./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3176111468 <...> Warning: Permanently added '10.128.0.123' (ED25519) to the list of known hosts. execve("./syz-executor3176111468", ["./syz-executor3176111468"], 0x7ffeaab764c0 /* 10 vars */) = 0 brk(NULL) = 0x555577bd1000 brk(0x555577bd1d40) = 0x555577bd1d40 arch_prctl(ARCH_SET_FS, 0x555577bd13c0) = 0 set_tid_address(0x555577bd1690) = 5858 set_robust_list(0x555577bd16a0, 24) = 0 rseq(0x555577bd1ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3176111468", 4096) = 28 getrandom("\xba\x0d\x2a\x72\x7c\x9d\x8c\x61", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555577bd1d40 brk(0x555577bf2d40) = 0x555577bf2d40 brk(0x555577bf3000) = 0x555577bf3000 mprotect(0x7fbef6900000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.XZbjzR", 0700) = 0 chmod("./syzkaller.XZbjzR", 0777) = 0 chdir("./syzkaller.XZbjzR") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5859 attached , child_tidptr=0x555577bd1690) = 5859 [pid 5859] set_robust_list(0x555577bd16a0, 24) = 0 [pid 5859] chdir("./0") = 0 [pid 5859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5859] setpgid(0, 0) = 0 [pid 5859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5859] write(3, "1000", 4) = 4 [pid 5859] close(3) = 0 [pid 5859] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5859] write(1, "executing program\n", 18) = 18 [pid 5859] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] rt_sigaction(SIGRT_1, {sa_handler=0x7fbef689f030, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbef68901e0}, NULL, 8) = 0 [pid 5859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbef680d000 [pid 5859] mprotect(0x7fbef680e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbef682d990, parent_tid=0x7fbef682d990, exit_signal=0, stack=0x7fbef680d000, stack_size=0x20300, tls=0x7fbef682d6c0}./strace-static-x86_64: Process 5861 attached [pid 5861] rseq(0x7fbef682dfe0, 0x20, 0, 0x53053053) = 0 [pid 5861] set_robust_list(0x7fbef682d9a0, 24 [pid 5859] <... clone3 resumed> => {parent_tid=[5861]}, 88) = 5861 [pid 5861] <... set_robust_list resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbeee400000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5861] munmap(0x7fbeee400000, 138412032) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] close(4) = 0 [pid 5861] mkdir("./file1", 0777) = 0 [ 250.968470][ T5861] loop0: detected capacity change from 0 to 32768 [ 251.047066][ T5861] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 251.047080][ T5861] allowing incompatible features above 0.0: (unknown version) [ 251.047086][ T5861] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 251.083908][ T5861] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 251.092315][ T5861] bcachefs (loop0): initializing new filesystem [ 251.106638][ T5861] bcachefs (loop0): going read-write [ 251.134245][ T5861] bcachefs (loop0): marking superblocks [ 251.151172][ T5861] bcachefs (loop0): initializing freespace [ 251.160139][ T5861] bcachefs (loop0): done initializing freespace [ 251.170232][ T5861] bcachefs (loop0): reading snapshots table [ 251.176217][ T5861] bcachefs (loop0): reading snapshots done [pid 5861] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS|MS_NODIRATIME, "") = 0 [pid 5861] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file1") = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_CLR_FD) = 0 [ 251.194399][ T5861] bcachefs (loop0): loop0: Superblock write was silently dropped! (seq 0 expected 42) [ 251.204793][ T5861] bcachefs (loop0): done starting filesystem [pid 5861] close(4) = 0 [pid 5861] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7fbef6906708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5861] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... open resumed>) = 4 [pid 5861] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... openat resumed>) = 5 [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7fbef6906708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5861] pwrite64(5, "Q", 1, 2099584) = 1 [pid 5861] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 5859] <... futex resumed>) = 0 [pid 5861] <... openat resumed>) = 6 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7fbef690670c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] <... futex resumed>) = 0 [pid 5861] futex(0x7fbef6906708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5859] futex(0x7fbef6906708, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5859] <... futex resumed>) = 0 [pid 5861] sendfile(6, 6, NULL, 3758096384 [ 251.292671][ T30] audit: type=1800 audit(1750753968.525:2): pid=5861 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor317" name="file1" dev="loop0" ino=4098 res=0 errno=0 [pid 5859] futex(0x7fbef690670c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5859] futex(0x7fbef690671c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbef67ec000 [pid 5859] mprotect(0x7fbef67ed000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5859] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbef680c990, parent_tid=0x7fbef680c990, exit_signal=0, stack=0x7fbef67ec000, stack_size=0x20300, tls=0x7fbef680c6c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7fbef680cfe0, 0x20, 0, 0x53053053 [pid 5859] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... rseq resumed>) = 0 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] set_robust_list(0x7fbef680c9a0, 24 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5859] futex(0x7fbef6906718, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] <... futex resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] futex(0x7fbef690671c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] openat(AT_FDCWD, "./bus", O_RDWR|O_CREAT|O_NOCTTY|O_NONBLOCK|O_NOATIME, 000) = 7 [pid 5873] futex(0x7fbef690671c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5859] futex(0x7fbef6906718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7fbef690671c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... futex resumed>) = 1 [pid 5873] copy_file_range(4, NULL, 7, NULL, 18446739674052682843, 0 [pid 5859] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5859] futex(0x7fbef690671c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5859] exit_group(0) = ? [pid 5858] kill(-5859, SIGKILL) = 0 [pid 5858] kill(5859, SIGKILL) = 0 [pid 5858] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5858] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5858] getdents64(3, 0x555577bd2730 /* 2 entries */, 32768) = 48 [pid 5858] getdents64(3, 0x555577bd2730 /* 0 entries */, 32768) = 0 [pid 5858] close(3) = 0 [ 429.847598][ T31] INFO: task syz-executor317:5861 blocked for more than 143 seconds. [ 429.855726][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 429.863523][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 429.872248][ T31] task:syz-executor317 state:D stack:15992 pid:5861 tgid:5859 ppid:5858 task_flags:0x440140 flags:0x00004006 [ 429.884520][ T31] Call Trace: [ 429.887953][ T31] [ 429.890887][ T31] __schedule+0x16a2/0x4cb0 [ 429.895387][ T31] ? blk_mq_flush_plug_list+0x41f/0x550 [ 429.901003][ T31] ? do_raw_spin_lock+0x121/0x290 [ 429.906042][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 429.911991][ T31] ? schedule+0x165/0x360 [ 429.916383][ T31] ? __lock_acquire+0xab9/0xd20 [ 429.921534][ T31] ? __pfx___schedule+0x10/0x10 [ 429.926404][ T31] ? schedule+0x91/0x360 [ 429.930782][ T31] schedule+0x165/0x360 [ 429.934980][ T31] __bch2_two_state_lock+0x1ea/0x370 [ 429.940408][ T31] ? __pfx___bch2_two_state_lock+0x10/0x10 [ 429.946289][ T31] ? __bch2_darray_resize_noprof+0xd7/0x290 [ 429.952311][ T31] ? __bch2_darray_resize_noprof+0x1c9/0x290 [ 429.958521][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 429.964621][ T31] ? __bch2_darray_resize_noprof+0x1c9/0x290 [ 429.970685][ T31] ? blk_start_plug+0x52/0x1b0 [ 429.975469][ T31] bch2_readahead+0x94f/0x1100 [ 429.980410][ T31] ? __pfx_bch2_readahead+0x10/0x10 [ 429.985671][ T31] ? __folio_batch_add_and_move+0x20a/0xd20 [ 429.991655][ T31] ? blk_start_plug+0x6f/0x1b0 [ 429.996451][ T31] read_pages+0x177/0x580 [ 430.000912][ T31] ? __pfx_read_pages+0x10/0x10 [ 430.005943][ T31] ? filemap_add_folio+0x1af/0x270 [ 430.011220][ T31] page_cache_ra_order+0xa24/0xc70 [ 430.016463][ T31] filemap_get_pages+0xb22/0x1ea0 [ 430.021629][ T31] ? __kasan_slab_free+0x62/0x70 [ 430.026584][ T31] ? splice_direct_to_actor+0x5a5/0xcc0 [ 430.032214][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.038374][ T31] ? __pfx_filemap_get_pages+0x10/0x10 [ 430.043847][ T31] ? __pfx___might_resched+0x10/0x10 [ 430.049164][ T31] ? kasan_quarantine_put+0xdd/0x220 [ 430.054463][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.059731][ T31] filemap_splice_read+0x4fc/0xbc0 [ 430.064877][ T31] ? __pfx_filemap_splice_read+0x10/0x10 [ 430.070623][ T31] ? __pfx_iter_file_splice_write+0x10/0x10 [ 430.076548][ T31] ? file_end_write+0x156/0x250 [ 430.081544][ T31] ? direct_splice_actor+0x10c/0x160 [ 430.086867][ T31] ? __pfx_filemap_splice_read+0x10/0x10 [ 430.092586][ T31] splice_direct_to_actor+0x4a6/0xcc0 [ 430.098021][ T31] ? __pfx_direct_splice_actor+0x10/0x10 [ 430.103675][ T31] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 430.109723][ T31] do_splice_direct+0x181/0x270 [ 430.114604][ T31] ? __pfx_do_splice_direct+0x10/0x10 [ 430.120219][ T31] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 430.126138][ T31] ? rw_verify_area+0x258/0x650 [ 430.131083][ T31] do_sendfile+0x4da/0x7e0 [ 430.135530][ T31] ? __pfx_do_sendfile+0x10/0x10 [ 430.140574][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 430.145808][ T31] ? ptrace_notify+0x22d/0x2c0 [ 430.150746][ T31] __se_sys_sendfile64+0x13e/0x190 [ 430.155874][ T31] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 430.161562][ T31] ? rcu_is_watching+0x15/0xb0 [ 430.166341][ T31] do_syscall_64+0xfa/0x3b0 [ 430.170895][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.176969][ T31] ? asm_common_interrupt+0x26/0x40 [ 430.182280][ T31] ? clear_bhb_loop+0x60/0xb0 [ 430.186977][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.192944][ T31] RIP: 0033:0x7fbef6878c19 [ 430.197416][ T31] RSP: 002b:00007fbef682d218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 430.205844][ T31] RAX: ffffffffffffffda RBX: 00007fbef6906708 RCX: 00007fbef6878c19 [ 430.213948][ T31] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 430.221971][ T31] RBP: 00007fbef6906700 R08: 0000000000000000 R09: 0000000000000000 [ 430.229973][ T31] R10: 00000000e0000000 R11: 0000000000000246 R12: 00007fbef68d2b48 [ 430.237991][ T31] R13: 0000200000000040 R14: 0000200000000200 R15: 0700000000000000 [ 430.245958][ T31] [ 430.249028][ T31] INFO: task syz-executor317:5873 blocked for more than 143 seconds. [ 430.257113][ T31] Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 [ 430.264820][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 430.273558][ T31] task:syz-executor317 state:D stack:23688 pid:5873 tgid:5859 ppid:5858 task_flags:0x400040 flags:0x00004006 [ 430.285574][ T31] Call Trace: [ 430.288877][ T31] [ 430.291800][ T31] __schedule+0x16a2/0x4cb0 [ 430.296299][ T31] ? schedule+0x165/0x360 [ 430.300686][ T31] ? __pfx___schedule+0x10/0x10 [ 430.305593][ T31] ? schedule+0x91/0x360 [ 430.309886][ T31] schedule+0x165/0x360 [ 430.314067][ T31] io_schedule+0x81/0xe0 [ 430.318457][ T31] folio_wait_bit_common+0x6b0/0xb90 [ 430.323763][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 430.329626][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 430.335204][ T31] ? folio_unlock+0x101/0x160 [ 430.339959][ T31] bch2_mark_pagecache_unallocated+0x3a2/0x920 [ 430.346212][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.351469][ T31] ? __pfx_bch2_mark_pagecache_unallocated+0x10/0x10 [ 430.358213][ T31] ? quota_reserve_range+0x8d9/0xa10 [ 430.363515][ T31] ? quota_reserve_range+0x223/0xa10 [ 430.368842][ T31] ? __pfx_down_write_nested+0x10/0x10 [ 430.374309][ T31] ? file_update_time+0x2da/0x490 [ 430.379442][ T31] bch2_remap_file_range+0x92c/0xd10 [ 430.384751][ T31] ? __lock_acquire+0xab9/0xd20 [ 430.389696][ T31] ? __pfx_bch2_remap_file_range+0x10/0x10 [ 430.395519][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 430.401062][ T31] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 430.406984][ T31] ? __pfx_bch2_remap_file_range+0x10/0x10 [ 430.412840][ T31] vfs_copy_file_range+0xd53/0x1310 [ 430.418112][ T31] ? __pfx_vfs_copy_file_range+0x10/0x10 [ 430.423772][ T31] ? __fget_files+0x3a0/0x420 [ 430.428544][ T31] __se_sys_copy_file_range+0x2fb/0x470 [ 430.434103][ T31] ? __pfx_ptrace_notify+0x10/0x10 [ 430.439289][ T31] ? __pfx___se_sys_copy_file_range+0x10/0x10 [ 430.445371][ T31] ? rcu_is_watching+0x15/0xb0 [ 430.450181][ T31] ? __x64_sys_copy_file_range+0x21/0xf0 [ 430.455838][ T31] do_syscall_64+0xfa/0x3b0 [ 430.460418][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.466502][ T31] ? __switch_to_asm+0x39/0x70 [ 430.471340][ T31] ? clear_bhb_loop+0x60/0xb0 [ 430.476125][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.482085][ T31] RIP: 0033:0x7fbef6878c19 [ 430.486547][ T31] RSP: 002b:00007fbef680c208 EFLAGS: 00000246 ORIG_RAX: 0000000000000146 [ 430.495006][ T31] RAX: ffffffffffffffda RBX: 00007fbef6906718 RCX: 00007fbef6878c19 [ 430.503038][ T31] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000004 [ 430.511049][ T31] RBP: 00007fbef6906710 R08: fffffbffa003e45b R09: 0700000000000000 [ 430.519117][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbef68d2b48 [ 430.527101][ T31] R13: 0000200000000040 R14: 0000200000000200 R15: 0700000000000000 [ 430.535221][ T31] [ 430.538364][ T31] [ 430.538364][ T31] Showing all locks held in the system: [ 430.546127][ T31] 1 lock held by khungtaskd/31: [ 430.551069][ T31] #0: ffffffff8e13ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 430.561059][ T31] 2 locks held by getty/5591: [ 430.565721][ T31] #0: ffff88814c63b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 430.575616][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 430.585825][ T31] 1 lock held by syz-executor317/5861: [ 430.591377][ T31] #0: ffff888075f502e8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0x445/0xc70 [ 430.602348][ T31] 3 locks held by syz-executor317/5873: [ 430.607966][ T31] #0: ffff88823bf76428 (sb_writers#8){.+.+}-{0:0}, at: vfs_copy_file_range+0x916/0x1310 [ 430.617961][ T31] #1: ffff888075f50148 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: lock_two_nondirectories+0xe7/0x180 [ 430.629357][ T31] #2: ffff888075f508e0 (&sb->s_type->i_mutex_key#14/4){+.+.}-{4:4}, at: bch2_remap_file_range+0x2b0/0xd10 [ 430.640958][ T31] [ 430.643280][ T31] ============================================= [ 430.643280][ T31] [ 430.651821][ T31] NMI backtrace for cpu 1 [ 430.651841][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 430.651858][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 430.651866][ T31] Call Trace: [ 430.651872][ T31] [ 430.651879][ T31] dump_stack_lvl+0x189/0x250 [ 430.651904][ T31] ? __wake_up_klogd+0xd9/0x110 [ 430.651920][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.651940][ T31] ? __pfx__printk+0x10/0x10 [ 430.651968][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 430.651990][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 430.652006][ T31] ? _printk+0xcf/0x120 [ 430.652025][ T31] ? __pfx__printk+0x10/0x10 [ 430.652042][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 430.652064][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 430.652086][ T31] watchdog+0xfee/0x1030 [ 430.652108][ T31] ? watchdog+0x1de/0x1030 [ 430.652138][ T31] kthread+0x70e/0x8a0 [ 430.652156][ T31] ? __pfx_watchdog+0x10/0x10 [ 430.652174][ T31] ? __pfx_kthread+0x10/0x10 [ 430.652192][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.652212][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.652232][ T31] ? __pfx_kthread+0x10/0x10 [ 430.652250][ T31] ret_from_fork+0x3fc/0x770 [ 430.652273][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 430.652299][ T31] ? __switch_to_asm+0x39/0x70 [ 430.652312][ T31] ? __switch_to_asm+0x33/0x70 [ 430.652326][ T31] ? __pfx_kthread+0x10/0x10 [ 430.652343][ T31] ret_from_fork_asm+0x1a/0x30 [ 430.652388][ T31] [ 430.652394][ T31] Sending NMI from CPU 1 to CPUs 0: [ 430.809954][ C0] NMI backtrace for cpu 0 [ 430.809969][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 430.809988][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 430.809997][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 430.810022][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 95 28 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 430.810034][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 430.810048][ C0] RAX: 7a0e49d0e75ae700 RBX: ffffffff81974c68 RCX: 7a0e49d0e75ae700 [ 430.810060][ C0] RDX: 0000000000000001 RSI: ffffffff8d96ea60 RDI: ffffffff8be1b9c0 [ 430.810071][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 430.810082][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8f9fe1f0 [ 430.810094][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 430.810104][ C0] FS: 0000000000000000(0000) GS:ffff888125c83000(0000) knlGS:0000000000000000 [ 430.810116][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 430.810126][ C0] CR2: 0000559e8db2f168 CR3: 000000000df38000 CR4: 00000000003526f0 [ 430.810140][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 430.810148][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 430.810158][ C0] Call Trace: [ 430.810166][ C0] [ 430.810172][ C0] default_idle+0x13/0x20 [ 430.810187][ C0] default_idle_call+0x74/0xb0 [ 430.810202][ C0] do_idle+0x1e8/0x510 [ 430.810231][ C0] ? __pfx_do_idle+0x10/0x10 [ 430.810251][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.810271][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 430.810290][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 430.810312][ C0] cpu_startup_entry+0x44/0x60 [ 430.810332][ C0] rest_init+0x2de/0x300 [ 430.810346][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 430.810364][ C0] start_kernel+0x47d/0x500 [ 430.810386][ C0] x86_64_start_reservations+0x24/0x30 [ 430.810402][ C0] x86_64_start_kernel+0x143/0x1c0 [ 430.810417][ C0] common_startup_64+0x13e/0x147 [ 430.810440][ C0] [ 430.810949][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 431.033362][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) [ 431.045348][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 431.055574][ T31] Call Trace: [ 431.058850][ T31] [ 431.061776][ T31] dump_stack_lvl+0x99/0x250 [ 431.066387][ T31] ? __asan_memcpy+0x40/0x70 [ 431.070966][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.076158][ T31] ? __pfx__printk+0x10/0x10 [ 431.080771][ T31] panic+0x2db/0x790 [ 431.084661][ T31] ? __pfx_panic+0x10/0x10 [ 431.089075][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 431.094875][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 431.100238][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 431.106385][ T31] watchdog+0x102d/0x1030 [ 431.110734][ T31] ? watchdog+0x1de/0x1030 [ 431.115170][ T31] kthread+0x70e/0x8a0 [ 431.119242][ T31] ? __pfx_watchdog+0x10/0x10 [ 431.123912][ T31] ? __pfx_kthread+0x10/0x10 [ 431.128613][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 431.133812][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.139016][ T31] ? __pfx_kthread+0x10/0x10 [ 431.143595][ T31] ret_from_fork+0x3fc/0x770 [ 431.148180][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 431.153286][ T31] ? __switch_to_asm+0x39/0x70 [ 431.158055][ T31] ? __switch_to_asm+0x33/0x70 [ 431.162832][ T31] ? __pfx_kthread+0x10/0x10 [ 431.167444][ T31] ret_from_fork_asm+0x1a/0x30 [ 431.172221][ T31] [ 431.175471][ T31] Kernel Offset: disabled [ 431.179788][ T31] Rebooting in 86400 seconds..