./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor831862594

<...>
Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts.
execve("./syz-executor831862594", ["./syz-executor831862594"], 0x7fff852831f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555594c55000
brk(0x555594c55d40)                     = 0x555594c55d40
arch_prctl(ARCH_SET_FS, 0x555594c553c0) = 0
set_tid_address(0x555594c55690)         = 5850
set_robust_list(0x555594c556a0, 24)     = 0
rseq(0x555594c55ce0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor831862594", 4096) = 27
getrandom("\x7a\x2e\x79\x2f\x44\x07\x3b\x0c", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555594c55d40
brk(0x555594c76d40)                     = 0x555594c76d40
brk(0x555594c77000)                     = 0x555594c77000
mprotect(0x7f83e6a82000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("/syzcgroup", 0777)               = 0
mkdir("/syzcgroup/unified", 0777)       = 0
mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0
[  254.729377][   T30] audit: type=1400 audit(1751228990.428:63): avc:  denied  { execmem } for  pid=5850 comm="syz-executor831" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
chmod("/syzcgroup/unified", 0777)       = 0
openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3
write(3, "+cpu", 4)                     = 4
write(3, "+io", 3)                      = 3
write(3, "+pids", 5)                    = 5
close(3)                                = 0
[  254.764818][   T30] audit: type=1400 audit(1751228990.468:64): avc:  denied  { mounton } for  pid=5850 comm="syz-executor831" path="/syzcgroup/unified" dev="sda1" ino=2024 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  254.787865][   T30] audit: type=1400 audit(1751228990.468:65): avc:  denied  { mount } for  pid=5850 comm="syz-executor831" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
mkdir("/syzcgroup/net", 0777)           = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0
umount2("/syzcgroup/net", 0)            = 0
mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0
umount2("/syzcgroup/net", 0)            = 0
[  254.885437][ T5850] cgroup: Unknown subsys name 'net'
[  254.893226][   T30] audit: type=1400 audit(1751228990.598:66): avc:  denied  { unmount } for  pid=5850 comm="syz-executor831" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0
chmod("/syzcgroup/net", 0777)           = 0
mkdir("/syzcgroup/cpu", 0777)           = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "memory") = 0
umount2("/syzcgroup/cpu", 0)            = 0
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted)
[  255.095242][ T5850] cgroup: Unknown subsys name 'cpuset'
[  255.105608][ T5850] cgroup: Unknown subsys name 'rlimit'
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = ? ERESTARTNOINTR (To be restarted)
mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct,hugetlb,memory") = 0
chmod("/syzcgroup/cpu", 0777)           = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3
write(3, "1", 1)                        = 1
close(3)                                = 0
openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
mkdir("./syzkaller.ARlIA5", 0700)       = 0
chmod("./syzkaller.ARlIA5", 0777)       = 0
chdir("./syzkaller.ARlIA5")             = 0
unshare(CLONE_NEWPID)                   = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached
 <unfinished ...>
[pid  5851] set_robust_list(0x555594c556a0, 24 <unfinished ...>
[pid  5850] <... clone resumed>, child_tidptr=0x555594c55690) = 5851
[pid  5851] <... set_robust_list resumed>) = 0
[pid  5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5851] getppid()                   = 0
[pid  5851] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid  5851] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid  5851] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid  5851] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid  5851] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid  5851] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid  5851] unshare(CLONE_NEWNS)        = 0
[pid  5851] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] unshare(CLONE_NEWIPC)       = 0
[pid  5851] unshare(CLONE_NEWCGROUP)    = 0
[pid  5851] unshare(CLONE_NEWUTS)       = 0
[pid  5851] unshare(CLONE_SYSVSEM)      = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "16777216", 8)     = 8
[  255.389442][   T30] audit: type=1400 audit(1751228991.098:67): avc:  denied  { mounton } for  pid=5851 comm="syz-executor831" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "536870912", 9)    = 9
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1024", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "8192", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1024", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1024", 4)         = 4
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1024 1048576 500 1024", 21) = 21
[pid  5851] close(3)                    = 0
[pid  5851] getpid()                    = 1
[pid  5851] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5851] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid  5851] unshare(CLONE_NEWNET)       = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "0 65535", 7)      = 7
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "100000", 6)       = 6
[pid  5851] close(3)                    = 0
[pid  5851] mkdir("./syz-tmp", 0777)    = 0
[pid  5851] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0
[pid  5851] mkdir("./syz-tmp/newroot", 0777) = 0
[pid  5851] mkdir("./syz-tmp/newroot/dev", 0700) = 0
[  255.906467][   T30] audit: type=1400 audit(1751228991.608:68): avc:  denied  { mounton } for  pid=5851 comm="syz-executor831" path="/root/syzkaller.ARlIA5/syz-tmp" dev="sda1" ino=2028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  255.930980][   T30] audit: type=1400 audit(1751228991.608:69): avc:  denied  { mount } for  pid=5851 comm="syz-executor831" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[pid  5851] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mkdir("./syz-tmp/newroot/proc", 0700) = 0
[pid  5851] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0
[  255.964437][   T30] audit: type=1400 audit(1751228991.668:70): avc:  denied  { mounton } for  pid=5851 comm="syz-executor831" path="/root/syzkaller.ARlIA5/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[pid  5851] mkdir("./syz-tmp/newroot/selinux", 0700) = 0
[pid  5851] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5851] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mkdir("./syz-tmp/newroot/sys", 0700) = 0
[pid  5851] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[  255.997176][   T30] audit: type=1400 audit(1751228991.698:71): avc:  denied  { mount } for  pid=5851 comm="syz-executor831" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[pid  5851] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5851] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mkdir("./syz-tmp/newroot/syz-inputs", 0700) = 0
[pid  5851] mount("/syz-inputs", "./syz-tmp/newroot/syz-inputs", NULL, MS_RDONLY|MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory)
[pid  5851] mkdir("./syz-tmp/newroot/syzcgroup", 0700) = 0
[pid  5851] mkdir("./syz-tmp/newroot/syzcgroup/unified", 0700) = 0
[pid  5851] mkdir("./syz-tmp/newroot/syzcgroup/cpu", 0700) = 0
[pid  5851] mkdir("./syz-tmp/newroot/syzcgroup/net", 0700) = 0
[pid  5851] mount("/syzcgroup/unified", "./syz-tmp/newroot/syzcgroup/unified", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mount("/syzcgroup/cpu", "./syz-tmp/newroot/syzcgroup/cpu", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mount("/syzcgroup/net", "./syz-tmp/newroot/syzcgroup/net", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0
[pid  5851] mkdir("./syz-tmp/pivot", 0777) = 0
[pid  5851] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0
[pid  5851] chdir("/")                  = 0
[pid  5851] umount2("./pivot", MNT_DETACH) = 0
[pid  5851] chroot("./newroot")         = 0
[pid  5851] chdir("/")                  = 0
[pid  5851] mkdir("/dev/gadgetfs", 0777) = 0
[pid  5851] mount("gadgetfs", "/dev/gadgetfs", "gadgetfs", 0, NULL) = 0
[pid  5851] mkdir("/dev/binderfs", 0777) = 0
[pid  5851] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid  5851] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid  5851] getpid()                    = 1
[pid  5851] mkdir("/syzcgroup/unified/syz0", 0777) = 0
[  256.053302][   T30] audit: type=1400 audit(1751228991.758:72): avc:  denied  { mounton } for  pid=5851 comm="syz-executor831" path="/root/syzkaller.ARlIA5/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[pid  5851] openat(AT_FDCWD, "/syzcgroup/unified/syz0/pids.max", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "32", 2)           = 2
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/syzcgroup/unified/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1", 1)            = 1
[pid  5851] close(3)                    = 0
[pid  5851] mkdir("/syzcgroup/cpu/syz0", 0777) = 0
[pid  5851] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1", 1)            = 1
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.soft_limit_in_bytes", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "313524224", 9)    = 9
[pid  5851] close(3)                    = 0
[pid  5851] openat(AT_FDCWD, "/syzcgroup/cpu/syz0/memory.limit_in_bytes", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "314572800", 9)    = 9
[pid  5851] close(3)                    = 0
[pid  5851] mkdir("/syzcgroup/net/syz0", 0777) = 0
[pid  5851] openat(AT_FDCWD, "/syzcgroup/net/syz0/cgroup.procs", O_WRONLY|O_CLOEXEC) = 3
[pid  5851] write(3, "1", 1)            = 1
[pid  5851] close(3)                    = 0
[pid  5851] mkdir("./0", 0777)          = 0
[  256.216711][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[pid  5851] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5854 attached
 <unfinished ...>
[pid  5854] set_robust_list(0x555594c556a0, 24 <unfinished ...>
[pid  5851] <... clone resumed>, child_tidptr=0x555594c55690) = 2
[pid  5854] <... set_robust_list resumed>) = 0
[pid  5854] chdir("./0")                = 0
[pid  5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5854] setpgid(0, 0)               = 0
[pid  5854] symlink("/syzcgroup/unified/syz0", "./cgroup") = 0
[pid  5854] symlink("/syzcgroup/cpu/syz0", "./cgroup.cpu") = 0
[pid  5854] symlink("/syzcgroup/net/syz0", "./cgroup.net") = 0
[pid  5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5854] write(3, "1000", 4)         = 4
[pid  5854] close(3)                    = 0
[pid  5854] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5854] write(1, "executing program\n", 18executing program
) = 18
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f83e6a269f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f83e6a17b70}, NULL, 8) = 0
[pid  5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
[pid  5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f83e6995000
[pid  5854] mprotect(0x7f83e6996000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0
[pid  5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f83e69b5990, parent_tid=0x7f83e69b5990, exit_signal=0, stack=0x7f83e6995000, stack_size=0x20300, tls=0x7f83e69b56c0}./strace-static-x86_64: Process 5855 attached
 => {parent_tid=[3]}, 88) = 3
[pid  5855] rseq(0x7f83e69b5fe0, 0x20, 0, 0x53053053 <unfinished ...>
[pid  5854] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5855] <... rseq resumed>)         = 0
[pid  5854] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5855] set_robust_list(0x7f83e69b59a0, 24 <unfinished ...>
[pid  5854] futex(0x7f83e6a883e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5855] <... set_robust_list resumed>) = 0
[pid  5854] <... futex resumed>)        = 0
[pid  5855] rt_sigprocmask(SIG_SETMASK, [],  <unfinished ...>
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5855] <... rt_sigprocmask resumed>NULL, 8) = 0
[pid  5855] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3
[pid  5855] futex(0x7f83e6a883ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5854] <... futex resumed>)        = 0
[pid  5855] futex(0x7f83e6a883e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5854] futex(0x7f83e6a883e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5855] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5854] <... futex resumed>)        = 0
[pid  5855] ioctl(3, NBD_SET_SIZE_BLOCKS, 2147483648 <unfinished ...>
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5855] <... ioctl resumed>)        = 0
[pid  5855] futex(0x7f83e6a883ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5854] <... futex resumed>)        = 0
[pid  5855] futex(0x7f83e6a883e8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  5854] futex(0x7f83e6a883e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5855] socketpair(AF_UNIX, SOCK_STREAM, 0,  <unfinished ...>
[pid  5854] <... futex resumed>)        = 0
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5855] <... socketpair resumed>[4, 5]) = 0
[pid  5855] futex(0x7f83e6a883ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5854] <... futex resumed>)        = 0
[pid  5855] futex(0x7f83e6a883e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5854] futex(0x7f83e6a883e8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  5855] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  5854] <... futex resumed>)        = 0
[pid  5855] ioctl(3, NBD_SET_SOCK, 4 <unfinished ...>
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5855] <... ioctl resumed>)        = 0
[pid  5855] futex(0x7f83e6a883ec, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5855] futex(0x7f83e6a883e8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  5854] <... futex resumed>)        = 0
[pid  5854] futex(0x7f83e6a883e8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  5855] <... futex resumed>)        = 0
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  5855] ioctl(3, NBD_DO_IT <unfinished ...>
[pid  5854] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  5854] futex(0x7f83e6a883ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[  256.470774][ T5855] nbd0: detected capacity change from 0 to 4294967296
[pid  5854] close(3)                    = 0
[pid  5854] close(4)                    = 0
[pid  5854] close(5)                    = 0
[pid  5854] close(6)                    = -1 EBADF (Bad file descriptor)
[pid  5854] close(7)                    = -1 EBADF (Bad file descriptor)
[pid  5854] close(8)                    = -1 EBADF (Bad file descriptor)
[pid  5854] close(9)                    = -1 EBADF (Bad file descriptor)
[pid  5854] close(10)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(11)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(12)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(13)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(14)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(15)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(16)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(17)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(18)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(19)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(20)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(21)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(22)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(23)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(24)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(25)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(26)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(27)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(28)                   = -1 EBADF (Bad file descriptor)
[pid  5854] close(29)                   = -1 EBADF (Bad file descriptor)
[pid  5854] exit_group(0)               = ?
[  256.608349][ T5138] block nbd0: Receive control failed (result -104)
[pid  5851] kill(-2, SIGKILL)           = 0
[pid  5851] kill(2, SIGKILL)            = 0
[pid  5851] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5851] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0
[pid  5851] getdents64(3, 0x555594c56730 /* 2 entries */, 32768) = 48
[pid  5851] getdents64(3, 0x555594c56730 /* 0 entries */, 32768) = 0
[pid  5851] close(3)                    = 0
[  286.571485][   T55] block nbd0: Possible stuck request ffff888026957000: control (read@0,4096B). Runtime 30 seconds
[  316.551730][ T5187] udevd[5187]: worker [5852] /devices/virtual/block/nbd0 is taking a long time
[  316.653701][   T55] block nbd0: Possible stuck request ffff888026957000: control (read@0,4096B). Runtime 60 seconds
[  346.730880][   T94] block nbd0: Possible stuck request ffff888026957000: control (read@0,4096B). Runtime 90 seconds
[  376.811247][   T94] block nbd0: Possible stuck request ffff888026957000: control (read@0,4096B). Runtime 120 seconds
[  406.890932][   T55] block nbd0: Possible stuck request ffff888026957000: control (read@0,4096B). Runtime 150 seconds
[  429.290771][   T31] INFO: task syz-executor831:5855 blocked for more than 143 seconds.
[  429.298842][   T31]       Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0
[  429.306526][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  429.315213][   T31] task:syz-executor831 state:D stack:27032 pid:5855  tgid:5854  ppid:5851   task_flags:0x400140 flags:0x00004006
[  429.327209][   T31] Call Trace:
[  429.330485][   T31]  <TASK>
[  429.333453][   T31]  __schedule+0x116a/0x5de0
[  429.337985][   T31]  ? __lock_acquire+0x622/0x1c90
[  429.342955][   T31]  ? __pfx___schedule+0x10/0x10
[  429.347805][   T31]  ? find_held_lock+0x2b/0x80
[  429.352514][   T31]  ? schedule+0x2d7/0x3a0
[  429.356841][   T31]  schedule+0xe7/0x3a0
[  429.360935][   T31]  schedule_preempt_disabled+0x13/0x30
[  429.366392][   T31]  __mutex_lock+0x6c7/0xb90
[  429.370973][   T31]  ? bdev_release+0x15a/0x6d0
[  429.375659][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  429.380729][   T31]  ? find_held_lock+0x2b/0x80
[  429.385412][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  429.390595][   T31]  ? bdev_release+0x15a/0x6d0
[  429.395301][   T31]  bdev_release+0x15a/0x6d0
[  429.399804][   T31]  ? __pfx_blkdev_release+0x10/0x10
[  429.405015][   T31]  blkdev_release+0x15/0x20
[  429.409519][   T31]  __fput+0x402/0xb70
[  429.413543][   T31]  task_work_run+0x150/0x240
[  429.418125][   T31]  ? __pfx_task_work_run+0x10/0x10
[  429.423246][   T31]  ? selinux_file_ioctl+0x180/0x270
[  429.428440][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  429.433576][   T31]  ptrace_notify+0x10e/0x130
[  429.438160][   T31]  syscall_exit_work+0x17c/0x1e0
[  429.443119][   T31]  do_syscall_64+0x3e6/0x4c0
[  429.447718][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.453656][   T31] RIP: 0033:0x7f83e6a00519
[  429.458076][   T31] RSP: 002b:00007f83e69b5218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.466513][   T31] RAX: 0000000000000000 RBX: 00007f83e6a883e8 RCX: 00007f83e6a00519
[  429.474514][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[  429.482483][   T31] RBP: 00007f83e6a883e0 R08: 0000000000000000 R09: 0000000000000000
[  429.490442][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83e6a55400
[  429.498425][   T31] R13: 64626e2f7665642f R14: 0000200000000040 R15: 0000000080000000
[  429.506410][   T31]  </TASK>
[  429.509406][   T31] 
[  429.509406][   T31] Showing all locks held in the system:
[  429.517139][   T31] 1 lock held by khungtaskd/31:
[  429.521989][   T31]  #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  429.531866][   T31] 2 locks held by getty/5575:
[  429.536529][   T31]  #0: ffff8880322770a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  429.546272][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  429.556386][   T31] 1 lock held by udevd/5852:
[  429.560996][   T31]  #0: ffff888143b68358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  429.570322][   T31] 1 lock held by syz-executor831/5855:
[  429.575799][   T31]  #0: ffff888143b68358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x15a/0x6d0
[  429.585411][   T31] 
[  429.587730][   T31] =============================================
[  429.587730][   T31] 
[  429.596174][   T31] NMI backtrace for cpu 1
[  429.596186][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  429.596206][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  429.596216][   T31] Call Trace:
[  429.596222][   T31]  <TASK>
[  429.596228][   T31]  dump_stack_lvl+0x116/0x1f0
[  429.596256][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  429.596277][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  429.596302][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  429.596324][   T31]  watchdog+0xf70/0x12c0
[  429.596347][   T31]  ? __pfx_watchdog+0x10/0x10
[  429.596363][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  429.596389][   T31]  ? __kthread_parkme+0x19e/0x250
[  429.596413][   T31]  ? __pfx_watchdog+0x10/0x10
[  429.596431][   T31]  kthread+0x3c2/0x780
[  429.596447][   T31]  ? __pfx_kthread+0x10/0x10
[  429.596463][   T31]  ? rcu_is_watching+0x12/0xc0
[  429.596484][   T31]  ? __pfx_kthread+0x10/0x10
[  429.596500][   T31]  ret_from_fork+0x5d4/0x6f0
[  429.596524][   T31]  ? __pfx_kthread+0x10/0x10
[  429.596539][   T31]  ret_from_fork_asm+0x1a/0x30
[  429.596569][   T31]  </TASK>
[  429.596575][   T31] Sending NMI from CPU 1 to CPUs 0:
[  429.714254][    C0] NMI backtrace for cpu 0
[  429.714269][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  429.714285][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  429.714298][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  429.714321][    C0] Code: ab 71 02 e9 03 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 30 29 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  429.714334][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c2
[  429.714345][    C0] RAX: 00000000000fd3cf RBX: 0000000000000000 RCX: ffffffff8b80dc59
[  429.714354][    C0] RDX: 0000000000000000 RSI: ffffffff8de1a0e6 RDI: ffffffff8c157ca0
[  429.714362][    C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645
[  429.714370][    C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000
[  429.714378][    C0] R13: ffffffff8e297780 R14: ffffffff90a80d50 R15: 0000000000000000
[  429.714386][    C0] FS:  0000000000000000(0000) GS:ffff888124752000(0000) knlGS:0000000000000000
[  429.714400][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  429.714409][    C0] CR2: 00005588803a6660 CR3: 000000000e382000 CR4: 00000000003526f0
[  429.714417][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  429.714425][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  429.714433][    C0] Call Trace:
[  429.714439][    C0]  <TASK>
[  429.714444][    C0]  default_idle+0x13/0x20
[  429.714456][    C0]  default_idle_call+0x6d/0xb0
[  429.714468][    C0]  do_idle+0x391/0x510
[  429.714486][    C0]  ? __pfx_do_idle+0x10/0x10
[  429.714500][    C0]  ? find_held_lock+0x2b/0x80
[  429.714519][    C0]  cpu_startup_entry+0x4f/0x60
[  429.714534][    C0]  rest_init+0x16b/0x2b0
[  429.714547][    C0]  ? acpi_subsystem_init+0x133/0x180
[  429.714573][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  429.714591][    C0]  start_kernel+0x3ee/0x4d0
[  429.714608][    C0]  x86_64_start_reservations+0x18/0x30
[  429.714624][    C0]  x86_64_start_kernel+0x130/0x190
[  429.714641][    C0]  common_startup_64+0x13e/0x148
[  429.714657][    C0]  </TASK>
[  429.715239][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  429.715251][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  429.715270][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  429.715278][   T31] Call Trace:
[  429.715284][   T31]  <TASK>
[  429.715291][   T31]  dump_stack_lvl+0x3d/0x1f0
[  429.715315][   T31]  panic+0x71c/0x800
[  429.715337][   T31]  ? __pfx_panic+0x10/0x10
[  429.715357][   T31]  ? __pfx__printk+0x10/0x10
[  429.715370][   T31]  ? ret_from_fork_asm+0x1a/0x30
[  429.715389][   T31]  ? nmi_backtrace_stall_check+0x6e/0x540
[  429.715413][   T31]  ? irq_work_queue+0xce/0x100
[  429.715433][   T31]  ? watchdog+0xdda/0x12c0
[  429.715450][   T31]  ? watchdog+0xdcd/0x12c0
[  429.715469][   T31]  watchdog+0xdeb/0x12c0
[  429.715489][   T31]  ? __pfx_watchdog+0x10/0x10
[  429.715504][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  429.715526][   T31]  ? __kthread_parkme+0x19e/0x250
[  429.715547][   T31]  ? __pfx_watchdog+0x10/0x10
[  429.715564][   T31]  kthread+0x3c2/0x780
[  429.715578][   T31]  ? __pfx_kthread+0x10/0x10
[  429.715594][   T31]  ? rcu_is_watching+0x12/0xc0
[  429.715612][   T31]  ? __pfx_kthread+0x10/0x10
[  429.715627][   T31]  ret_from_fork+0x5d4/0x6f0
[  429.715648][   T31]  ? __pfx_kthread+0x10/0x10
[  429.715662][   T31]  ret_from_fork_asm+0x1a/0x30
[  429.715687][   T31]  </TASK>
[  430.056339][   T31] Kernel Offset: disabled
[  430.060638][   T31] Rebooting in 86400 seconds..