./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3660754053 <...> "sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 76.402394][ T8] cfg80211: failed to load regulatory.db [ 199.859810][ T29] audit: type=1400 audit(1732859604.182:84): avc: denied { write } for pid=5836 comm="sftp-server" path="pipe:[4557]" dev="pipefs" ino=4557 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 202.418738][ T29] audit: type=1400 audit(1732859606.742:85): avc: denied { append } for pid=5192 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 202.445066][ T29] audit: type=1400 audit(1732859606.742:86): avc: denied { open } for pid=5192 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 202.467906][ T29] audit: type=1400 audit(1732859606.742:87): avc: denied { getattr } for pid=5192 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '10.128.0.51' (ED25519) to the list of known hosts. execve("./syz-executor3660754053", ["./syz-executor3660754053"], 0x7fff68280000 /* 10 vars */) = 0 brk(NULL) = 0x5555658f2000 brk(0x5555658f2d40) = 0x5555658f2d40 arch_prctl(ARCH_SET_FS, 0x5555658f23c0) = 0 set_tid_address(0x5555658f2690) = 5851 set_robust_list(0x5555658f26a0, 24) = 0 rseq(0x5555658f2ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3660754053", 4096) = 28 getrandom("\xcf\x0c\x7e\x49\x5f\xb4\x9e\x9e", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555658f2d40 brk(0x555565913d40) = 0x555565913d40 brk(0x555565914000) = 0x555565914000 mprotect(0x7f4908ae8000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5852 attached , child_tidptr=0x5555658f2690) = 5852 [pid 5852] set_robust_list(0x5555658f26a0, 24) = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] getppid() = 0 [pid 5852] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [ 211.872027][ T29] audit: type=1400 audit(1732859616.202:88): avc: denied { execmem } for pid=5851 comm="syz-executor366" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5852] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5852] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5852] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5852] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5852] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5852] unshare(CLONE_NEWNS) = 0 [pid 5852] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5852] unshare(CLONE_NEWIPC) = 0 [pid 5852] unshare(CLONE_NEWCGROUP) = 0 [pid 5852] unshare(CLONE_NEWUTS) = 0 [pid 5852] unshare(CLONE_SYSVSEM) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "16777216", 8) = 8 [pid 5852] close(3) = 0 [ 211.989922][ T29] audit: type=1400 audit(1732859616.312:89): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "536870912", 9) = 9 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1024", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "8192", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1024", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1024", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5852] close(3) = 0 [pid 5852] getpid() = 1 [pid 5852] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0 [pid 5852] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0 [pid 5852] unshare(CLONE_NEWNET) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "0 65535", 7) = 7 [pid 5852] close(3) = 0 [pid 5852] openat(AT_FDCWD, "/proc/sys/fs/mount-max", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "100000", 6) = 6 [pid 5852] close(3) = 0 [pid 5852] mkdir("./syz-tmp", 0777) = 0 [pid 5852] mount("", "./syz-tmp", "tmpfs", 0, NULL) = 0 [pid 5852] mkdir("./syz-tmp/newroot", 0777) = 0 [pid 5852] mkdir("./syz-tmp/newroot/dev", 0700) = 0 [pid 5852] mount("/dev", "./syz-tmp/newroot/dev", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [ 212.371709][ T29] audit: type=1400 audit(1732859616.702:90): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/root/syz-tmp" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 212.394986][ T29] audit: type=1400 audit(1732859616.702:91): avc: denied { mount } for pid=5852 comm="syz-executor366" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [pid 5852] mkdir("./syz-tmp/newroot/proc", 0700) = 0 [pid 5852] mount("syz-proc", "./syz-tmp/newroot/proc", "proc", 0, NULL) = 0 [pid 5852] mkdir("./syz-tmp/newroot/selinux", 0700) = 0 [pid 5852] mount("/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 5852] mount("/sys/fs/selinux", "./syz-tmp/newroot/selinux", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 5852] mkdir("./syz-tmp/newroot/sys", 0700) = 0 [pid 5852] mount("/sys", "./syz-tmp/newroot/sys", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 5852] mount("/sys/kernel/debug", "./syz-tmp/newroot/sys/kernel/debug", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [ 212.417777][ T29] audit: type=1400 audit(1732859616.732:92): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/root/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 212.441924][ T29] audit: type=1400 audit(1732859616.752:93): avc: denied { mount } for pid=5852 comm="syz-executor366" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [pid 5852] mount("/sys/fs/smackfs", "./syz-tmp/newroot/sys/fs/smackfs", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = -1 ENOENT (No such file or directory) [pid 5852] mount("/proc/sys/fs/binfmt_misc", "./syz-tmp/newroot/proc/sys/fs/binfmt_misc", NULL, MS_BIND|MS_REC|MS_PRIVATE, NULL) = 0 [pid 5852] mkdir("./syz-tmp/pivot", 0777) = 0 [pid 5852] pivot_root("./syz-tmp", "./syz-tmp/pivot") = 0 [pid 5852] chdir("/") = 0 [ 212.476421][ T29] audit: type=1400 audit(1732859616.802:94): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/root/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [pid 5852] umount2("./pivot", MNT_DETACH) = 0 [pid 5852] chroot("./newroot") = 0 [pid 5852] chdir("/") = 0 [pid 5852] mkdir("/dev/binderfs", 0777) = 0 [pid 5852] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [ 212.501926][ T29] audit: type=1400 audit(1732859616.812:95): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/root/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=4621 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 212.534697][ T29] audit: type=1400 audit(1732859616.862:96): avc: denied { unmount } for pid=5852 comm="syz-executor366" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 5852] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5852] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5855 attached , child_tidptr=0x5555658f2690) = 2 [pid 5855] set_robust_list(0x5555658f26a0, 24) = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [ 212.557704][ T29] audit: type=1400 audit(1732859616.882:97): avc: denied { mounton } for pid=5852 comm="syz-executor366" path="/dev/binderfs" dev="devtmpfs" ino=2723 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] write(1, "executing program\n", 18executing program ) = 18 [pid 5855] futex(0x7f4908aee32c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] rt_sigaction(SIGRT_1, {sa_handler=0x7f4908a8c780, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4908a7de00}, NULL, 8) = 0 [pid 5855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f49089fe000 [pid 5855] mprotect(0x7f49089ff000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4908a1e990, parent_tid=0x7f4908a1e990, exit_signal=0, stack=0x7f49089fe000, stack_size=0x20300, tls=0x7f4908a1e6c0}./strace-static-x86_64: Process 5856 attached => {parent_tid=[3]}, 88) = 3 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...> [pid 5856] rseq(0x7f4908a1efe0, 0x20, 0, 0x53053053 <unfinished ...> [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] <... rseq resumed>) = 0 [pid 5855] futex(0x7f4908aee328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5856] set_robust_list(0x7f4908a1e9a0, 24 <unfinished ...> [pid 5855] <... futex resumed>) = 0 [pid 5856] <... set_robust_list resumed>) = 0 [pid 5855] futex(0x7f4908aee32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...> [pid 5856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5856] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5856] futex(0x7f4908aee32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f4908aee328, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] futex(0x7f4908aee328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5856] socketpair(AF_UNIX, SOCK_STREAM, 0, <unfinished ...> [pid 5855] <... futex resumed>) = 0 [pid 5856] <... socketpair resumed>[4, 5]) = 0 [pid 5855] futex(0x7f4908aee32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...> [pid 5856] futex(0x7f4908aee32c, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... futex resumed>) = 0 [pid 5855] futex(0x7f4908aee328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5856] ioctl(3, NBD_SET_SOCK, 4 <unfinished ...> [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f4908aee32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...> [pid 5856] <... ioctl resumed>) = 0 [pid 5856] futex(0x7f4908aee32c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] futex(0x7f4908aee328, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...> [pid 5855] futex(0x7f4908aee328, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5856] ioctl(3, NBD_DO_IT <unfinished ...> [pid 5855] futex(0x7f4908aee32c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5855] futex(0x7f4908aee33c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f49089dd000 [pid 5855] mprotect(0x7f49089de000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f49089fd990, parent_tid=0x7f49089fd990, exit_signal=0, stack=0x7f49089dd000, stack_size=0x20300, tls=0x7f49089fd6c0}./strace-static-x86_64: Process 5857 attached <unfinished ...> [pid 5857] rseq(0x7f49089fdfe0, 0x20, 0, 0x53053053 <unfinished ...> [pid 5855] <... clone3 resumed> => {parent_tid=[4]}, 88) = 4 [pid 5857] <... rseq resumed>) = 0 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], <unfinished ...> [pid 5857] set_robust_list(0x7f49089fd9a0, 24 <unfinished ...> [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] <... set_robust_list resumed>) = 0 [pid 5855] futex(0x7f4908aee338, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...> [pid 5857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5857] ioctl(3, NBD_SET_SIZE_BLOCKS, 1 <unfinished ...> [pid 5855] futex(0x7f4908aee33c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...> [pid 5857] <... ioctl resumed>) = 0 [pid 5857] futex(0x7f4908aee33c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [ 212.910172][ T5857] nbd0: detected capacity change from 0 to 2 [pid 5857] futex(0x7f4908aee338, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...> [pid 5855] close(3) = 0 [pid 5855] close(4) = 0 [pid 5855] close(5) = 0 [pid 5855] close(6) = -1 EBADF (Bad file descriptor) [pid 5855] close(7) = -1 EBADF (Bad file descriptor) [pid 5855] close(8) = -1 EBADF (Bad file descriptor) [pid 5855] close(9) = -1 EBADF (Bad file descriptor) [pid 5855] close(10) = -1 EBADF (Bad file descriptor) [pid 5855] close(11) = -1 EBADF (Bad file descriptor) [pid 5855] close(12) = -1 EBADF (Bad file descriptor) [pid 5855] close(13) = -1 EBADF (Bad file descriptor) [pid 5855] close(14) = -1 EBADF (Bad file descriptor) [pid 5855] close(15) = -1 EBADF (Bad file descriptor) [pid 5855] close(16) = -1 EBADF (Bad file descriptor) [pid 5855] close(17) = -1 EBADF (Bad file descriptor) [pid 5855] close(18) = -1 EBADF (Bad file descriptor) [pid 5855] close(19) = -1 EBADF (Bad file descriptor) [pid 5855] close(20) = -1 EBADF (Bad file descriptor) [ 213.111010][ T54] block nbd0: Receive control failed (result -104) [pid 5855] close(21) = -1 EBADF (Bad file descriptor) [pid 5855] close(22) = -1 EBADF (Bad file descriptor) [pid 5855] close(23) = -1 EBADF (Bad file descriptor) [pid 5855] close(24) = -1 EBADF (Bad file descriptor) [pid 5855] close(25) = -1 EBADF (Bad file descriptor) [pid 5855] close(26) = -1 EBADF (Bad file descriptor) [pid 5855] close(27) = -1 EBADF (Bad file descriptor) [pid 5855] close(28) = -1 EBADF (Bad file descriptor) [pid 5855] close(29) = -1 EBADF (Bad file descriptor) [pid 5855] exit_group(0 <unfinished ...> [pid 5857] <... futex resumed>) = ? [pid 5855] <... exit_group resumed>) = ? [pid 5857] +++ exited with 0 +++ [pid 5852] kill(-2, SIGKILL) = 0 [pid 5852] kill(2, SIGKILL) = 0 [pid 5852] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5852] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5852] getdents64(3, 0x5555658f3730 /* 2 entries */, 32768) = 48 [pid 5852] getdents64(3, 0x5555658f3730 /* 0 entries */, 32768) = 0 [pid 5852] close(3) = 0 [ 243.441269][ T26] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 30 seconds [ 272.987651][ T5210] udevd[5210]: worker [5853] /devices/virtual/block/nbd0 is taking a long time [ 273.520802][ T58] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 60 seconds [ 303.600462][ T26] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 90 seconds [ 333.680385][ T26] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 120 seconds [ 363.760346][ T58] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 150 seconds [ 393.137590][ T5210] udevd[5210]: worker [5853] /devices/virtual/block/nbd0 timeout; kill it [ 393.146297][ T5210] udevd[5210]: seq 8756 '/devices/virtual/block/nbd0' killed [ 393.840332][ T26] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 180 seconds [ 423.920373][ T26] block nbd0: Possible stuck request ffff888026025080: control (read@0,1024B). Runtime 210 seconds [ 429.680280][ T30] INFO: task syz-executor366:5856 blocked for more than 143 seconds. [ 429.688452][ T30] Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 429.695827][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.704610][ T30] task:syz-executor366 state:D stack:27328 pid:5856 tgid:5855 ppid:5852 flags:0x00004006 [ 429.714862][ T30] Call Trace: [ 429.718140][ T30] <TASK> [ 429.721099][ T30] __schedule+0xe58/0x5ad0 [ 429.725556][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 429.730786][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 429.735989][ T30] ? __pfx___schedule+0x10/0x10 [ 429.740859][ T30] ? schedule+0x298/0x350 [ 429.745194][ T30] ? __pfx_lock_release+0x10/0x10 [ 429.750241][ T30] ? __mutex_trylock_common+0x78/0x250 [ 429.755719][ T30] ? lock_acquire+0x2f/0xb0 [ 429.760274][ T30] ? schedule+0x1fd/0x350 [ 429.764617][ T30] schedule+0xe7/0x350 [ 429.768688][ T30] schedule_preempt_disabled+0x13/0x30 [ 429.774245][ T30] __mutex_lock+0x62b/0xa60 [ 429.778763][ T30] ? lock_acquire.part.0+0x11b/0x380 [ 429.784086][ T30] ? bdev_release+0x15a/0x6d0 [ 429.788775][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 429.793839][ T30] ? __pfx_lock_release+0x10/0x10 [ 429.798872][ T30] ? locks_remove_file+0x34c/0x5a0 [ 429.804028][ T30] ? do_raw_spin_unlock+0x172/0x230 [ 429.809238][ T30] ? bdev_release+0x15a/0x6d0 [ 429.813959][ T30] bdev_release+0x15a/0x6d0 [ 429.818484][ T30] ? task_work_run+0x126/0x250 [ 429.823287][ T30] ? __pfx_blkdev_release+0x10/0x10 [ 429.828497][ T30] blkdev_release+0x15/0x20 [ 429.833046][ T30] __fput+0x3f8/0xb60 [ 429.837044][ T30] task_work_run+0x14e/0x250 [ 429.841663][ T30] ? __pfx_task_work_run+0x10/0x10 [ 429.846775][ T30] ? __pfx_task_work_add+0x10/0x10 [ 429.851906][ T30] ? __pfx_blkdev_ioctl+0x10/0x10 [ 429.856944][ T30] ? selinux_file_ioctl+0x180/0x270 [ 429.862172][ T30] ptrace_notify+0x10e/0x130 [ 429.866773][ T30] syscall_exit_to_user_mode_prepare+0x126/0x290 [ 429.873141][ T30] syscall_exit_to_user_mode+0x11/0x2a0 [ 429.878704][ T30] do_syscall_64+0xda/0x250 [ 429.883237][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 429.889143][ T30] RIP: 0033:0x7f4908a667b9 [ 429.893591][ T30] RSP: 002b:00007f4908a1e228 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 429.902029][ T30] RAX: 0000000000000000 RBX: 00007f4908aee328 RCX: 00007f4908a667b9 [ 429.909986][ T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 429.918063][ T30] RBP: 00007f4908aee320 R08: 00007f4908a1e6c0 R09: 00007f4908a1e6c0 [ 429.926066][ T30] R10: 00007f4908a1e6c0 R11: 0000000000000246 R12: 00007f4908aee32c [ 429.934070][ T30] R13: 00007f4908abb334 R14: 64626e2f7665642f R15: 00007fff570f0a88 [ 429.942102][ T30] </TASK> [ 429.945128][ T30] [ 429.945128][ T30] Showing all locks held in the system: [ 429.952876][ T30] 1 lock held by khungtaskd/30: [ 429.957731][ T30] #0: ffffffff8e1bbb40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x7f/0x390 [ 429.967650][ T30] 2 locks held by getty/5591: [ 429.972343][ T30] #0: ffff88803735a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 429.982130][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xfba/0x1480 [ 429.992243][ T30] 1 lock held by udevd/5853: [ 429.996839][ T30] #0: ffff88814339e4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe20 [ 430.006163][ T30] 1 lock held by syz-executor366/5856: [ 430.011625][ T30] #0: ffff88814339e4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x15a/0x6d0 [ 430.021233][ T30] [ 430.023548][ T30] ============================================= [ 430.023548][ T30] [ 430.031993][ T30] NMI backtrace for cpu 0 [ 430.036316][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 430.046448][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 430.056483][ T30] Call Trace: [ 430.059739][ T30] <TASK> [ 430.062653][ T30] dump_stack_lvl+0x116/0x1f0 [ 430.067329][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 430.072257][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 430.078228][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 430.084203][ T30] watchdog+0xf14/0x1240 [ 430.088444][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.093117][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 430.098312][ T30] ? __kthread_parkme+0x148/0x220 [ 430.103330][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.107996][ T30] kthread+0x2c1/0x3a0 [ 430.112076][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.117276][ T30] ? __pfx_kthread+0x10/0x10 [ 430.121870][ T30] ret_from_fork+0x45/0x80 [ 430.126279][ T30] ? __pfx_kthread+0x10/0x10 [ 430.130867][ T30] ret_from_fork_asm+0x1a/0x30 [ 430.135650][ T30] </TASK> [ 430.138782][ T30] Sending NMI from CPU 0 to CPUs 1: [ 430.144208][ C1] NMI backtrace for cpu 1 [ 430.144220][ C1] CPU: 1 UID: 0 PID: 1885 Comm: kworker/u8:5 Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 430.144242][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 430.144255][ C1] Workqueue: events_unbound toggle_allocation_gate [ 430.144281][ C1] RIP: 0010:lock_acquire+0x15/0xb0 [ 430.144308][ C1] Code: 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 4d 89 cf 41 56 45 89 c6 41 55 41 89 cd 41 54 <41> 89 d4 55 89 f5 53 48 83 ec 08 48 8b 5c 24 40 48 89 3c 24 53 e8 [ 430.144325][ C1] RSP: 0018:ffffc9000550fbb0 EFLAGS: 00000246 [ 430.144340][ C1] RAX: ffffffff8b30d92d RBX: ffff888029f62440 RCX: 0000000000000000 [ 430.144352][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffff8e088640 [ 430.144365][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 430.144376][ C1] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888029f6246c [ 430.144387][ C1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000 [ 430.144399][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 430.144417][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 430.144431][ C1] CR2: 0000557737343680 CR3: 000000000df7e000 CR4: 00000000003526f0 [ 430.144443][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 430.144454][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 430.144466][ C1] Call Trace: [ 430.144472][ C1] <NMI> [ 430.144478][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 430.144502][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 430.144521][ C1] ? nmi_handle+0x1ac/0x5d0 [ 430.144543][ C1] ? lock_acquire+0x15/0xb0 [ 430.144563][ C1] ? default_do_nmi+0x6a/0x160 [ 430.144584][ C1] ? exc_nmi+0x170/0x1e0 [ 430.144603][ C1] ? end_repeat_nmi+0xf/0x53 [ 430.144623][ C1] ? schedule+0x1fd/0x350 [ 430.144647][ C1] ? lock_acquire+0x15/0xb0 [ 430.144667][ C1] ? lock_acquire+0x15/0xb0 [ 430.144687][ C1] ? lock_acquire+0x15/0xb0 [ 430.144707][ C1] </NMI> [ 430.144712][ C1] <TASK> [ 430.144719][ C1] schedule+0x21c/0x350 [ 430.144741][ C1] ? schedule+0x1fd/0x350 [ 430.144765][ C1] toggle_allocation_gate+0x1db/0x260 [ 430.144787][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 430.144809][ C1] ? trace_lock_acquire+0x14e/0x1f0 [ 430.144837][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 430.144858][ C1] ? lock_acquire+0x2f/0xb0 [ 430.144877][ C1] ? process_one_work+0x921/0x1ba0 [ 430.144899][ C1] process_one_work+0x9c5/0x1ba0 [ 430.144923][ C1] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 430.144944][ C1] ? __pfx_process_one_work+0x10/0x10 [ 430.144964][ C1] ? rcu_is_watching+0x12/0xc0 [ 430.144992][ C1] ? assign_work+0x1a0/0x250 [ 430.145011][ C1] worker_thread+0x6c8/0xf00 [ 430.145035][ C1] ? __kthread_parkme+0x148/0x220 [ 430.145061][ C1] ? __pfx_worker_thread+0x10/0x10 [ 430.145081][ C1] kthread+0x2c1/0x3a0 [ 430.145104][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.145128][ C1] ? __pfx_kthread+0x10/0x10 [ 430.145152][ C1] ret_from_fork+0x45/0x80 [ 430.145171][ C1] ? __pfx_kthread+0x10/0x10 [ 430.145195][ C1] ret_from_fork_asm+0x1a/0x30 [ 430.145227][ C1] </TASK> [ 430.145234][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.025 msecs [ 430.146210][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 430.146222][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-syzkaller-10689-g7af08b57bcb9 #0 [ 430.146244][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 430.146255][ T30] Call Trace: [ 430.146261][ T30] <TASK> [ 430.146269][ T30] dump_stack_lvl+0x3d/0x1f0 [ 430.146299][ T30] panic+0x71d/0x800 [ 430.146327][ T30] ? __pfx_panic+0x10/0x10 [ 430.146353][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 430.146377][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 430.146396][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 430.146417][ T30] ? watchdog+0xd7e/0x1240 [ 430.146441][ T30] ? watchdog+0xd71/0x1240 [ 430.146466][ T30] watchdog+0xd8f/0x1240 [ 430.146492][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.146514][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 430.146541][ T30] ? __kthread_parkme+0x148/0x220 [ 430.146568][ T30] ? __pfx_watchdog+0x10/0x10 [ 430.146591][ T30] kthread+0x2c1/0x3a0 [ 430.146614][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.146637][ T30] ? __pfx_kthread+0x10/0x10 [ 430.146662][ T30] ret_from_fork+0x45/0x80 [ 430.146681][ T30] ? __pfx_kthread+0x10/0x10 [ 430.146706][ T30] ret_from_fork_asm+0x1a/0x30 [ 430.146742][ T30] </TASK> [ 430.594540][ T30] Kernel Offset: disabled [ 430.598851][ T30] Rebooting in 86400 seconds..