./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4211079480 <...> Warning: Permanently added '10.128.0.168' (ED25519) to the list of known hosts. execve("./syz-executor4211079480", ["./syz-executor4211079480"], 0x7ffda8a6b580 /* 10 vars */) = 0 brk(NULL) = 0x5555555e8000 brk(0x5555555e8d40) = 0x5555555e8d40 arch_prctl(ARCH_SET_FS, 0x5555555e83c0) = 0 set_tid_address(0x5555555e8690) = 5011 set_robust_list(0x5555555e86a0, 24) = 0 rseq(0x5555555e8ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4211079480", 4096) = 28 getrandom("\x7a\x82\x5b\x2c\x86\x14\x4c\x76", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555555e8d40 brk(0x555555609d40) = 0x555555609d40 brk(0x55555560a000) = 0x55555560a000 mprotect(0x7fa91c529000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555555e8690) = 5012 ./strace-static-x86_64: Process 5012 attached [pid 5012] set_robust_list(0x5555555e86a0, 24) = 0 [pid 5012] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5012] setsid() = 1 [pid 5012] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5012] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5012] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5012] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5012] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5012] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5012] unshare(CLONE_NEWNS) = 0 [pid 5012] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [ 61.145892][ T26] audit: type=1400 audit(1693303645.248:83): avc: denied { write } for pid=5008 comm="strace-static-x" path="pipe:[30182]" dev="pipefs" ino=30182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 61.171865][ T26] audit: type=1400 audit(1693303645.268:84): avc: denied { execmem } for pid=5011 comm="syz-executor421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5012] unshare(CLONE_NEWIPC) = 0 [pid 5012] unshare(CLONE_NEWCGROUP) = 0 [pid 5012] unshare(CLONE_NEWUTS) = 0 [pid 5012] unshare(CLONE_SYSVSEM) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "16777216", 8) = 8 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "536870912", 9) = 9 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1024", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "8192", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1024", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1024", 4) = 4 [pid 5012] close(3) = 0 [pid 5012] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5012] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5012] close(3) = 0 [pid 5012] getpid() = 1 [pid 5012] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< {parent_tid=[3]}, 88) = 3 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5016 attached [pid 5016] rseq(0x7fa91c465fe0, 0x20, 0, 0x53053053) = 0 [pid 5016] set_robust_list(0x7fa91c4659a0, 24) = 0 [pid 5016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5016] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5016] futex(0x7fa91c52f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5016] futex(0x7fa91c52f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] ioctl(3, NBD_SET_SIZE_BLOCKS, 1) = 0 [pid 5016] futex(0x7fa91c52f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 6 [pid 5016] futex(0x7fa91c52f3ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = 0 [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 61.296245][ T26] audit: type=1400 audit(1693303645.398:88): avc: denied { mounton } for pid=5012 comm="syz-executor421" path="/dev/binderfs" dev="devtmpfs" ino=2322 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 61.319705][ T26] audit: type=1400 audit(1693303645.398:89): avc: denied { mount } for pid=5012 comm="syz-executor421" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5016] <... futex resumed>) = 1 [pid 5016] ioctl(3, NBD_SET_SOCK, 4 [pid 5015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 61.343895][ T26] audit: type=1400 audit(1693303645.428:90): avc: denied { read } for pid=5015 comm="syz-executor421" name="nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 61.368535][ T26] audit: type=1400 audit(1693303645.428:91): avc: denied { open } for pid=5015 comm="syz-executor421" path="/dev/nbd0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 5015] futex(0x7fa91c52f3fc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa91c424000 [pid 5015] mprotect(0x7fa91c425000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa91c444990, parent_tid=0x7fa91c444990, exit_signal=0, stack=0x7fa91c424000, stack_size=0x20300, tls=0x7fa91c4446c0} => {parent_tid=[4]}, 88) = 4 [pid 5015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5015] futex(0x7fa91c52f3f8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5015] futex(0x7fa91c52f3fc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5017 attached [pid 5017] rseq(0x7fa91c444fe0, 0x20, 0, 0x53053053) = 0 [pid 5017] set_robust_list(0x7fa91c4449a0, 24) = 0 [pid 5017] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5017] ioctl(6, NBD_DO_IT [pid 5016] <... ioctl resumed>) = 0 [pid 5016] futex(0x7fa91c52f3ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5016] futex(0x7fa91c52f3e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5015] futex(0x7fa91c52f3e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5016] <... futex resumed>) = 0 [pid 5015] <... futex resumed>) = 1 [pid 5016] ioctl(3, BLKRRPART [ 61.392890][ T26] audit: type=1400 audit(1693303645.438:92): avc: denied { ioctl } for pid=5015 comm="syz-executor421" path="/dev/nbd0" dev="devtmpfs" ino=664 ioctlcmd=0xab07 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 61.427146][ T5017] nbd0: detected capacity change from 0 to 2 [pid 5015] futex(0x7fa91c52f3ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5015] close(3) = 0 [pid 5015] close(4) = 0 [pid 5015] close(5) = 0 [pid 5015] close(6) = 0 [pid 5015] close(7) = -1 EBADF (Bad file descriptor) [pid 5015] close(8) = -1 EBADF (Bad file descriptor) [pid 5015] close(9) = -1 EBADF (Bad file descriptor) [pid 5015] close(10) = -1 EBADF (Bad file descriptor) [pid 5015] close(11) = -1 EBADF (Bad file descriptor) [pid 5015] close(12) = -1 EBADF (Bad file descriptor) [pid 5015] close(13) = -1 EBADF (Bad file descriptor) [pid 5015] close(14) = -1 EBADF (Bad file descriptor) [pid 5015] close(15) = -1 EBADF (Bad file descriptor) [pid 5015] close(16) = -1 EBADF (Bad file descriptor) [pid 5015] close(17) = -1 EBADF (Bad file descriptor) [pid 5015] close(18) = -1 EBADF (Bad file descriptor) [pid 5015] close(19) = -1 EBADF (Bad file descriptor) [pid 5015] close(20) = -1 EBADF (Bad file descriptor) [pid 5015] close(21) = -1 EBADF (Bad file descriptor) [pid 5015] close(22) = -1 EBADF (Bad file descriptor) [pid 5015] close(23) = -1 EBADF (Bad file descriptor) [pid 5015] close(24) = -1 EBADF (Bad file descriptor) [pid 5015] close(25) = -1 EBADF (Bad file descriptor) [pid 5015] close(26) = -1 EBADF (Bad file descriptor) [pid 5015] close(27) = -1 EBADF (Bad file descriptor) [pid 5015] close(28) = -1 EBADF (Bad file descriptor) [pid 5015] close(29) = -1 EBADF (Bad file descriptor) [pid 5015] exit_group(0) = ? [ 61.650827][ T4419] block nbd0: Receive control failed (result -104) [pid 5012] kill(-2, SIGKILL) = 0 [pid 5012] kill(2, SIGKILL) = 0 [pid 5012] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5012] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5012] getdents64(3, 0x5555555e9730 /* 2 entries */, 32768) = 48 [pid 5012] getdents64(3, 0x5555555e9730 /* 0 entries */, 32768) = 0 [pid 5012] close(3) = 0 [ 66.752505][ T26] audit: type=1400 audit(1693303650.848:93): avc: denied { append } for pid=4449 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 66.774861][ T26] audit: type=1400 audit(1693303650.848:94): avc: denied { open } for pid=4449 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 66.797280][ T26] audit: type=1400 audit(1693303650.848:95): avc: denied { getattr } for pid=4449 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.665735][ T918] cfg80211: failed to load regulatory.db [ 91.904989][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 30 seconds [ 121.984350][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 60 seconds [ 122.677325][ T4467] udevd[4467]: worker [5013] /devices/virtual/block/nbd0 is taking a long time [ 152.064331][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 90 seconds [ 182.144722][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 120 seconds [ 212.224306][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 150 seconds [ 242.304329][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 180 seconds [ 242.838037][ T4467] udevd[4467]: worker [5013] /devices/virtual/block/nbd0 timeout; kill it [ 242.847760][ T4467] udevd[4467]: seq 7568 '/devices/virtual/block/nbd0' killed [ 272.384198][ T1194] block nbd0: Possible stuck request ffff888020108000: control (read@0,1024B). Runtime 210 seconds [ 286.464496][ T27] INFO: task syz-executor421:5016 blocked for more than 143 seconds. [ 286.472703][ T27] Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 286.480074][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.488844][ T27] task:syz-executor421 state:D stack:27424 pid:5016 ppid:5012 flags:0x00004006 [ 286.498178][ T27] Call Trace: [ 286.501494][ T27] [ 286.504475][ T27] __schedule+0xee1/0x59f0 [ 286.509037][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.515139][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.521147][ T27] ? io_schedule_timeout+0x150/0x150 [ 286.526494][ T27] ? __mutex_lock+0x962/0x1340 [ 286.531279][ T27] schedule+0xe7/0x1b0 [ 286.535416][ T27] schedule_preempt_disabled+0x13/0x20 [ 286.540896][ T27] __mutex_lock+0x967/0x1340 [ 286.545537][ T27] ? blkdev_get_by_dev.part.0+0x4f0/0xb20 [ 286.551356][ T27] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 286.556989][ T27] ? _atomic_dec_and_lock+0xa2/0x120 [ 286.562395][ T27] ? iput.part.0+0x78/0x7a0 [ 286.566966][ T27] ? blkdev_get_by_dev.part.0+0x4f0/0xb20 [ 286.572712][ T27] blkdev_get_by_dev.part.0+0x4f0/0xb20 [ 286.578330][ T27] ? devcgroup_check_permission+0x1a2/0x490 [ 286.584317][ T27] blkdev_get_by_dev+0x75/0x80 [ 286.589081][ T27] disk_scan_partitions+0x1e9/0x320 [ 286.594343][ T27] blkdev_common_ioctl+0x616/0x1ce0 [ 286.599566][ T27] ? blkdev_pr_preempt+0x2f0/0x2f0 [ 286.604752][ T27] ? selinux_bprm_creds_for_exec+0xb30/0xb30 [ 286.610769][ T27] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.616244][ T27] blkdev_ioctl+0x249/0x770 [ 286.620821][ T27] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 286.626353][ T27] ? selinux_file_ioctl+0x17d/0x270 [ 286.631661][ T27] ? selinux_file_ioctl+0xb5/0x270 [ 286.636849][ T27] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 286.642336][ T27] __x64_sys_ioctl+0x18f/0x210 [ 286.647160][ T27] do_syscall_64+0x38/0xb0 [ 286.651612][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.657623][ T27] RIP: 0033:0x7fa91c4a77b9 [ 286.662047][ T27] RSP: 002b:00007fa91c465228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.670509][ T27] RAX: ffffffffffffffda RBX: 00007fa91c52f3e8 RCX: 00007fa91c4a77b9 [ 286.678572][ T27] RDX: 0000000000000000 RSI: 000000000000125f RDI: 0000000000000003 [ 286.686579][ T27] RBP: 00007fa91c52f3e0 R08: 00007fa91c4656c0 R09: 00007fa91c4656c0 [ 286.694601][ T27] R10: 00007fa91c4656c0 R11: 0000000000000246 R12: 00007fa91c52f3ec [ 286.702565][ T27] R13: 00007fa91c4fc1a4 R14: 64626e2f7665642f R15: 00007ffe57388968 [ 286.710663][ T27] [ 286.713731][ T27] INFO: task syz-executor421:5017 blocked for more than 143 seconds. [ 286.721865][ T27] Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 286.729088][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.737836][ T27] task:syz-executor421 state:D stack:28640 pid:5017 ppid:5012 flags:0x00004006 [ 286.747107][ T27] Call Trace: [ 286.750400][ T27] [ 286.753342][ T27] __schedule+0xee1/0x59f0 [ 286.757820][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.763984][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.769973][ T27] ? io_schedule_timeout+0x150/0x150 [ 286.775331][ T27] ? __mutex_lock+0x962/0x1340 [ 286.780120][ T27] schedule+0xe7/0x1b0 [ 286.784239][ T27] schedule_preempt_disabled+0x13/0x20 [ 286.789729][ T27] __mutex_lock+0x967/0x1340 [ 286.794386][ T27] ? blkdev_put+0xb0/0x8e0 [ 286.798820][ T27] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 286.804417][ T27] ? do_raw_spin_lock+0x12e/0x2b0 [ 286.809557][ T27] ? spin_bug+0x1d0/0x1d0 [ 286.813961][ T27] ? do_raw_spin_unlock+0x173/0x230 [ 286.819185][ T27] ? _raw_spin_unlock+0x28/0x40 [ 286.824106][ T27] ? blkdev_put+0xb0/0x8e0 [ 286.828542][ T27] blkdev_put+0xb0/0x8e0 [ 286.832781][ T27] ? preempt_count_sub+0x150/0x150 [ 286.837966][ T27] ? task_work_run+0x127/0x240 [ 286.842868][ T27] ? blkdev_fsync+0xd0/0xd0 [ 286.847420][ T27] blkdev_release+0x82/0xa0 [ 286.851944][ T27] __fput+0x3f7/0xa70 [ 286.855992][ T27] task_work_run+0x14d/0x240 [ 286.860607][ T27] ? task_work_cancel+0x30/0x30 [ 286.865931][ T27] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 286.871434][ T27] ? selinux_file_ioctl+0x17d/0x270 [ 286.876903][ T27] ? selinux_file_ioctl+0xb5/0x270 [ 286.882019][ T27] ptrace_notify+0x10c/0x130 [ 286.886724][ T27] syscall_exit_to_user_mode_prepare+0x120/0x220 [ 286.893093][ T27] syscall_exit_to_user_mode+0xd/0x60 [ 286.898546][ T27] do_syscall_64+0x44/0xb0 [ 286.902988][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.908932][ T27] RIP: 0033:0x7fa91c4a77b9 [ 286.913361][ T27] RSP: 002b:00007fa91c444228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.921851][ T27] RAX: 0000000000000000 RBX: 00007fa91c52f3f8 RCX: 00007fa91c4a77b9 [ 286.929868][ T27] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006 [ 286.937899][ T27] RBP: 00007fa91c52f3f0 R08: 00007ffe57388967 R09: 00007fa91c4446c0 [ 286.945930][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa91c52f3fc [ 286.954047][ T27] R13: 00007fa91c4fc1a4 R14: 64626e2f7665642f R15: 00007ffe57388968 [ 286.962157][ T27] [ 286.965249][ T27] [ 286.965249][ T27] Showing all locks held in the system: [ 286.973403][ T27] 1 lock held by rcu_tasks_kthre/12: [ 286.978797][ T27] #0: ffffffff8c9a35b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20 [ 286.990318][ T27] 1 lock held by rcu_tasks_trace/13: [ 286.995671][ T27] #0: ffffffff8c9a32b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20 [ 287.006742][ T27] 1 lock held by khungtaskd/27: [ 287.011595][ T27] #0: ffffffff8c9a41c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 287.021545][ T27] 1 lock held by klogd/4456: [ 287.026184][ T27] #0: ffff8880b983c418 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130 [ 287.036202][ T27] 2 locks held by getty/4764: [ 287.040888][ T27] #0: ffff88814bbb1098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 287.050720][ T27] #1: ffffc900020382f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480 [ 287.060905][ T27] 1 lock held by udevd/5013: [ 287.065518][ T27] #0: ffff88814139c4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x4f0/0xb20 [ 287.076668][ T27] 1 lock held by syz-executor421/5016: [ 287.082114][ T27] #0: ffff88814139c4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x4f0/0xb20 [ 287.092780][ T27] 1 lock held by syz-executor421/5017: [ 287.098287][ T27] #0: ffff88814139c4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xb0/0x8e0 [ 287.107671][ T27] [ 287.109999][ T27] ============================================= [ 287.109999][ T27] [ 287.118461][ T27] NMI backtrace for cpu 1 [ 287.122791][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 287.132240][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 287.142301][ T27] Call Trace: [ 287.145591][ T27] [ 287.148523][ T27] dump_stack_lvl+0xd9/0x1b0 [ 287.153131][ T27] nmi_cpu_backtrace+0x277/0x380 [ 287.158111][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.163346][ T27] nmi_trigger_cpumask_backtrace+0x2ac/0x310 [ 287.169340][ T27] watchdog+0xf29/0x11b0 [ 287.173620][ T27] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.179628][ T27] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.185634][ T27] kthread+0x33a/0x430 [ 287.189712][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.195353][ T27] ret_from_fork+0x2c/0x70 [ 287.199797][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.205439][ T27] ret_from_fork_asm+0x11/0x20 [ 287.210234][ T27] [ 287.213356][ T27] Sending NMI from CPU 1 to CPUs 0: [ 287.218637][ C0] NMI backtrace for cpu 0 [ 287.218647][ C0] CPU: 0 PID: 41 Comm: kworker/u4:3 Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 287.218668][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 287.218679][ C0] Workqueue: events_unbound toggle_allocation_gate [ 287.218715][ C0] RIP: 0010:__pte_offset_map+0x16c/0x3c0 [ 287.218743][ C0] Code: ca be bb ff 49 83 fc 43 0f 85 50 01 00 00 e8 2b c3 bb ff 48 c1 eb 09 49 21 ef 48 b8 00 00 00 00 80 88 ff ff 81 e3 f8 0f 00 00 <48> 01 c3 49 01 df e8 09 c3 bb ff 4c 89 f8 48 83 c4 08 5b 5d 41 5c [ 287.218761][ C0] RSP: 0018:ffffc90000d2f8a0 EFLAGS: 00000202 [ 287.218776][ C0] RAX: ffff888000000000 RBX: 0000000000000558 RCX: 0000000000000000 [ 287.218788][ C0] RDX: ffff888014af4140 RSI: ffffffff81c96255 RDI: 0000000000000007 [ 287.218800][ C0] RBP: 0000000012868067 R08: 0000000000000007 R09: 0000000000000043 [ 287.218812][ C0] R10: 0000000000000043 R11: 0000000000000000 R12: 0000000000000043 [ 287.218823][ C0] R13: ffff888012866aa8 R14: 0000000000000000 R15: 0000000012868000 [ 287.218835][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.218854][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.218867][ C0] CR2: 0000558781a45600 CR3: 000000000c776000 CR4: 00000000003506f0 [ 287.218879][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.218890][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.218902][ C0] Call Trace: [ 287.218907][ C0] [ 287.218912][ C0] ? nmi_cpu_backtrace+0x1d4/0x380 [ 287.218932][ C0] ? __pte_offset_map+0x16c/0x3c0 [ 287.218952][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.218979][ C0] ? nmi_handle+0x145/0x400 [ 287.219001][ C0] ? irqentry_nmi_enter+0x7f/0x90 [ 287.219026][ C0] ? __pte_offset_map+0x16c/0x3c0 [ 287.219046][ C0] ? default_do_nmi+0x69/0x160 [ 287.219067][ C0] ? exc_nmi+0x171/0x1e0 [ 287.219087][ C0] ? end_repeat_nmi+0x16/0x31 [ 287.219111][ C0] ? __pte_offset_map+0x155/0x3c0 [ 287.219135][ C0] ? __pte_offset_map+0x16c/0x3c0 [ 287.219155][ C0] ? __pte_offset_map+0x16c/0x3c0 [ 287.219174][ C0] ? __pte_offset_map+0x16c/0x3c0 [ 287.219194][ C0] [ 287.219199][ C0] [ 287.219204][ C0] __pte_offset_map_lock+0x8e/0x250 [ 287.219225][ C0] ? __text_poke+0x435/0x8a0 [ 287.219242][ C0] ? pte_offset_map_nolock+0x1b0/0x1b0 [ 287.219263][ C0] __get_locked_pte+0x75/0xc0 [ 287.219285][ C0] ? kmem_cache_alloc+0xbc/0x400 [ 287.219311][ C0] __text_poke+0x1be/0x8a0 [ 287.219328][ C0] ? setup_data_read+0x200/0x200 [ 287.219346][ C0] ? apply_relocation+0x680/0x680 [ 287.219364][ C0] text_poke_bp_batch+0x507/0x780 [ 287.219382][ C0] ? kmem_cache_alloc+0xbc/0x400 [ 287.219406][ C0] ? __kmem_cache_alloc_node+0xbd/0x470 [ 287.219433][ C0] ? do_sync_core+0x30/0x30 [ 287.219450][ C0] ? __jump_label_patch+0x16c/0x340 [ 287.219475][ C0] ? arch_jump_label_transform_queue+0xa3/0x100 [ 287.219503][ C0] text_poke_finish+0x1a/0x30 [ 287.219521][ C0] arch_jump_label_transform_apply+0x17/0x30 [ 287.219548][ C0] jump_label_update+0x32e/0x410 [ 287.219571][ C0] static_key_disable_cpuslocked+0x154/0x1b0 [ 287.219590][ C0] static_key_disable+0x1a/0x20 [ 287.219608][ C0] toggle_allocation_gate+0x13f/0x250 [ 287.219630][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 287.219651][ C0] ? spin_bug+0x1d0/0x1d0 [ 287.219676][ C0] process_one_work+0xaa2/0x16f0 [ 287.219699][ C0] ? lock_sync+0x190/0x190 [ 287.219720][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 287.219742][ C0] ? spin_bug+0x1d0/0x1d0 [ 287.219766][ C0] worker_thread+0x687/0x1110 [ 287.219788][ C0] ? __kthread_parkme+0x152/0x220 [ 287.219815][ C0] ? process_one_work+0x16f0/0x16f0 [ 287.219836][ C0] kthread+0x33a/0x430 [ 287.219852][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.219872][ C0] ret_from_fork+0x2c/0x70 [ 287.219892][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.219911][ C0] ret_from_fork_asm+0x11/0x20 [ 287.219939][ C0] [ 287.219945][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.308 msecs [ 287.220634][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 287.627588][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.5.0-syzkaller-00453-g727dbda16b83 #0 [ 287.637054][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 287.647111][ T27] Call Trace: [ 287.650394][ T27] [ 287.653327][ T27] dump_stack_lvl+0xd9/0x1b0 [ 287.657932][ T27] panic+0x6a4/0x750 [ 287.661837][ T27] ? panic_smp_self_stop+0xa0/0xa0 [ 287.666959][ T27] ? irq_work_claim+0x76/0x90 [ 287.671649][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.676869][ T27] ? irq_work_queue+0x2a/0x70 [ 287.681557][ T27] ? __wake_up_klogd.part.0+0x99/0xf0 [ 287.686944][ T27] ? watchdog+0xce1/0x11b0 [ 287.691381][ T27] watchdog+0xcf2/0x11b0 [ 287.695644][ T27] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.701667][ T27] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.707691][ T27] kthread+0x33a/0x430 [ 287.711782][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.717432][ T27] ret_from_fork+0x2c/0x70 [ 287.721865][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.727516][ T27] ret_from_fork_asm+0x11/0x20 [ 287.732305][ T27] [ 287.735499][ T27] Kernel Offset: disabled [ 287.739816][ T27] Rebooting in 86400 seconds..