kill(-2, SIGKILL) = 0 [pid 5075] kill(2, SIGKILL) = 0 [pid 5075] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5075] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5075] getdents64(3, 0x55555ddbb730 /* 2 entries */, 32768) = 48 [pid 5075] getdents64(3, 0x55555ddbb730 /* 0 entries */, 32768) = 0 [pid 5075] close(3) = 0 [ 124.691252][ T97] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 30 seconds [ 154.809414][ T97] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 60 seconds [ 157.552370][ T4525] udevd[4525]: worker [5076] /devices/virtual/block/nbd0 is taking a long time [ 184.849628][ T97] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 90 seconds [ 214.929656][ T97] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 120 seconds [ 245.010088][ T97] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 150 seconds [ 275.007141][ T4525] udevd[4525]: worker [5076] /devices/virtual/block/nbd0 timeout; kill it [ 275.015970][ T4525] udevd[4525]: seq 7624 '/devices/virtual/block/nbd0' killed [ 275.089850][ T56] block nbd0: Possible stuck request ffff888020840000: control (read@0,2048B). Runtime 180 seconds [ 287.889605][ T29] INFO: task syz-executor317:5079 blocked for more than 143 seconds. [ 287.897956][ T29] Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 [ 287.905925][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.915014][ T29] task:syz-executor317 state:D stack:27952 pid:5079 tgid:5078 ppid:5075 flags:0x00004006 [ 287.925711][ T29] Call Trace: [ 287.929108][ T29] [ 287.932234][ T29] __schedule+0xf15/0x5d00 [ 287.936854][ T29] ? __pfx___lock_acquire+0x10/0x10 [ 287.942364][ T29] ? __pfx___lock_acquire+0x10/0x10 [ 287.948015][ T29] ? __pfx___schedule+0x10/0x10 [ 287.953012][ T29] ? schedule+0x298/0x350 [ 287.957484][ T29] ? __pfx_lock_release+0x10/0x10 [ 287.962594][ T29] ? __mutex_lock+0x5b3/0x9c0 [ 287.967302][ T29] ? __mutex_trylock_common+0x78/0x250 [ 287.972916][ T29] schedule+0xe7/0x350 [ 287.977014][ T29] schedule_preempt_disabled+0x13/0x30 [ 287.982568][ T29] __mutex_lock+0x5b8/0x9c0 [ 287.987116][ T29] ? bdev_release+0x166/0x710 [ 287.992040][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 287.997107][ T29] ? do_raw_spin_lock+0x12d/0x2c0 [ 288.002305][ T29] ? do_raw_spin_unlock+0x172/0x230 [ 288.007538][ T29] ? bdev_release+0x166/0x710 [ 288.012401][ T29] bdev_release+0x166/0x710 [ 288.016969][ T29] ? task_work_run+0x126/0x250 [ 288.021928][ T29] ? evm_file_release+0xd6/0x1d0 [ 288.026980][ T29] ? __pfx_blkdev_release+0x10/0x10 [ 288.032862][ T29] blkdev_release+0x15/0x20 [ 288.037551][ T29] __fput+0x270/0xb80 [ 288.041794][ T29] task_work_run+0x14e/0x250 [ 288.046846][ T29] ? __pfx_task_work_run+0x10/0x10 [ 288.052104][ T29] ? __pfx_task_work_add+0x10/0x10 [ 288.057266][ T29] ? __pfx_blkdev_ioctl+0x10/0x10 [ 288.062591][ T29] ? selinux_file_ioctl+0xb4/0x270 [ 288.067818][ T29] ptrace_notify+0x10e/0x130 [ 288.072725][ T29] syscall_exit_to_user_mode_prepare+0x126/0x260 [ 288.079144][ T29] syscall_exit_to_user_mode+0x11/0x2a0 [ 288.084939][ T29] do_syscall_64+0xdc/0x260 [ 288.089625][ T29] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.095784][ T29] RIP: 0033:0x7f5bf300b7f9 [ 288.100281][ T29] RSP: 002b:00007f5bf2fc3228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.108729][ T29] RAX: 0000000000000000 RBX: 00007f5bf30933e8 RCX: 00007f5bf300b7f9 [ 288.116908][ T29] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 288.124944][ T29] RBP: 00007f5bf30933e0 R08: 00007f5bf2fc36c0 R09: 00007f5bf2fc36c0 [ 288.133024][ T29] R10: 00007f5bf2fc36c0 R11: 0000000000000246 R12: 00007f5bf30933ec [ 288.141055][ T29] R13: 00007f5bf30601a4 R14: 64626e2f7665642f R15: 00007fff2ee167b8 [ 288.149058][ T29] [ 288.152301][ T29] [ 288.152301][ T29] Showing all locks held in the system: [ 288.160114][ T29] 5 locks held by kworker/u8:1/11: [ 288.165322][ T29] 1 lock held by khungtaskd/29: [ 288.170581][ T29] #0: ffffffff8d7b0e20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 288.180591][ T29] 2 locks held by getty/4827: [ 288.185284][ T29] #0: ffff88802a6c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 288.195230][ T29] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 288.205495][ T29] 1 lock held by udevd/5076: [ 288.210182][ T29] #0: ffff88802078b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_open+0x43c/0xe90 [ 288.219624][ T29] 1 lock held by syz-executor317/5079: [ 288.225079][ T29] #0: ffff88802078b4c8 (&disk->open_mutex){+.+.}-{3:3}, at: bdev_release+0x166/0x710 [ 288.234828][ T29] [ 288.237216][ T29] ============================================= [ 288.237216][ T29] [ 288.245732][ T29] NMI backtrace for cpu 0 [ 288.250087][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 [ 288.259893][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 288.269940][ T29] Call Trace: [ 288.273213][ T29] [ 288.276136][ T29] dump_stack_lvl+0x116/0x1f0 [ 288.280899][ T29] nmi_cpu_backtrace+0x27b/0x390 [ 288.285872][ T29] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 288.291878][ T29] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 288.297856][ T29] watchdog+0xf86/0x1240 [ 288.302163][ T29] ? __pfx_watchdog+0x10/0x10 [ 288.306868][ T29] ? lockdep_hardirqs_on+0x7c/0x110 [ 288.312118][ T29] ? __kthread_parkme+0x148/0x220 [ 288.317287][ T29] ? __pfx_watchdog+0x10/0x10 [ 288.322142][ T29] kthread+0x2c1/0x3a0 [ 288.326300][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.331581][ T29] ? __pfx_kthread+0x10/0x10 [ 288.336200][ T29] ret_from_fork+0x45/0x80 [ 288.340652][ T29] ? __pfx_kthread+0x10/0x10 [ 288.345276][ T29] ret_from_fork_asm+0x1a/0x30 [ 288.350209][ T29] [ 288.354598][ T29] Sending NMI from CPU 0 to CPUs 1: [ 288.360057][ C1] NMI backtrace for cpu 1 [ 288.360074][ C1] CPU: 1 PID: 4514 Comm: klogd Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 [ 288.360097][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 288.360109][ C1] RIP: 0010:__kmalloc_node_track_caller+0x120/0x470 [ 288.360244][ C1] Code: 44 24 08 00 00 00 00 4d 85 e4 0f 84 ab 02 00 00 cc 76 01 00 00 48 c7 44 24 20 00 00 00 00 65 48 8b 05 2c 3e 23 7e 49 03 04 24 <48> 8b 50 08 4c 8b 00 48 8b 78 10 4d 85 c0 0f 84 18 02 00 00 48 85 [ 288.360263][ C1] RSP: 0018:ffffc9000333f890 EFLAGS: 00000286 [ 288.360281][ C1] RAX: ffff8880b9543760 RBX: 0000000000482cc0 RCX: 0000000000000001 [ 288.360295][ C1] RDX: dffffc0000000000 RSI: 0000000000482cc0 RDI: ffff88801504f140 [ 288.360309][ C1] RBP: ffffc9000333f8f0 R08: 0000000000000000 R09: 0000000000000000 [ 288.360322][ C1] R10: ffffffff8f9f4917 R11: 0000000000000001 R12: ffff88801504f140 [ 288.360336][ C1] R13: 0000000000000200 R14: 0000000000482cc0 R15: 00000000ffffffff [ 288.360349][ C1] FS: 00007fd799407380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 288.360370][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 288.360384][ C1] CR2: 000055d208593600 CR3: 000000002c65a000 CR4: 00000000003506f0 [ 288.360397][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 288.360409][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 288.360422][ C1] Call Trace: [ 288.360429][ C1] [ 288.360436][ C1] ? show_regs+0x8c/0xa0 [ 288.360466][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 288.360490][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 288.360518][ C1] ? nmi_handle+0x1a9/0x5c0 [ 288.360537][ C1] ? __kmalloc_node_track_caller+0x120/0x470 [ 288.360559][ C1] ? default_do_nmi+0x6a/0x160 [ 288.360583][ C1] ? exc_nmi+0x170/0x1e0 [ 288.360604][ C1] ? end_repeat_nmi+0xf/0x53 [ 288.360629][ C1] ? __kmalloc_node_track_caller+0x120/0x470 [ 288.360651][ C1] ? __kmalloc_node_track_caller+0x120/0x470 [ 288.360673][ C1] ? __kmalloc_node_track_caller+0x120/0x470 [ 288.360694][ C1] [ 288.360700][ C1] [ 288.360707][ C1] ? __alloc_skb+0x164/0x380 [ 288.360809][ C1] kmalloc_reserve+0xef/0x2c0 [ 288.360837][ C1] __alloc_skb+0x164/0x380 [ 288.360856][ C1] ? __pfx___alloc_skb+0x10/0x10 [ 288.360875][ C1] ? __lock_acquire+0x14f4/0x3b30 [ 288.360906][ C1] alloc_skb_with_frags+0xe4/0x710 [ 288.360934][ C1] sock_alloc_send_pskb+0x7f1/0x980 [ 288.360956][ C1] ? lock_acquire+0x1b1/0x560 [ 288.360983][ C1] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 288.361005][ C1] ? __pfx_lock_release+0x10/0x10 [ 288.361031][ C1] ? do_raw_spin_lock+0x12d/0x2c0 [ 288.361051][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 288.361072][ C1] unix_dgram_sendmsg+0x4b9/0x1b10 [ 288.361142][ C1] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 288.361200][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 288.361222][ C1] __sys_sendto+0x47f/0x4e0 [ 288.361261][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 288.361281][ C1] ? __pfx_lock_release+0x10/0x10 [ 288.361309][ C1] ? rcu_is_watching+0x12/0xc0 [ 288.361356][ C1] ? __pfx_mem_cgroup_handle_over_high+0x10/0x10 [ 288.361425][ C1] __x64_sys_sendto+0xe0/0x1c0 [ 288.361447][ C1] ? do_syscall_64+0x91/0x260 [ 288.361466][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 288.361493][ C1] do_syscall_64+0xcf/0x260 [ 288.361512][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.361543][ C1] RIP: 0033:0x7fd7995699b5 [ 288.361559][ C1] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 288.361577][ C1] RSP: 002b:00007ffd41741908 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 288.361595][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd7995699b5 [ 288.361608][ C1] RDX: 000000000000008b RSI: 000055aed5b658b0 RDI: 0000000000000003 [ 288.361621][ C1] RBP: 000055aed5b5f2c0 R08: 0000000000000000 R09: 0000000000000000 [ 288.361633][ C1] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 288.361645][ C1] R13: 00007fd7996f7212 R14: 00007ffd41741a08 R15: 0000000000000000 [ 288.361661][ C1] [ 288.361670][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.613 msecs [ 288.362059][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 288.786485][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0 [ 288.796324][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 288.806421][ T29] Call Trace: [ 288.809728][ T29] [ 288.812672][ T29] dump_stack_lvl+0x3d/0x1f0 [ 288.817319][ T29] panic+0x6f5/0x7a0 [ 288.821267][ T29] ? __pfx_panic+0x10/0x10 [ 288.825753][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 288.831270][ T29] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 288.837314][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 288.842786][ T29] ? watchdog+0xd3d/0x1240 [ 288.847226][ T29] ? watchdog+0xd30/0x1240 [ 288.851663][ T29] watchdog+0xd4e/0x1240 [ 288.856137][ T29] ? __pfx_watchdog+0x10/0x10 [ 288.860874][ T29] ? lockdep_hardirqs_on+0x7c/0x110 [ 288.866104][ T29] ? __kthread_parkme+0x148/0x220 [ 288.871153][ T29] ? __pfx_watchdog+0x10/0x10 [ 288.875844][ T29] kthread+0x2c1/0x3a0 [ 288.880135][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.885582][ T29] ? __pfx_kthread+0x10/0x10 [ 288.890350][ T29] ret_from_fork+0x45/0x80 [ 288.895632][ T29] ? __pfx_kthread+0x10/0x10 [ 288.900442][ T29] ret_from_fork_asm+0x1a/0x30 [ 288.905303][ T29] [ 288.908754][ T29] Kernel Offset: disabled [ 288.913076][ T29] Rebooting in 86400 seconds..