./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3192239256 <...> Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts. execve("./syz-executor3192239256", ["./syz-executor3192239256"], 0x7ffe26d1ed40 /* 10 vars */) = 0 brk(NULL) = 0x555555b7b000 brk(0x555555b7bd00) = 0x555555b7bd00 arch_prctl(ARCH_SET_FS, 0x555555b7b380) = 0 set_tid_address(0x555555b7b650) = 519 set_robust_list(0x555555b7b660, 24) = 0 rseq(0x555555b7bca0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3192239256", 4096) = 28 getrandom("\x2b\x38\xc1\x97\xdb\x7c\x36\xca", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555b7bd00 brk(0x555555b9cd00) = 0x555555b9cd00 brk(0x555555b9d000) = 0x555555b9d000 mprotect(0x7f0d6635b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b7b650) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555555b7b660, 24) = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] write(1, "executing program\n", 18executing program ) = 18 [pid 520] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 3 [ 248.393264][ T30] audit: type=1400 audit(1724965689.217:66): avc: denied { execmem } for pid=519 comm="syz-executor319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 520] sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\xf0\x00\x00\x00\x30\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xdc\x00\x01\x00\x6c\x00\x01\x00\x0b\x00\x01\x00\x70\x6f\x6c\x69\x63\x65\x00\x00\x40\x00\x02\x80\x3c\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., iov_len=240}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0 [pid 519] kill(-520, SIGKILL) = 0 [pid 519] kill(520, SIGKILL) = 0 [pid 519] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 519] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 519] getdents64(3, 0x555555b7c6f0 /* 2 entries */, 32768) = 48 [pid 519] getdents64(3, 0x555555b7c6f0 /* 0 entries */, 32768) = 0 [pid 519] close(3) = 0 [ 490.290644][ T31] INFO: task kworker/0:1:20 blocked for more than 122 seconds. [ 490.298165][ T31] Not tainted 5.15.156-syzkaller-00821-g29d153aabd54 #0 [ 490.306144][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 490.314875][ T31] task:kworker/0:1 state:D stack:23480 pid: 20 ppid: 2 flags:0x00004000 [ 490.324211][ T31] Workqueue: ipv6_addrconf addrconf_verify_work [ 490.330452][ T31] Call Trace: [ 490.333935][ T31] [ 490.336688][ T31] __schedule+0xccc/0x1590 [ 490.341091][ T31] ? release_firmware_map_entry+0x190/0x190 [ 490.346798][ T31] ? wq_worker_sleeping+0x19c/0x200 [ 490.352292][ T31] schedule+0x11f/0x1e0 [ 490.356268][ T31] schedule_preempt_disabled+0x13/0x20 [ 490.361915][ T31] __mutex_lock+0x90e/0x1870 [ 490.366499][ T31] ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20 [ 490.373536][ T31] ? __queue_delayed_work+0x182/0x1f0 [ 490.378727][ T31] ? queue_delayed_work_on+0x13f/0x180 [ 490.384189][ T31] ? delayed_work_timer_fn+0x80/0x80 [ 490.389368][ T31] ? gc_worker+0x1059/0x1300 [ 490.394079][ T31] __mutex_lock_slowpath+0xe/0x10 [ 490.400226][ T31] mutex_lock+0x135/0x1e0 [ 490.405064][ T31] ? wait_for_completion_killable_timeout+0x10/0x10 [ 490.411606][ T31] ? __kasan_check_read+0x11/0x20 [ 490.416739][ T31] ? read_word_at_a_time+0x12/0x20 [ 490.421970][ T31] rtnl_lock+0x15/0x20 [ 490.425953][ T31] addrconf_verify_work+0xe/0x20 [ 490.430964][ T31] process_one_work+0x6bb/0xc10 [ 490.435636][ T31] worker_thread+0xad5/0x12a0 [ 490.440327][ T31] ? _raw_spin_lock+0x1b0/0x1b0 [ 490.445401][ T31] kthread+0x421/0x510 [ 490.449294][ T31] ? worker_clr_flags+0x180/0x180 [ 490.455217][ T31] ? kthread_blkcg+0xd0/0xd0 [ 490.459649][ T31] ret_from_fork+0x1f/0x30 [ 490.464102][ T31] [ 490.467173][ T31] NMI backtrace for cpu 0 [ 490.472161][ T31] CPU: 0 PID: 31 Comm: khungtaskd Not tainted 5.15.156-syzkaller-00821-g29d153aabd54 #0 [ 490.481720][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 490.491635][ T31] Call Trace: [ 490.494769][ T31] [ 490.497528][ T31] dump_stack_lvl+0x151/0x1c0 [ 490.502048][ T31] ? io_uring_drop_tctx_refs+0x190/0x190 [ 490.507503][ T31] dump_stack+0x15/0x20 [ 490.511493][ T31] nmi_cpu_backtrace+0x2f7/0x300 [ 490.516371][ T31] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 490.522345][ T31] ? sched_show_task+0x3d8/0x620 [ 490.527486][ T31] ? __rcu_read_unlock+0xd0/0xd0 [ 490.532978][ T31] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 490.538853][ T31] nmi_trigger_cpumask_backtrace+0x15d/0x270 [ 490.544677][ T31] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 490.550581][ T31] arch_trigger_cpumask_backtrace+0x10/0x20 [ 490.556684][ T31] watchdog+0xdd7/0xf50 [ 490.562567][ T31] ? __kasan_check_write+0x14/0x20 [ 490.568213][ T31] ? hungtask_pm_notify+0x50/0x50 [ 490.573177][ T31] ? __kasan_check_read+0x11/0x20 [ 490.578026][ T31] ? __kthread_parkme+0xb2/0x200 [ 490.582916][ T31] kthread+0x421/0x510 [ 490.586819][ T31] ? hungtask_pm_notify+0x50/0x50 [ 490.591748][ T31] ? kthread_blkcg+0xd0/0xd0 [ 490.596540][ T31] ret_from_fork+0x1f/0x30 [ 490.600871][ T31] [ 490.603798][ T31] Sending NMI from CPU 0 to CPUs 1: [ 490.608824][ C1] NMI backtrace for cpu 1 [ 490.608840][ C1] CPU: 1 PID: 520 Comm: syz-executor319 Not tainted 5.15.156-syzkaller-00821-g29d153aabd54 #0 [ 490.608857][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 490.608866][ C1] RIP: 0010:mutex_unlock+0xcd/0x260 [ 490.608888][ C1] Code: ce fc 4c 89 f7 be 08 00 00 00 e8 5e 7f ce fc 43 80 3c 27 00 74 08 4c 89 f7 e8 4f 7d ce fc 48 8b 44 24 40 31 c9 f0 48 0f b1 0b <0f> 85 9e 00 00 00 66 90 e9 a1 00 00 00 65 8b 1d 27 e1 1d 7b 89 d8 [ 490.608900][ C1] RSP: 0018:ffffc90000a16700 EFLAGS: 00000246 [ 490.608914][ C1] RAX: ffff888101bb2780 RBX: ffff88810abd2280 RCX: 0000000000000000 [ 490.608925][ C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000a16740 [ 490.608935][ C1] RBP: ffffc90000a167c0 R08: dffffc0000000000 R09: fffff52000142ce9 [ 490.608945][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 490.608955][ C1] R13: 1ffff92000142ce4 R14: ffffc90000a16740 R15: 1ffff92000142ce8 [ 490.608966][ C1] FS: 0000555555b7b380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 490.608979][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 490.608990][ C1] CR2: 0000555555b7b338 CR3: 00000001247c4000 CR4: 00000000003506a0 [ 490.609003][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 490.609012][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 490.609021][ C1] Call Trace: [ 490.609026][ C1] [ 490.609032][ C1] ? show_regs+0x58/0x60 [ 490.609049][ C1] ? nmi_cpu_backtrace+0x29f/0x300 [ 490.609067][ C1] ? nmi_trigger_cpumask_backtrace+0x270/0x270 [ 490.609085][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609098][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609111][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 490.609128][ C1] ? nmi_handle+0xa8/0x280 [ 490.609142][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609156][ C1] ? default_do_nmi+0x69/0x160 [ 490.609169][ C1] ? exc_nmi+0xad/0x100 [ 490.609181][ C1] ? end_repeat_nmi+0x16/0x31 [ 490.609196][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609209][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609223][ C1] ? mutex_unlock+0xcd/0x260 [ 490.609235][ C1] [ 490.609240][ C1] [ 490.609244][ C1] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 490.609261][ C1] ? __mutex_lock_slowpath+0x10/0x10 [ 490.609275][ C1] ? radix_tree_lookup+0x23a/0x290 [ 490.609292][ C1] tcf_idr_check_alloc+0x9d/0x3b0 [ 490.609307][ C1] tcf_police_init+0x318/0x1880 [ 490.609321][ C1] ? rtnetlink_rcv+0x1c/0x20 [ 490.609334][ C1] ? netlink_unicast+0x8df/0xac0 [ 490.609350][ C1] ? x64_sys_call+0x16a/0x9a0 [ 490.609364][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 490.609382][ C1] ? tcf_police_search+0x90/0x90 [ 490.609399][ C1] ? nla_memcpy+0x5e/0xc0 [ 490.609413][ C1] ? nla_memcpy+0x8e/0xc0 [ 490.609426][ C1] ? tcf_police_search+0x90/0x90 [ 490.609439][ C1] tcf_action_init_1+0x50f/0x7f0 [ 490.609454][ C1] ? tc_action_load_ops+0x550/0x550 [ 490.609468][ C1] ? tc_action_load_ops+0x2a6/0x550 [ 490.609485][ C1] tcf_action_init+0x306/0x840 [ 490.609499][ C1] ? tcf_action_init_1+0x7f0/0x7f0 [ 490.609521][ C1] ? security_capable+0x87/0xb0 [ 490.609537][ C1] tc_ctl_action+0x49b/0xd00 [ 490.609550][ C1] ? memcpy+0x56/0x70 [ 490.609566][ C1] ? tcf_free_cookie_rcu+0x50/0x50 [ 490.609579][ C1] ? avc_denied+0x1b0/0x1b0 [ 490.609600][ C1] ? __kasan_check_write+0x14/0x20 [ 490.609614][ C1] ? mutex_lock+0xb6/0x1e0 [ 490.609627][ C1] ? wait_for_completion_killable_timeout+0x10/0x10 [ 490.609643][ C1] ? ns_capable+0x89/0xe0 [ 490.609657][ C1] ? netlink_net_capable+0x125/0x160 [ 490.609672][ C1] ? tcf_free_cookie_rcu+0x50/0x50 [ 490.609686][ C1] rtnetlink_rcv_msg+0x951/0xc40 [ 490.609707][ C1] ? rtnetlink_bind+0x80/0x80 [ 490.609721][ C1] ? avc_denied+0x13f/0x1b0 [ 490.609737][ C1] ? avc_has_perm_noaudit+0x2dd/0x430 [ 490.609753][ C1] ? avc_denied+0x1b0/0x1b0 [ 490.609769][ C1] ? avc_has_perm+0x16f/0x260 [ 490.609782][ C1] ? ____kasan_kmalloc+0xed/0x110 [ 490.609797][ C1] ? avc_has_perm_noaudit+0x430/0x430 [ 490.609811][ C1] ? x64_sys_call+0x16a/0x9a0 [ 490.609825][ C1] netlink_rcv_skb+0x1cf/0x410 [ 490.609838][ C1] ? rtnetlink_bind+0x80/0x80 [ 490.609852][ C1] ? netlink_ack+0xb10/0xb10 [ 490.609865][ C1] ? __netlink_lookup+0x37b/0x3a0 [ 490.609879][ C1] rtnetlink_rcv+0x1c/0x20 [ 490.609892][ C1] netlink_unicast+0x8df/0xac0 [ 490.609909][ C1] ? netlink_detachskb+0x90/0x90 [ 490.609925][ C1] ? security_netlink_send+0x7b/0xa0 [ 490.609939][ C1] netlink_sendmsg+0xa0a/0xd20 [ 490.609953][ C1] ? netlink_getsockopt+0x560/0x560 [ 490.609967][ C1] ? security_socket_sendmsg+0x82/0xb0 [ 490.609980][ C1] ? netlink_getsockopt+0x560/0x560 [ 490.609994][ C1] ____sys_sendmsg+0x59e/0x8f0 [ 490.610010][ C1] ? __sys_sendmsg_sock+0x40/0x40 [ 490.610026][ C1] ? import_iovec+0xe5/0x120 [ 490.610042][ C1] ___sys_sendmsg+0x252/0x2e0 [ 490.610057][ C1] ? __sys_sendmsg+0x260/0x260 [ 490.610075][ C1] ? cgroup_leave_frozen+0x164/0x2c0 [ 490.610092][ C1] ? __kasan_check_read+0x11/0x20 [ 490.610107][ C1] ? __fdget+0x179/0x240 [ 490.610120][ C1] __se_sys_sendmsg+0x19a/0x260 [ 490.610135][ C1] ? __x64_sys_sendmsg+0x90/0x90 [ 490.610149][ C1] ? ptrace_notify+0x24c/0x350 [ 490.610167][ C1] __x64_sys_sendmsg+0x7b/0x90 [ 490.610181][ C1] x64_sys_call+0x16a/0x9a0 [ 490.610194][ C1] do_syscall_64+0x3b/0xb0 [ 490.610210][ C1] ? clear_bhb_loop+0x35/0x90 [ 490.610222][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 490.610242][ C1] RIP: 0033:0x7f0d662e7df9 [ 490.610256][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 490.610267][ C1] RSP: 002b:00007ffe4c878878 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 490.610282][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f0d662e7df9 [ 490.610291][ C1] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000003 [ 490.610300][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 490.610309][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 490.610317][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 490.610328][ C1] [ 490.610345][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.511 msecs [ 490.617551][ T30] audit: type=1400 audit(1724965931.437:67): avc: denied { remove_name } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 491.258049][ T30] audit: type=1400 audit(1724965931.437:68): avc: denied { rename } for pid=82 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1