./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor386550725 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 3210 [ 28.750504][ T3211] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.763919][ T3211] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.83' (ECDSA) to the list of known hosts. execve("./syz-executor386550725", ["./syz-executor386550725"], 0x7ffcc9e30100 /* 10 vars */) = 0 brk(NULL) = 0x5555563d2000 brk(0x5555563d2c40) = 0x5555563d2c40 arch_prctl(ARCH_SET_FS, 0x5555563d2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor386550725", 4096) = 27 brk(0x5555563f3c40) = 0x5555563f3c40 brk(0x5555563f4000) = 0x5555563f4000 mprotect(0x7f6c364e7000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d25d0) = 3639 ./strace-static-x86_64: Process 3639 attached [pid 3639] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3639] setpgid(0, 0) = 0 [pid 3639] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3639] write(3, "1000", 4) = 4 [pid 3639] close(3) = 0 [pid 3639] memfd_create("syzkaller", 0) = 3 [pid 3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6c2e02c000 [pid 3639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 3639] munmap(0x7f6c2e02c000, 1048576) = 0 [pid 3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3639] close(3) = 0 [pid 3639] mkdir("./file0", 0777) = 0 [pid 3639] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "stripe=0x0000000000000006,grpquota,i_version,dioread_lock,max_dir_size_kb=0x0000000000000401,jqfmt=v"...) = 0 [pid 3639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3639] chdir("./file0") = 0 [pid 3639] ioctl(4, LOOP_CLR_FD) = 0 [pid 3639] close(4) = 0 [pid 3639] openat(AT_FDCWD, "blkio.bfq.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3639] write(4, "\x65\x78\x74\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 76) = 76 syzkaller login: [ 58.604447][ T3639] loop0: detected capacity change from 0 to 2048 [ 58.614759][ T3639] EXT4-fs: Ignoring removed i_version option [ 58.636304][ T3639] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [pid 3639] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x28, 0x30), 0x20000080 [pid 3638] kill(-3639, SIGKILL) = 0 [pid 3638] kill(3639, SIGKILL) = 0 [pid 3638] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3638] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3638] getdents64(3, 0x5555563d3620 /* 2 entries */, 32768) = 48 [pid 3638] getdents64(3, 0x5555563d3620 /* 0 entries */, 32768) = 0 [pid 3638] close(3) = 0 [ 76.242392][ T14] cfg80211: failed to load regulatory.db [ 286.161089][ T28] INFO: task syz-executor386:3639 blocked for more than 143 seconds. [ 286.169245][ T28] Not tainted 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 [ 286.177654][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.186480][ T28] task:syz-executor386 state:D stack:20688 pid:3639 ppid:3638 flags:0x00004004 [ 286.195762][ T28] Call Trace: [ 286.199030][ T28] [ 286.202059][ T28] __schedule+0x8c9/0xd70 [ 286.206529][ T28] ? release_firmware_map_entry+0x185/0x185 [ 286.212473][ T28] ? lockdep_hardirqs_on+0x8d/0x130 [ 286.217705][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 286.223697][ T28] ? _raw_spin_unlock+0x40/0x40 [ 286.228564][ T28] schedule+0xcb/0x190 [ 286.232684][ T28] io_schedule+0x83/0x100 [ 286.237025][ T28] bit_wait_io+0xe/0xc0 [ 286.241269][ T28] __wait_on_bit_lock+0xbb/0x1a0 [ 286.246218][ T28] ? bit_wait+0xc0/0xc0 [ 286.250364][ T28] out_of_line_wait_on_bit_lock+0x1c3/0x240 [ 286.256347][ T28] ? bit_wait+0xc0/0xc0 [ 286.260526][ T28] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 286.265840][ T28] ? bit_waitqueue+0x30/0x30 [ 286.270505][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.275793][ T28] __sync_dirty_buffer+0x107/0x330 [ 286.281074][ T28] __ext4_handle_dirty_metadata+0x29a/0x810 [ 286.287037][ T28] ? ext4_convert_inline_data_nolock+0x670/0x820 [ 286.293432][ T28] ext4_convert_inline_data_nolock+0x6e8/0x820 [ 286.299611][ T28] ? ext4_add_dirent_to_inline+0x450/0x450 [ 286.305521][ T28] ? __ext4_journal_start_sb+0x16e/0x1d0 [ 286.311193][ T28] ext4_convert_inline_data+0x4bf/0x600 [ 286.316729][ T28] ? memalloc_retry_wait+0xb0/0xb0 [ 286.321931][ T28] ext4_fallocate+0x149/0x1c90 [ 286.326702][ T28] ? rcu_read_lock_any_held+0xb1/0x130 [ 286.332272][ T28] ? memalloc_retry_wait+0xb0/0xb0 [ 286.337389][ T28] vfs_fallocate+0x515/0x670 [ 286.342094][ T28] do_vfs_ioctl+0x2187/0x29a0 [ 286.346809][ T28] ? __x64_compat_sys_ioctl+0x80/0x80 [ 286.352224][ T28] ? __lock_acquire+0x1f60/0x1f60 [ 286.357251][ T28] ? slab_free_freelist_hook+0x12e/0x1a0 [ 286.363015][ T28] ? tomoyo_path_number_perm+0x59e/0x760 [ 286.368716][ T28] ? __kmem_cache_free+0x71/0x110 [ 286.373790][ T28] ? tomoyo_path_number_perm+0x607/0x760 [ 286.379432][ T28] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 286.384988][ T28] ? _raw_spin_lock_irqsave+0x100/0x100 [ 286.390573][ T28] ? do_notify_parent+0xe00/0xe00 [ 286.395689][ T28] ? bpf_lsm_file_ioctl+0x5/0x10 [ 286.400704][ T28] ? security_file_ioctl+0x9d/0xb0 [ 286.405940][ T28] __se_sys_ioctl+0x83/0x170 [ 286.410546][ T28] do_syscall_64+0x3d/0xb0 [ 286.415034][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.420989][ T28] RIP: 0033:0x7f6c36479289 [ 286.425402][ T28] RSP: 002b:00007ffe1c6ef008 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.433867][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6c36479289 [ 286.441868][ T28] RDX: 0000000020000080 RSI: 0000000040305828 RDI: 0000000000000004 [ 286.449827][ T28] RBP: 0000000000000000 R08: 00007f6c364e7ec0 R09: 00007f6c364e7ec0 [ 286.457872][ T28] R10: 00007f6c364e7ec0 R11: 0000000000000246 R12: 00007ffe1c6ef030 [ 286.465920][ T28] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 286.473959][ T28] [ 286.477005][ T28] [ 286.477005][ T28] Showing all locks held in the system: [ 286.484766][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.490055][ T28] #0: ffffffff8d127330 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.500560][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.505894][ T28] #0: ffffffff8d127b30 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.516909][ T28] 1 lock held by khungtaskd/28: [ 286.521773][ T28] #0: ffffffff8d127160 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.531177][ T28] 1 lock held by klogd/2986: [ 286.535770][ T28] #0: ffff8880b9939dd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x25/0x110 [ 286.545895][ T28] 2 locks held by getty/3311: [ 286.550568][ T28] #0: ffff888020c81098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 286.560429][ T28] #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650 [ 286.570635][ T28] 3 locks held by syz-executor386/3639: [ 286.576226][ T28] #0: ffff88802870a460 (sb_writers#4){.+.+}-{0:0}, at: vfs_fallocate+0x489/0x670 [ 286.585510][ T28] #1: ffff8880751b4030 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x141/0x1c90 [ 286.596183][ T28] #2: ffff8880751b3cf8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x39b/0x600 [ 286.606596][ T28] [ 286.608913][ T28] ============================================= [ 286.608913][ T28] [ 286.617366][ T28] NMI backtrace for cpu 0 [ 286.621685][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 [ 286.631466][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.641501][ T28] Call Trace: [ 286.644764][ T28] [ 286.647677][ T28] dump_stack_lvl+0x1b1/0x28e [ 286.652337][ T28] ? nf_tcp_handle_invalid+0x62e/0x62e [ 286.657776][ T28] ? panic+0x710/0x710 [ 286.661847][ T28] ? console_unlock+0x281/0x6f0 [ 286.666691][ T28] ? console_trylock_spinning+0x410/0x410 [ 286.672399][ T28] ? nmi_cpu_backtrace+0x205/0x4f0 [ 286.677501][ T28] nmi_cpu_backtrace+0x46f/0x4f0 [ 286.682427][ T28] ? vprintk_emit+0x109/0x1e0 [ 286.687099][ T28] ? nmi_trigger_cpumask_backtrace+0x420/0x420 [ 286.693237][ T28] ? _printk+0xc0/0x100 [ 286.697381][ T28] ? panic+0x710/0x710 [ 286.701440][ T28] ? __wake_up_klogd+0xcd/0x100 [ 286.706282][ T28] ? panic+0x710/0x710 [ 286.710337][ T28] ? nmi_trigger_cpumask_backtrace+0xc9/0x420 [ 286.716390][ T28] nmi_trigger_cpumask_backtrace+0x1ba/0x420 [ 286.722357][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.728466][ T28] watchdog+0xcf5/0xd40 [ 286.732666][ T28] kthread+0x266/0x300 [ 286.736722][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.741735][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.746313][ T28] ret_from_fork+0x1f/0x30 [ 286.750740][ T28] [ 286.753891][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.759107][ C1] NMI backtrace for cpu 1 [ 286.759115][ C1] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 [ 286.759129][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.759138][ C1] Workqueue: events_unbound toggle_allocation_gate [ 286.759160][ C1] RIP: 0010:__lock_acquire+0x787/0x1f60 [ 286.759177][ C1] Code: 41 8b 2f 81 e5 ff 1f 00 00 48 89 e8 48 c1 e8 06 48 8d 3c c5 40 71 59 90 be 08 00 00 00 e8 61 66 74 00 48 0f a3 2d d9 10 ef 0e <72> 37 48 ba 00 00 00 00 00 fc ff df 48 8b 44 24 50 0f b6 04 10 84 [ 286.759188][ C1] RSP: 0018:ffffc900001076a8 EFLAGS: 00000057 [ 286.759198][ C1] RAX: 0000000000000001 RBX: ffff88813fee4568 RCX: ffffffff816a605f [ 286.759207][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff90597140 [ 286.759215][ C1] RBP: 0000000000000006 R08: dffffc0000000000 R09: fffffbfff20b2e29 [ 286.759223][ C1] R10: fffffbfff20b2e29 R11: 1ffffffff20b2e28 R12: 0000000000000003 [ 286.759232][ C1] R13: 0000000000000004 R14: 0000000000000003 R15: ffff88813fee4568 [ 286.759240][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.759250][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.759259][ C1] CR2: 0000557e2b6c6990 CR3: 000000000ce8e000 CR4: 00000000003506e0 [ 286.759271][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.759278][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.759286][ C1] Call Trace: [ 286.759289][ C1] [ 286.759300][ C1] lock_acquire+0x182/0x3c0 [ 286.759314][ C1] ? arch_jump_label_transform_queue+0x3f/0xd0 [ 286.759367][ C1] ? read_lock_is_recursive+0x10/0x10 [ 286.759380][ C1] ? arch_jump_label_transform_queue+0x7c/0xd0 [ 286.759400][ C1] ? __might_sleep+0xc0/0xc0 [ 286.759435][ C1] ? arch_jump_label_transform_queue+0x7c/0xd0 [ 286.759454][ C1] ? __lock_acquire+0x1f60/0x1f60 [ 286.759469][ C1] __mutex_lock_common+0x1bd/0x26e0 [ 286.759486][ C1] ? arch_jump_label_transform_queue+0x3f/0xd0 [ 286.759509][ C1] ? __mutex_unlock_slowpath+0x222/0x770 [ 286.759524][ C1] ? arch_jump_label_transform_queue+0x3f/0xd0 [ 286.759542][ C1] ? text_poke_finish+0x30/0x30 [ 286.759574][ C1] ? mutex_lock_io_nested+0x60/0x60 [ 286.759590][ C1] ? mutex_unlock+0x10/0x10 [ 286.759611][ C1] mutex_lock_nested+0x17/0x20 [ 286.759626][ C1] arch_jump_label_transform_queue+0x3f/0xd0 [ 286.759646][ C1] __jump_label_update+0x19b/0x3b0 [ 286.759694][ C1] static_key_disable_cpuslocked+0xc8/0x1b0 [ 286.759713][ C1] static_key_disable+0x16/0x20 [ 286.759730][ C1] toggle_allocation_gate+0x3b8/0x450 [ 286.759747][ C1] ? virt_to_slab+0x2c0/0x2c0 [ 286.759765][ C1] ? rcu_read_lock_sched_held+0x87/0x110 [ 286.759779][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 286.759792][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 286.759813][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.759832][ C1] process_one_work+0x877/0xdb0 [ 286.759870][ C1] ? worker_detach_from_pool+0x260/0x260 [ 286.759888][ C1] ? _raw_spin_lock_irq+0xba/0xf0 [ 286.759907][ C1] ? _raw_spin_lock_irqsave+0x100/0x100 [ 286.759929][ C1] worker_thread+0xb14/0x1330 [ 286.759956][ C1] kthread+0x266/0x300 [ 286.759969][ C1] ? rcu_lock_release+0x20/0x20 [ 286.759984][ C1] ? kthread_blkcg+0xd0/0xd0 [ 286.759997][ C1] ret_from_fork+0x1f/0x30 [ 286.760020][ C1] [ 286.760192][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.094863][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-rc8-syzkaller-00018-g479174d402bc #0 [ 287.104643][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.114678][ T28] Call Trace: [ 287.117940][ T28] [ 287.120853][ T28] dump_stack_lvl+0x1b1/0x28e [ 287.125520][ T28] ? nf_tcp_handle_invalid+0x62e/0x62e [ 287.130972][ T28] ? panic+0x710/0x710 [ 287.135035][ T28] ? vscnprintf+0x59/0x80 [ 287.139346][ T28] panic+0x2d6/0x710 [ 287.143220][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 287.148834][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.154970][ T28] ? memcpy_page_flushcache+0xfc/0xfc [ 287.160331][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.166463][ T28] ? nmi_trigger_cpumask_backtrace+0x34e/0x420 [ 287.172609][ T28] ? nmi_trigger_cpumask_backtrace+0x353/0x420 [ 287.178741][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.184790][ T28] watchdog+0xd35/0xd40 [ 287.188934][ T28] kthread+0x266/0x300 [ 287.192983][ T28] ? hungtask_pm_notify+0x50/0x50 [ 287.197986][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.202558][ T28] ret_from_fork+0x1f/0x30 [ 287.206965][ T28] [ 287.210147][ T28] Kernel Offset: disabled [ 287.214462][ T28] Rebooting in 86400 seconds..