./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1068832623 <...> Warning: Permanently added '10.128.0.31' (ECDSA) to the list of known hosts. execve("./syz-executor1068832623", ["./syz-executor1068832623"], 0x7ffdbf3f80e0 /* 10 vars */) = 0 brk(NULL) = 0x555557538000 brk(0x555557538c40) = 0x555557538c40 arch_prctl(ARCH_SET_FS, 0x555557538300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1068832623", 4096) = 28 brk(0x555557559c40) = 0x555557559c40 brk(0x55555755a000) = 0x55555755a000 mprotect(0x7f118465d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555575385d0) = 5074 ./strace-static-x86_64: Process 5074 attached [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5074] write(3, "1000", 4) = 4 [pid 5074] close(3) = 0 [pid 5074] mkdir("./file0", 000) = 0 [pid 5074] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 5074] socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0 [pid 5074] ioctl(3, NBD_SET_SOCK, 4) = 0 [pid 5074] mount("/dev/nbd0", "./file0", "reiserfs", 0, NULL [pid 5073] kill(-5074, SIGKILL) = 0 [pid 5073] kill(5074, SIGKILL) = 0 [pid 5073] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5073] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5073] getdents64(3, 0x555557539620 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(3, 0x555557539620 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 syzkaller login: [ 76.302608][ T897] cfg80211: failed to load regulatory.db [ 87.821456][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 30 seconds [ 117.900441][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 60 seconds [ 147.980457][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 90 seconds [ 178.060461][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 120 seconds [ 208.140479][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 150 seconds [ 238.220541][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 180 seconds [ 268.300400][ T991] block nbd0: Possible stuck request ffff88801e460000: control (read@8192,4096B). Runtime 210 seconds [ 286.220430][ T28] INFO: task syz-executor106:5074 blocked for more than 143 seconds. [ 286.228588][ T28] Not tainted 6.1.0-next-20221220-syzkaller #0 [ 286.235383][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.244137][ T28] task:syz-executor106 state:D stack:25776 pid:5074 ppid:5073 flags:0x00004004 [ 286.253437][ T28] Call Trace: [ 286.256733][ T28] [ 286.259661][ T28] __schedule+0x2544/0x53f0 [ 286.264269][ T28] ? lock_chain_count+0x20/0x20 [ 286.269170][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.274558][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 286.279969][ T28] ? preempt_schedule_common+0x59/0xc0 [ 286.285502][ T28] schedule+0xde/0x1b0 [ 286.289600][ T28] io_schedule+0xbe/0x130 [ 286.293988][ T28] bit_wait_io+0x16/0xe0 [ 286.298260][ T28] __wait_on_bit+0x64/0x180 [ 286.302893][ T28] ? bit_wait+0xe0/0xe0 [ 286.307088][ T28] out_of_line_wait_on_bit+0xd9/0x110 [ 286.312557][ T28] ? __wait_on_bit+0x180/0x180 [ 286.317377][ T28] ? group_init+0x6b0/0x6b0 [ 286.321993][ T28] __bread_gfp+0x29e/0x330 [ 286.326605][ T28] read_super_block+0x83/0x930 [ 286.331553][ T28] reiserfs_fill_super+0x75a/0x2e90 [ 286.336978][ T28] ? reiserfs_remount+0x1540/0x1540 [ 286.342253][ T28] ? sget+0x476/0x580 [ 286.346351][ T28] ? snprintf+0xbf/0x100 [ 286.350988][ T28] ? vsprintf+0x30/0x30 [ 286.355195][ T28] ? wait_for_completion_io_timeout+0x20/0x20 [ 286.361365][ T28] ? up_write+0x1b0/0x520 [ 286.366286][ T28] mount_bdev+0x351/0x410 [ 286.370757][ T28] ? reiserfs_remount+0x1540/0x1540 [ 286.376032][ T28] ? reiserfs_kill_sb+0x1e0/0x1e0 [ 286.381128][ T28] legacy_get_tree+0x109/0x220 [ 286.385997][ T28] vfs_get_tree+0x8d/0x2f0 [ 286.390527][ T28] path_mount+0x132a/0x1e20 [ 286.395119][ T28] ? kmem_cache_free+0xee/0x5c0 [ 286.400006][ T28] ? finish_automount+0x960/0x960 [ 286.405233][ T28] ? putname+0x102/0x140 [ 286.409569][ T28] __x64_sys_mount+0x283/0x300 [ 286.414406][ T28] ? copy_mnt_ns+0xb30/0xb30 [ 286.419111][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.424379][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.429676][ T28] ? ptrace_notify+0xfe/0x140 [ 286.434493][ T28] do_syscall_64+0x39/0xb0 [ 286.438958][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.444985][ T28] RIP: 0033:0x7f11845f03d9 [ 286.449434][ T28] RSP: 002b:00007ffd28d7b748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 286.457906][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f11845f03d9 [ 286.465975][ T28] RDX: 00000000200003c0 RSI: 0000000020000380 RDI: 0000000020000340 [ 286.474004][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffd28d7b8e8 [ 286.482055][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f11845af6f0 [ 286.490049][ T28] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 286.498103][ T28] [ 286.501206][ T28] [ 286.501206][ T28] Showing all locks held in the system: [ 286.508921][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.514253][ T28] #0: ffffffff8c791cf0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.524923][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.530251][ T28] #0: ffffffff8c7919f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.541310][ T28] 1 lock held by khungtaskd/28: [ 286.546148][ T28] #0: ffffffff8c792840 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x2c2 [ 286.556208][ T28] 2 locks held by getty/4754: [ 286.560922][ T28] #0: ffff88802783c098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.570799][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.581225][ T28] 1 lock held by syz-executor106/5074: [ 286.586878][ T28] #0: ffff888079c100e0 (&type->s_umount_key#24/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb60 [ 286.597106][ T28] [ 286.599442][ T28] ============================================= [ 286.599442][ T28] [ 286.607904][ T28] NMI backtrace for cpu 1 [ 286.612244][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-next-20221220-syzkaller #0 [ 286.621168][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.631212][ T28] Call Trace: [ 286.634567][ T28] [ 286.637488][ T28] dump_stack_lvl+0xd1/0x138 [ 286.642087][ T28] nmi_cpu_backtrace.cold+0x24/0x18a [ 286.647402][ T28] nmi_trigger_cpumask_backtrace+0x32f/0x3c0 [ 286.653644][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.658924][ T28] watchdog+0xc75/0xfc0 [ 286.663164][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.669192][ T28] kthread+0x2e8/0x3a0 [ 286.673281][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.679110][ T28] ret_from_fork+0x1f/0x30 [ 286.683999][ T28] [ 286.687132][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.692411][ C0] NMI backtrace for cpu 0 [ 286.692421][ C0] CPU: 0 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.0-next-20221220-syzkaller #0 [ 286.692440][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.692452][ C0] Workqueue: events_unbound toggle_allocation_gate [ 286.692482][ C0] RIP: 0010:__bitmap_and+0x182/0x210 [ 286.692524][ C0] Code: 48 89 eb 48 c1 ea 03 48 21 c3 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 75 6a 48 09 1c 24 49 89 1f e8 32 2e 79 fd 48 8b 1c 24 <31> ff 48 89 de e8 f4 2a 79 fd 48 85 db 0f 95 c0 48 83 c4 30 5b 5d [ 286.692541][ C0] RSP: 0018:ffffc900000e7910 EFLAGS: 00000293 [ 286.692554][ C0] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 286.692565][ C0] RDX: ffff88813fe30000 RSI: ffffffff840826ae RDI: 0000000000000005 [ 286.692577][ C0] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000000 [ 286.692588][ C0] R10: 0000000000000002 R11: 0000000000000000 R12: ffffffff8e72fad0 [ 286.692599][ C0] R13: 0000000000000000 R14: 0000000000000002 R15: ffff8880b983c6c8 [ 286.692610][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.692627][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.692640][ C0] CR2: 000055cdf528d680 CR3: 000000000c48e000 CR4: 00000000003506f0 [ 286.692651][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.692662][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.692673][ C0] Call Trace: [ 286.692677][ C0] [ 286.692685][ C0] ? _find_first_and_bit+0xac/0xd0 [ 286.692735][ C0] smp_call_function_many_cond+0x778/0x1090 [ 286.692788][ C0] ? __kmem_cache_alloc_node+0x132/0x430 [ 286.692807][ C0] ? optimize_nops+0x2d0/0x2d0 [ 286.692830][ C0] ? do_raw_spin_unlock+0x175/0x230 [ 286.692851][ C0] ? __flush_smp_call_function_queue+0x9a0/0x9a0 [ 286.692882][ C0] ? perf_event_bpf_event+0x4d0/0x4d0 [ 286.692914][ C0] ? text_poke_memset+0x60/0x60 [ 286.692936][ C0] ? optimize_nops+0x2d0/0x2d0 [ 286.692959][ C0] on_each_cpu_cond_mask+0x5a/0xa0 [ 286.692984][ C0] ? __kmem_cache_alloc_node+0x132/0x430 [ 286.693004][ C0] text_poke_bp_batch+0x3f1/0x6b0 [ 286.693030][ C0] ? do_sync_core+0x30/0x30 [ 286.693054][ C0] ? __jump_label_update+0x296/0x410 [ 286.693102][ C0] text_poke_finish+0x1a/0x30 [ 286.693124][ C0] arch_jump_label_transform_apply+0x17/0x30 [ 286.693143][ C0] jump_label_update+0x32f/0x410 [ 286.693174][ C0] static_key_disable_cpuslocked+0x156/0x1b0 [ 286.693204][ C0] static_key_disable+0x1a/0x20 [ 286.693233][ C0] toggle_allocation_gate+0x143/0x230 [ 286.693260][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 286.693285][ C0] ? trace_lock_acquire+0x1d1/0x290 [ 286.693307][ C0] process_one_work+0x9bf/0x1710 [ 286.693334][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.693355][ C0] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.693374][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 286.693394][ C0] ? lock_acquire+0x32/0xc0 [ 286.693410][ C0] ? worker_thread+0x16d/0x1090 [ 286.693434][ C0] worker_thread+0x669/0x1090 [ 286.693461][ C0] ? process_one_work+0x1710/0x1710 [ 286.693484][ C0] kthread+0x2e8/0x3a0 [ 286.693501][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 286.693522][ C0] ret_from_fork+0x1f/0x30 [ 286.693553][ C0] [ 286.693559][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.148 msecs [ 286.694406][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.028925][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.1.0-next-20221220-syzkaller #0 [ 287.037872][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.048017][ T28] Call Trace: [ 287.051304][ T28] [ 287.054239][ T28] dump_stack_lvl+0xd1/0x138 [ 287.058858][ T28] panic+0x2cc/0x626 [ 287.062802][ T28] ? panic_print_sys_info.part.0+0x110/0x110 [ 287.068818][ T28] ? irq_work_claim+0x76/0x90 [ 287.073587][ T28] ? irq_work_queue+0x2d/0x80 [ 287.078301][ T28] ? watchdog.cold+0x130/0x158 [ 287.085113][ T28] watchdog.cold+0x141/0x158 [ 287.089746][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.096921][ T28] kthread+0x2e8/0x3a0 [ 287.101009][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.106659][ T28] ret_from_fork+0x1f/0x30 [ 287.111108][ T28] [ 287.114325][ T28] Kernel Offset: disabled [ 287.118647][ T28] Rebooting in 86400 seconds..