./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1501870680 <...> Warning: Permanently added '10.128.1.143' (ECDSA) to the list of known hosts. execve("./syz-executor1501870680", ["./syz-executor1501870680"], 0x7ffd68a63330 /* 10 vars */) = 0 brk(NULL) = 0x555556549000 brk(0x555556549c40) = 0x555556549c40 arch_prctl(ARCH_SET_FS, 0x555556549300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1501870680", 4096) = 28 brk(0x55555656ac40) = 0x55555656ac40 brk(0x55555656b000) = 0x55555656b000 mprotect(0x7f8750190000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565495d0) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8747cd5000 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5075] munmap(0x7f8747cd5000, 262144) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file0", 0777) = 0 syzkaller login: [ 41.943346][ T5075] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5075 'syz-executor150' [ 41.958528][ T5075] loop0: detected capacity change from 0 to 512 [ 41.970312][ T5075] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 41.983742][ T5075] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [pid 5075] mount("/dev/loop0", "./file0", "ext4", MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_SYNCHRONOUS, ",errors=continue") = 0 [pid 5075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file0") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5075] write(4, "0x0000000080000000", 18) = 18 [ 41.997976][ T5075] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2265: inode #15: comm syz-executor150: corrupted in-inode xattr: overlapping e_value [ 42.013074][ T5075] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz-executor150: couldn't read orphan inode 15 (err -117) [ 42.025821][ T5075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5075] ioctl(4, _IOC(_IOC_WRITE, 0x58, 0x29, 0x30), 0x20000140 [pid 5074] kill(-5075, SIGKILL) = 0 [pid 5074] kill(5075, SIGKILL) = 0 [pid 5074] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5074] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5074] getdents64(3, 0x55555654a620 /* 2 entries */, 32768) = 48 [pid 5074] getdents64(3, 0x55555654a620 /* 0 entries */, 32768) = 0 [pid 5074] close(3) = 0 [ 70.389462][ T22] cfg80211: failed to load regulatory.db [ 285.426356][ T28] INFO: task syz-executor150:5075 blocked for more than 143 seconds. [ 285.434531][ T28] Not tainted 6.3.0-rc3-syzkaller #0 [ 285.440373][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.449124][ T28] task:syz-executor150 state:D stack:25328 pid:5075 ppid:5074 flags:0x00004004 [ 285.458398][ T28] Call Trace: [ 285.461675][ T28] [ 285.464588][ T28] __schedule+0xc91/0x5770 [ 285.469076][ T28] ? find_held_lock+0x2d/0x110 [ 285.473894][ T28] ? io_schedule_timeout+0x150/0x150 [ 285.479209][ T28] ? lock_downgrade+0x690/0x690 [ 285.484083][ T28] ? mark_held_locks+0x9f/0xe0 [ 285.488869][ T28] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 285.494698][ T28] schedule+0xde/0x1a0 [ 285.498791][ T28] io_schedule+0xbe/0x130 [ 285.503131][ T28] bit_wait_io+0x16/0xe0 [ 285.507397][ T28] __wait_on_bit_lock+0x11f/0x1a0 [ 285.512441][ T28] ? out_of_line_wait_on_bit_timeout+0x170/0x170 [ 285.518813][ T28] out_of_line_wait_on_bit_lock+0xd9/0x110 [ 285.524634][ T28] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 285.529868][ T28] ? cpuacct_css_alloc+0x160/0x160 [ 285.534997][ T28] ? _raw_spin_unlock+0x28/0x40 [ 285.539876][ T28] __sync_dirty_buffer+0x30e/0x380 [ 285.545011][ T28] __ext4_handle_dirty_metadata+0x2b7/0x8e0 [ 285.550949][ T28] ? __ext4_journal_get_create_access+0x182/0x1f0 [ 285.557445][ T28] ext4_convert_inline_data_nolock+0x6e6/0xf10 [ 285.563630][ T28] ? ext4_destroy_inline_data_nolock+0x580/0x580 [ 285.570016][ T28] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 285.576031][ T28] ? __ext4_journal_start_sb+0x1fc/0x5d0 [ 285.581715][ T28] ? ext4_convert_inline_data+0x316/0x5f0 [ 285.587466][ T28] ext4_convert_inline_data+0x51a/0x5f0 [ 285.593000][ T28] ? ext4_inline_data_truncate+0xd70/0xd70 [ 285.598837][ T28] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 285.604835][ T28] ? aa_path_link+0x2f0/0x2f0 [ 285.609539][ T28] ext4_fallocate+0x19f/0x3d90 [ 285.614331][ T28] ? ext4_ext_truncate+0x400/0x400 [ 285.619476][ T28] ? ext4_ext_truncate+0x400/0x400 [ 285.624617][ T28] vfs_fallocate+0x48b/0xe40 [ 285.629240][ T28] ioctl_preallocate+0x18e/0x200 [ 285.634201][ T28] ? fiemap_prep+0x220/0x220 [ 285.638830][ T28] do_vfs_ioctl+0x1306/0x1670 [ 285.643536][ T28] ? vfs_fileattr_set+0xc40/0xc40 [ 285.648613][ T28] ? find_held_lock+0x2d/0x110 [ 285.653404][ T28] ? name_to_dev_t+0x362/0x9d0 [ 285.658203][ T28] ? lock_downgrade+0x690/0x690 [ 285.663070][ T28] ? bpf_lsm_file_ioctl+0x9/0x10 [ 285.668042][ T28] __x64_sys_ioctl+0x10c/0x210 [ 285.672833][ T28] do_syscall_64+0x39/0xb0 [ 285.677333][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.683260][ T28] RIP: 0033:0x7f8750122539 [ 285.687727][ T28] RSP: 002b:00007ffc2b205978 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 285.696150][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8750122539 [ 285.704173][ T28] RDX: 0000000020000140 RSI: 0000000040305829 RDI: 0000000000000004 [ 285.712281][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 285.720309][ T28] R10: 0000000000000012 R11: 0000000000000246 R12: 00007ffc2b2059a0 [ 285.728300][ T28] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 285.736309][ T28] [ 285.739346][ T28] [ 285.739346][ T28] Showing all locks held in the system: [ 285.747095][ T28] 1 lock held by rcu_tasks_kthre/12: [ 285.752378][ T28] #0: ffffffff8c794b70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.762848][ T28] 1 lock held by rcu_tasks_trace/13: [ 285.768201][ T28] #0: ffffffff8c794870 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.779294][ T28] 1 lock held by khungtaskd/28: [ 285.784143][ T28] #0: ffffffff8c7956c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 285.794057][ T28] 2 locks held by getty/4754: [ 285.798752][ T28] #0: ffff88802bf6c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 285.808526][ T28] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 285.818688][ T28] 3 locks held by syz-executor150/5075: [ 285.824206][ T28] #0: ffff888077614460 (sb_writers#4){.+.+}-{0:0}, at: ioctl_preallocate+0x18e/0x200 [ 285.833883][ T28] #1: ffff888076a50e08 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x197/0x3d90 [ 285.844589][ T28] #2: ffff888076a50ad0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x352/0x5f0 [ 285.855122][ T28] [ 285.857480][ T28] ============================================= [ 285.857480][ T28] [ 285.865875][ T28] NMI backtrace for cpu 0 [ 285.870181][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-rc3-syzkaller #0 [ 285.878233][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 285.888267][ T28] Call Trace: [ 285.891524][ T28] [ 285.894432][ T28] dump_stack_lvl+0xd9/0x150 [ 285.899013][ T28] nmi_cpu_backtrace+0x29c/0x350 [ 285.903929][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 285.909110][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 285.915077][ T28] watchdog+0xe16/0x1090 [ 285.919332][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 285.925293][ T28] kthread+0x2e8/0x3a0 [ 285.929340][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 285.934951][ T28] ret_from_fork+0x1f/0x30 [ 285.939360][ T28] [ 285.942455][ T28] Sending NMI from CPU 0 to CPUs 1: [ 285.947697][ C1] NMI backtrace for cpu 1 [ 285.947705][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.3.0-rc3-syzkaller #0 [ 285.947718][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 285.947724][ C1] RIP: 0010:load_balance+0xa0b/0x2c40 [ 285.947743][ C1] Code: fb 01 0f 86 07 17 00 00 48 c7 c0 20 fd 4b 8a 48 ba 00 00 00 00 00 fc ff df 48 89 c1 83 e0 07 48 c1 e9 03 83 c0 03 0f b6 14 11 <38> d0 7c 08 84 d2 0f 85 8b 21 00 00 4c 8b 64 24 60 c7 44 24 5c 00 [ 285.947754][ C1] RSP: 0018:ffffc900001e0c00 EFLAGS: 00000206 [ 285.947765][ C1] RAX: 0000000000000003 RBX: 0000000000000002 RCX: 1ffffffff1497fa4 [ 285.947773][ C1] RDX: 0000000000000004 RSI: ffff8880b983c280 RDI: ffff88801667f43c [ 285.947781][ C1] RBP: ffffc900001e0de0 R08: 0000000000000000 R09: ffffffff8e77bfd7 [ 285.947789][ C1] R10: fffffbfff1cef7fa R11: 00000000000003ff R12: 0000000000000000 [ 285.947797][ C1] R13: 0000000000000000 R14: ffff8880b983c280 R15: dffffc0000000000 [ 285.947807][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 285.947819][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 285.947828][ C1] CR2: 000056523db57680 CR3: 00000000297b0000 CR4: 0000000000350ee0 [ 285.947836][ C1] Call Trace: [ 285.947839][ C1] [ 285.947844][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 285.947864][ C1] ? find_busiest_group+0x9f0/0x9f0 [ 285.947881][ C1] rebalance_domains+0x68b/0xc60 [ 285.947895][ C1] ? __pick_next_task_fair+0x10/0x10 [ 285.947910][ C1] _nohz_idle_balance.isra.0+0x4cd/0x6d0 [ 285.947925][ C1] __do_softirq+0x1d4/0x905 [ 285.947948][ C1] __irq_exit_rcu+0x114/0x190 [ 285.947961][ C1] irq_exit_rcu+0x9/0x20 [ 285.947973][ C1] sysvec_call_function_single+0x97/0xc0 [ 285.947990][ C1] [ 285.947993][ C1] [ 285.947996][ C1] asm_sysvec_call_function_single+0x1a/0x20 [ 285.948016][ C1] RIP: 0010:acpi_safe_halt+0x40/0x50 [ 285.948033][ C1] Code: eb 03 83 e3 01 89 de 0f 1f 44 00 00 84 db 75 1b 0f 1f 44 00 00 eb 0c 0f 1f 44 00 00 0f 00 2d f7 b3 af 00 0f 1f 44 00 00 fb f4 5b c3 cc 0f 1f 00 66 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 0f [ 285.948044][ C1] RSP: 0018:ffffc90000177d20 EFLAGS: 00000246 [ 285.948052][ C1] RAX: ffff8880167d9d40 RBX: 0000000000000000 RCX: ffffffff8a01e175 [ 285.948060][ C1] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 285.948067][ C1] RBP: ffff8880177d4064 R08: 0000000000000001 R09: ffff8880b9936cab [ 285.948074][ C1] R10: ffffed1017326d95 R11: 0000000000000000 R12: 0000000000000001 [ 285.948081][ C1] R13: ffff8880177d4000 R14: ffff8880177d4064 R15: 0000000000000000 [ 285.948091][ C1] ? ct_kernel_exit+0x1d5/0x240 [ 285.948109][ C1] acpi_idle_do_entry+0x53/0x70 [ 285.948126][ C1] acpi_idle_enter+0x173/0x290 [ 285.948143][ C1] ? cpuidle_enter+0x4e/0xa0 [ 285.948159][ C1] cpuidle_enter_state+0xd3/0x6f0 [ 285.948178][ C1] cpuidle_enter+0x4e/0xa0 [ 285.948192][ C1] do_idle+0x305/0x3e0 [ 285.948207][ C1] ? arch_cpu_idle_exit+0x30/0x30 [ 285.948222][ C1] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 285.948241][ C1] ? lockdep_hardirqs_on+0x7d/0x100 [ 285.948257][ C1] cpu_startup_entry+0x18/0x20 [ 285.948272][ C1] start_secondary+0x221/0x2b0 [ 285.948288][ C1] ? set_cpu_sibling_map+0x1fb0/0x1fb0 [ 285.948306][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 285.948328][ C1] [ 285.948719][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.278736][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-rc3-syzkaller #0 [ 286.286790][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 286.296829][ T28] Call Trace: [ 286.300096][ T28] [ 286.303013][ T28] dump_stack_lvl+0xd9/0x150 [ 286.307596][ T28] panic+0x688/0x730 [ 286.311746][ T28] ? panic_smp_self_stop+0x90/0x90 [ 286.316854][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.322040][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 286.327409][ T28] ? watchdog+0xbe8/0x1090 [ 286.331815][ T28] watchdog+0xbf9/0x1090 [ 286.336047][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.342015][ T28] kthread+0x2e8/0x3a0 [ 286.346070][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.351696][ T28] ret_from_fork+0x1f/0x30 [ 286.356116][ T28] [ 286.359788][ T28] Kernel Offset: disabled [ 286.364101][ T28] Rebooting in 86400 seconds..