./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4125685314 <...> Warning: Permanently added '10.128.0.164' (ECDSA) to the list of known hosts. execve("./syz-executor4125685314", ["./syz-executor4125685314"], 0x7ffd1eaf8ca0 /* 10 vars */) = 0 brk(NULL) = 0x555556ee4000 brk(0x555556ee4c40) = 0x555556ee4c40 arch_prctl(ARCH_SET_FS, 0x555556ee4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556ee45d0) = 3612 set_robust_list(0x555556ee45e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f29b1ab1b20, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f29b1ab21f0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f29b1ab1bc0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f29b1ab21f0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4125685314", 4096) = 28 brk(0x555556f05c40) = 0x555556f05c40 brk(0x555556f06000) = 0x555556f06000 mprotect(0x7f29b1b75000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 3612 mkdir("./syzkaller.uWl3ak", 0700) = 0 chmod("./syzkaller.uWl3ak", 0777) = 0 chdir("./syzkaller.uWl3ak") = 0 mkdir("./0", 0777) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3613 attached , child_tidptr=0x555556ee45d0) = 3613 [pid 3613] set_robust_list(0x555556ee45e0, 24) = 0 [pid 3613] chdir("./0") = 0 [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3613] setpgid(0, 0) = 0 [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3613] write(3, "1000", 4) = 4 [pid 3613] close(3) = 0 [pid 3613] symlink("/dev/binderfs", "./binderfs") = 0 [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29b1a81000 [pid 3613] mprotect(0x7f29b1a82000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3613] clone(child_stack=0x7f29b1aa13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3614], tls=0x7f29b1aa1700, child_tidptr=0x7f29b1aa19d0) = 3614 [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3614 attached [pid 3614] set_robust_list(0x7f29b1aa19e0, 24) = 0 [pid 3614] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3614] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [pid 3614] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 3614] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7f29b1b7b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] pivot_root("./file0", "./file0" [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... pivot_root resumed>) = 0 [pid 3614] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7f29b1b7b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] read(3, [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3614] <... read resumed>"\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x24\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 3614] futex(0x7f29b1b7b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3613] <... futex resumed>) = 0 [pid 3614] futex(0x7f29b1b7b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3613] futex(0x7f29b1b7b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 3613] <... futex resumed>) = 0 [pid 3614] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 3613] futex(0x7f29b1b7b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3613] futex(0x7f29b1b7b4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f29b1a60000 [pid 3613] mprotect(0x7f29b1a61000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3613] clone(child_stack=0x7f29b1a803f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3616], tls=0x7f29b1a80700, child_tidptr=0x7f29b1a809d0) = 3616 [pid 3613] futex(0x7f29b1b7b4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3616 attached [pid 3616] set_robust_list(0x7f29b1a809e0, 24) = 0 [pid 3616] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x15\x30\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 3616] futex(0x7f29b1b7b4dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f29b1b7b4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] read(3, "\x2c\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x0e\x00\x00\x00\x00\x00\x00\x64\x65\x76\x00", 8192) = 44 [pid 3616] futex(0x7f29b1b7b4dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3613] <... futex resumed>) = 0 [pid 3613] futex(0x7f29b1b7b4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3613] futex(0x7f29b1b7b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3616] <... futex resumed>) = 1 [pid 3616] write(3, "\x2c\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xf4\x31\x03\x00\x00\x00\x00\x00\x00\x00\x28\x39\x5c\x00", 44 [pid 3613] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3613] exit_group(0) = ? [pid 3612] kill(-3613, SIGKILL) = 0 [pid 3612] kill(3613, SIGKILL) = 0 syzkaller login: [ 75.850619][ T26] cfg80211: failed to load regulatory.db [ 285.769594][ T28] INFO: task syslogd:2954 blocked for more than 143 seconds. [ 285.777179][ T28] Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 285.784801][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.793519][ T28] task:syslogd state:D stack:25896 pid: 2954 ppid: 1 flags:0x00000000 [ 285.802742][ T28] Call Trace: [ 285.806010][ T28] [ 285.808938][ T28] __schedule+0xadf/0x52b0 [ 285.813431][ T28] ? rwsem_down_read_slowpath+0x280/0xb10 [ 285.819141][ T28] ? io_schedule_timeout+0x140/0x140 [ 285.824483][ T28] schedule+0xda/0x1b0 [ 285.828564][ T28] rwsem_down_read_slowpath+0x59f/0xb10 [ 285.834154][ T28] ? down_write+0x150/0x150 [ 285.838647][ T28] ? lock_release+0x780/0x780 [ 285.843372][ T28] down_read+0xe2/0x450 [ 285.847529][ T28] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 285.853306][ T28] ? lookup_fast+0x14e/0x520 [ 285.857889][ T28] walk_component+0x332/0x5a0 [ 285.862702][ T28] link_path_walk.part.0+0x74e/0xe20 [ 285.867984][ T28] ? walk_component+0x5a0/0x5a0 [ 285.872893][ T28] ? percpu_counter_add_batch+0xbd/0x180 [ 285.878545][ T28] path_openat+0x262/0x28f0 [ 285.883080][ T28] ? path_lookupat+0x840/0x840 [ 285.887837][ T28] do_filp_open+0x1b6/0x400 [ 285.892393][ T28] ? may_open_dev+0xf0/0xf0 [ 285.896883][ T28] ? find_held_lock+0x2d/0x110 [ 285.901670][ T28] ? do_raw_spin_lock+0x120/0x2a0 [ 285.906685][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 285.911679][ T28] ? _find_next_bit+0x1e3/0x260 [ 285.916527][ T28] ? _raw_spin_unlock+0x24/0x40 [ 285.921429][ T28] ? alloc_fd+0x2f0/0x6f0 [ 285.925771][ T28] do_sys_openat2+0x16d/0x4c0 [ 285.930549][ T28] ? build_open_flags+0x6f0/0x6f0 [ 285.935575][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 285.940461][ T28] __x64_sys_openat+0x13f/0x1f0 [ 285.945305][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 285.950283][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 285.956162][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 285.962087][ T28] do_syscall_64+0x35/0xb0 [ 285.966488][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.972440][ T28] RIP: 0033:0x7f600686b697 [ 285.976843][ T28] RSP: 002b:00007ffc893ed6a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 285.985287][ T28] RAX: ffffffffffffffda RBX: 000055f27b512910 RCX: 00007f600686b697 [ 285.993298][ T28] RDX: 0000000000000d41 RSI: 00007f60069f999a RDI: 00000000ffffff9c [ 286.001300][ T28] RBP: 00007f60069f999a R08: 00007f60068fb040 R09: 00007f60068fb0c0 [ 286.009388][ T28] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000d41 [ 286.017345][ T28] R13: 000055f27b512a50 R14: 0000000000000003 R15: 000055f27b512a60 [ 286.025371][ T28] [ 286.028394][ T28] INFO: task udevd:2972 blocked for more than 143 seconds. [ 286.035623][ T28] Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 286.043179][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.051874][ T28] task:udevd state:D stack:27096 pid: 2972 ppid: 1 flags:0x00000000 [ 286.061149][ T28] Call Trace: [ 286.064419][ T28] [ 286.067337][ T28] __schedule+0xadf/0x52b0 [ 286.071850][ T28] ? rwsem_down_read_slowpath+0x280/0xb10 [ 286.077570][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.082879][ T28] schedule+0xda/0x1b0 [ 286.086933][ T28] rwsem_down_read_slowpath+0x59f/0xb10 [ 286.092502][ T28] ? down_write+0x150/0x150 [ 286.096989][ T28] ? lock_release+0x780/0x780 [ 286.101704][ T28] down_read+0xe2/0x450 [ 286.106031][ T28] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 286.111812][ T28] ? lookup_fast+0x14e/0x520 [ 286.116401][ T28] walk_component+0x332/0x5a0 [ 286.121137][ T28] link_path_walk.part.0+0x74e/0xe20 [ 286.126451][ T28] ? walk_component+0x5a0/0x5a0 [ 286.131379][ T28] path_lookupat+0xb7/0x840 [ 286.135873][ T28] filename_lookup+0x1ce/0x590 [ 286.140717][ T28] ? may_linkat+0x510/0x510 [ 286.145255][ T28] ? find_held_lock+0x2d/0x110 [ 286.150072][ T28] ? __might_fault+0xd1/0x170 [ 286.154747][ T28] ? __virt_addr_valid+0x5d/0x2d0 [ 286.159780][ T28] ? __phys_addr+0xc4/0x140 [ 286.164266][ T28] ? __phys_addr_symbol+0x2c/0x70 [ 286.169328][ T28] ? __check_object_size+0x2de/0x700 [ 286.174653][ T28] vfs_statx+0x148/0x390 [ 286.178884][ T28] ? inode_sub_bytes+0x100/0x100 [ 286.184009][ T28] ? getname_flags.part.0+0x1dd/0x4f0 [ 286.189410][ T28] vfs_fstatat+0x8c/0xb0 [ 286.193727][ T28] __do_sys_newfstatat+0x91/0x110 [ 286.198732][ T28] ? __do_compat_sys_newlstat+0x110/0x110 [ 286.204461][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.209425][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 286.215310][ T28] ? syscall_enter_from_user_mode+0x22/0xb0 [ 286.221221][ T28] do_syscall_64+0x35/0xb0 [ 286.225624][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.231541][ T28] RIP: 0033:0x7f93c7f7a1da [ 286.235940][ T28] RSP: 002b:00007fffc0378198 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 286.244372][ T28] RAX: ffffffffffffffda RBX: 0000555918b966a0 RCX: 00007f93c7f7a1da [ 286.252440][ T28] RDX: 00007fffc03781a8 RSI: 0000555918b847ed RDI: 00000000ffffff9c [ 286.260423][ T28] RBP: 0000555918e507b8 R08: 0000000002a8adc5 R09: 00007fffc03c7080 [ 286.268404][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.276389][ T28] R13: 0000000000000001 R14: 0000000000000000 R15: 00007fffc03781a8 [ 286.284480][ T28] [ 286.287496][ T28] INFO: task syz-executor412:3612 blocked for more than 143 seconds. [ 286.295565][ T28] Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 286.303104][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.311798][ T28] task:syz-executor412 state:D stack:26448 pid: 3612 ppid: 3609 flags:0x00004000 [ 286.321173][ T28] Call Trace: [ 286.324448][ T28] [ 286.327372][ T28] __schedule+0xadf/0x52b0 [ 286.331954][ T28] ? rwsem_down_read_slowpath+0x280/0xb10 [ 286.337669][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.342990][ T28] schedule+0xda/0x1b0 [ 286.347087][ T28] rwsem_down_read_slowpath+0x59f/0xb10 [ 286.352693][ T28] ? down_write+0x150/0x150 [ 286.357183][ T28] ? lock_release+0x780/0x780 [ 286.361891][ T28] down_read+0xe2/0x450 [ 286.366037][ T28] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 286.371814][ T28] ? lookup_fast+0x14e/0x520 [ 286.376394][ T28] walk_component+0x332/0x5a0 [ 286.381091][ T28] link_path_walk.part.0+0x74e/0xe20 [ 286.386455][ T28] ? walk_component+0x5a0/0x5a0 [ 286.391431][ T28] ? percpu_counter_add_batch+0xbd/0x180 [ 286.397061][ T28] path_openat+0x262/0x28f0 [ 286.401592][ T28] ? path_lookupat+0x840/0x840 [ 286.406348][ T28] do_filp_open+0x1b6/0x400 [ 286.410876][ T28] ? may_open_dev+0xf0/0xf0 [ 286.415363][ T28] ? find_held_lock+0x2d/0x110 [ 286.420140][ T28] ? do_raw_spin_lock+0x120/0x2a0 [ 286.425150][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.430138][ T28] ? _find_next_bit+0x1e3/0x260 [ 286.434983][ T28] ? _raw_spin_unlock+0x24/0x40 [ 286.440066][ T28] ? alloc_fd+0x2f0/0x6f0 [ 286.444395][ T28] do_sys_openat2+0x16d/0x4c0 [ 286.449065][ T28] ? build_open_flags+0x6f0/0x6f0 [ 286.454135][ T28] ? ptrace_notify+0xfa/0x140 [ 286.458800][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.463677][ T28] __x64_sys_openat+0x13f/0x1f0 [ 286.468603][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.473580][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.478773][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 286.484028][ T28] ? _raw_spin_unlock_irq+0x2a/0x40 [ 286.489237][ T28] ? ptrace_notify+0xfa/0x140 [ 286.494044][ T28] do_syscall_64+0x35/0xb0 [ 286.498476][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.504476][ T28] RIP: 0033:0x7f29b1af0238 [ 286.508881][ T28] RSP: 002b:00007ffea611c300 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 286.517343][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29b1af0238 [ 286.525322][ T28] RDX: 0000000000090800 RSI: 00007f29b1b46060 RDI: 00000000ffffff9c [ 286.533343][ T28] RBP: 0000000000000e1d R08: 0000000000090800 R09: 00007f29b1b46060 [ 286.541443][ T28] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffea611c394 [ 286.549454][ T28] R13: 00007ffea611c3f0 R14: 0000000000000000 R15: 431bde82d7b634db [ 286.557422][ T28] [ 286.560469][ T28] INFO: task syz-executor412:3614 blocked for more than 144 seconds. [ 286.568687][ T28] Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 286.576349][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.585045][ T28] task:syz-executor412 state:D stack:26960 pid: 3614 ppid: 3612 flags:0x00004004 [ 286.594286][ T28] Call Trace: [ 286.597549][ T28] [ 286.600497][ T28] __schedule+0xadf/0x52b0 [ 286.604913][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.609724][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.615166][ T28] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 286.620995][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 286.626179][ T28] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 286.632122][ T28] schedule+0xda/0x1b0 [ 286.636181][ T28] request_wait_answer+0x46d/0x850 [ 286.641301][ T28] ? queue_interrupt+0x4d0/0x4d0 [ 286.646308][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.651200][ T28] ? prepare_to_wait_exclusive+0x2b0/0x2b0 [ 286.656998][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.661997][ T28] ? kill_fasync+0x1c/0x470 [ 286.666604][ T28] fuse_simple_request+0x71d/0xe50 [ 286.671776][ T28] fuse_lookup_name+0x280/0x630 [ 286.676616][ T28] ? fuse_create+0x30/0x30 [ 286.681060][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 286.686603][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.691499][ T28] ? __d_lookup_rcu+0x3a0/0x6d0 [ 286.696342][ T28] fuse_lookup.part.0+0xdf/0x390 [ 286.701305][ T28] ? fuse_lookup_name+0x630/0x630 [ 286.706417][ T28] ? lockdep_init_map_type+0x21a/0x7f0 [ 286.711919][ T28] fuse_lookup+0x70/0x90 [ 286.716154][ T28] __lookup_slow+0x24c/0x460 [ 286.720756][ T28] ? __lookup_hash+0x180/0x180 [ 286.725507][ T28] ? p9_poll_workfn+0x120/0x4e0 [ 286.730413][ T28] ? p9_poll_workfn+0x120/0x4e0 [ 286.735254][ T28] ? lookup_fast+0x14e/0x520 [ 286.739868][ T28] walk_component+0x33f/0x5a0 [ 286.744531][ T28] link_path_walk.part.0+0x74e/0xe20 [ 286.749846][ T28] ? walk_component+0x5a0/0x5a0 [ 286.754682][ T28] ? percpu_counter_add_batch+0xbd/0x180 [ 286.760327][ T28] path_openat+0x262/0x28f0 [ 286.764846][ T28] ? path_lookupat+0x840/0x840 [ 286.769629][ T28] do_filp_open+0x1b6/0x400 [ 286.774118][ T28] ? may_open_dev+0xf0/0xf0 [ 286.778604][ T28] ? find_held_lock+0x2d/0x110 [ 286.783374][ T28] ? do_raw_spin_lock+0x120/0x2a0 [ 286.788384][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.793341][ T28] ? _find_next_bit+0x1e3/0x260 [ 286.798180][ T28] ? _raw_spin_unlock+0x24/0x40 [ 286.803039][ T28] ? alloc_fd+0x2f0/0x6f0 [ 286.807358][ T28] do_sys_openat2+0x16d/0x4c0 [ 286.812081][ T28] ? build_open_flags+0x6f0/0x6f0 [ 286.817105][ T28] ? ptrace_notify+0xfa/0x140 [ 286.821812][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.826650][ T28] __x64_sys_openat+0x13f/0x1f0 [ 286.831785][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.836704][ T28] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.841917][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 286.847101][ T28] ? _raw_spin_unlock_irq+0x2a/0x40 [ 286.852329][ T28] ? ptrace_notify+0xfa/0x140 [ 286.857081][ T28] do_syscall_64+0x35/0xb0 [ 286.861522][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.867414][ T28] RIP: 0033:0x7f29b1af05b9 [ 286.871860][ T28] RSP: 002b:00007f29b1aa12f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.880363][ T28] RAX: ffffffffffffffda RBX: 00007f29b1b7b4c0 RCX: 00007f29b1af05b9 [ 286.888319][ T28] RDX: 0000000000000042 RSI: 0000000020002080 RDI: ffffffffffffff9c [ 286.896481][ T28] RBP: 00007f29b1b48084 R08: 0000000000000065 R09: 0000000000000000 [ 286.904633][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000065 [ 286.912650][ T28] R13: 00007f29b1b480a8 R14: 31f4000000000002 R15: 00007f29b1b7b4c8 [ 286.920652][ T28] [ 286.923665][ T28] INFO: task syz-executor412:3616 blocked for more than 144 seconds. [ 286.931752][ T28] Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 286.939468][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.948113][ T28] task:syz-executor412 state:D stack:28392 pid: 3616 ppid: 3612 flags:0x00004004 [ 286.957407][ T28] Call Trace: [ 286.960717][ T28] [ 286.963639][ T28] __schedule+0xadf/0x52b0 [ 286.968059][ T28] ? rwsem_down_write_slowpath+0x4a0/0x11e0 [ 286.974072][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.979395][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.984152][ T28] schedule+0xda/0x1b0 [ 286.988214][ T28] rwsem_down_write_slowpath+0x59c/0x11e0 [ 286.994026][ T28] ? lock_acquire+0x1ef/0x570 [ 286.998703][ T28] ? __down_timeout+0x10/0x10 [ 287.003415][ T28] ? lock_release+0x780/0x780 [ 287.008090][ T28] down_write_nested+0x139/0x150 [ 287.013082][ T28] ? up_read+0x20/0x20 [ 287.017149][ T28] ? down_read+0x198/0x450 [ 287.021582][ T28] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 287.027292][ T28] fuse_reverse_inval_entry+0x51/0x540 [ 287.032802][ T28] fuse_dev_do_write+0x1aab/0x2c00 [ 287.037907][ T28] ? find_held_lock+0x2d/0x110 [ 287.042718][ T28] ? fuse_dev_splice_read+0x700/0x700 [ 287.048105][ T28] ? aa_file_perm+0x595/0x1230 [ 287.053144][ T28] ? __lock_acquire+0xbc3/0x56d0 [ 287.058090][ T28] ? aa_path_link+0x2f0/0x2f0 [ 287.062804][ T28] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 287.068772][ T28] ? __switch_to+0x5cc/0x1050 [ 287.073490][ T28] fuse_dev_write+0x150/0x1e0 [ 287.078159][ T28] ? fuse_dev_splice_write+0xa70/0xa70 [ 287.083653][ T28] ? security_file_permission+0xab/0xd0 [ 287.089190][ T28] ? rw_verify_area+0xb6/0x1b0 [ 287.094040][ T28] vfs_write+0x9e9/0xdd0 [ 287.098297][ T28] ? vfs_read+0x930/0x930 [ 287.102662][ T28] ? __fget_files+0x26a/0x440 [ 287.107329][ T28] ? __fget_light+0xe5/0x270 [ 287.111955][ T28] ksys_write+0x127/0x250 [ 287.116273][ T28] ? __ia32_sys_read+0xb0/0xb0 [ 287.121048][ T28] ? lockdep_hardirqs_on+0x79/0x100 [ 287.126237][ T28] ? _raw_spin_unlock_irq+0x2a/0x40 [ 287.131470][ T28] ? ptrace_notify+0xfa/0x140 [ 287.136143][ T28] do_syscall_64+0x35/0xb0 [ 287.140593][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.146499][ T28] RIP: 0033:0x7f29b1af05b9 [ 287.150981][ T28] RSP: 002b:00007f29b1a802f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 287.159421][ T28] RAX: ffffffffffffffda RBX: 00007f29b1b7b4d0 RCX: 00007f29b1af05b9 [ 287.167380][ T28] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 287.175476][ T28] RBP: 00007f29b1b48084 R08: 0000000000000000 R09: 0000000000000000 [ 287.183667][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 287.191674][ T28] R13: 00007f29b1b480a8 R14: 31f4000000000002 R15: 00007f29b1b7b4d8 [ 287.199673][ T28] [ 287.202693][ T28] [ 287.202693][ T28] Showing all locks held in the system: [ 287.210553][ T28] 1 lock held by rcu_tasks_kthre/12: [ 287.215822][ T28] #0: ffffffff8bf88770 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.226327][ T28] 1 lock held by rcu_tasks_trace/13: [ 287.231642][ T28] #0: ffffffff8bf88470 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.242634][ T28] 1 lock held by khungtaskd/28: [ 287.247465][ T28] #0: ffffffff8bf892c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 287.257338][ T28] 2 locks held by kworker/u4:4/57: [ 287.262460][ T28] #0: ffff888011869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x87a/0x1610 [ 287.273564][ T28] #1: ffffc90001587da8 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8ae/0x1610 [ 287.285710][ T28] 1 lock held by syslogd/2954: [ 287.290485][ T28] #0: ffff88806f868150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.300872][ T28] 1 lock held by udevd/2972: [ 287.305533][ T28] #0: ffff88806f868150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.315942][ T28] 2 locks held by getty/3286: [ 287.320614][ T28] #0: ffff88814adb2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 287.330412][ T28] #1: ffffc90002d162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 287.340527][ T28] 1 lock held by syz-executor412/3612: [ 287.345962][ T28] #0: ffff88806f868150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.356345][ T28] 2 locks held by syz-executor412/3614: [ 287.361891][ T28] #0: ffff88806f868150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.372362][ T28] #1: ffff88806f8685b8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 [ 287.381583][ T28] 2 locks held by syz-executor412/3616: [ 287.387112][ T28] #0: ffff88814ab26b38 (&fc->killsb){.+.+}-{3:3}, at: fuse_dev_do_write+0x2567/0x2c00 [ 287.396837][ T28] #1: ffff88806f868150 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: fuse_reverse_inval_entry+0x51/0x540 [ 287.408238][ T28] [ 287.410593][ T28] ============================================= [ 287.410593][ T28] [ 287.418982][ T28] NMI backtrace for cpu 0 [ 287.423298][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 287.433082][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 287.443291][ T28] Call Trace: [ 287.446558][ T28] [ 287.449470][ T28] dump_stack_lvl+0xcd/0x134 [ 287.454054][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 287.459325][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.464516][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 287.470487][ T28] watchdog+0xc18/0xf50 [ 287.474630][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.480596][ T28] kthread+0x2e4/0x3a0 [ 287.484646][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.490352][ T28] ret_from_fork+0x1f/0x30 [ 287.494761][ T28] [ 287.497884][ T28] Sending NMI from CPU 0 to CPUs 1: [ 287.503170][ C1] NMI backtrace for cpu 1 [ 287.503190][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 287.503209][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 287.503218][ C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x4/0x20 [ 287.503245][ C1] Code: 00 00 00 00 00 90 48 8b 0c 24 89 f2 89 fe bf 04 00 00 00 e9 1e ff ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 0c 24 <48> 89 f2 48 89 fe bf 06 00 00 00 e9 fc fe ff ff 66 66 2e 0f 1f 84 [ 287.503261][ C1] RSP: 0018:ffffc90000177da0 EFLAGS: 00000046 [ 287.503275][ C1] RAX: 00000042efb73b7f RBX: ffff8880b9b2ae60 RCX: ffffffff816ff959 [ 287.503287][ C1] RDX: 1ffff110173655cf RSI: 00000042efb73b7f RDI: 00000042efb73b7f [ 287.503298][ C1] RBP: 0000000000000001 R08: 0000000000000007 R09: 7fffffffffffffff [ 287.503309][ C1] R10: 00000042efb73b7f R11: 0000000000000000 R12: 00000042efb73b7f [ 287.503320][ C1] R13: 00000042efb73b7f R14: 0000000000000001 R15: 00000042efb73b7f [ 287.503333][ C1] FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 287.503349][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.503361][ C1] CR2: 00007fe71c5af990 CR3: 000000000bc8e000 CR4: 0000000000350ee0 [ 287.503372][ C1] Call Trace: [ 287.503377][ C1] [ 287.503382][ C1] tick_nohz_idle_stop_tick+0x699/0xbf0 [ 287.503406][ C1] do_idle+0x37b/0x590 [ 287.503425][ C1] ? arch_cpu_idle_exit+0x30/0x30 [ 287.503444][ C1] ? _raw_spin_unlock_irq+0x1/0x40 [ 287.503475][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 287.503498][ C1] cpu_startup_entry+0x14/0x20 [ 287.503516][ C1] start_secondary+0x21d/0x2b0 [ 287.503534][ C1] ? set_cpu_sibling_map+0x2270/0x2270 [ 287.503553][ C1] secondary_startup_64_no_verify+0xce/0xdb [ 287.503580][ C1] [ 287.504193][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.504203][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc1-syzkaller-00025-g274a2eebf80c #0 [ 287.504223][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 287.504233][ T28] Call Trace: [ 287.504238][ T28] [ 287.504244][ T28] dump_stack_lvl+0xcd/0x134 [ 287.504270][ T28] panic+0x2c8/0x627 [ 287.504291][ T28] ? panic_print_sys_info.part.0+0x10b/0x10b [ 287.504317][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.504338][ T28] ? preempt_schedule_thunk+0x16/0x18 [ 287.504363][ T28] ? watchdog.cold+0x130/0x158 [ 287.504387][ T28] watchdog.cold+0x141/0x158 [ 287.504408][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.504434][ T28] kthread+0x2e4/0x3a0 [ 287.504452][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.504474][ T28] ret_from_fork+0x1f/0x30 [ 287.504507][ T28] [ 287.508697][ T28] Kernel Offset: disabled [ 287.772887][ T28] Rebooting in 86400 seconds..