./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2805754463 <...> Warning: Permanently added '10.128.0.18' (ED25519) to the list of known hosts. execve("./syz-executor2805754463", ["./syz-executor2805754463"], 0x7fff086cda70 /* 10 vars */) = 0 brk(NULL) = 0x555556b0a000 brk(0x555556b0ad00) = 0x555556b0ad00 arch_prctl(ARCH_SET_FS, 0x555556b0a380) = 0 set_tid_address(0x555556b0a650) = 5066 set_robust_list(0x555556b0a660, 24) = 0 rseq(0x555556b0aca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2805754463", 4096) = 28 getrandom("\xb4\x77\xfd\x8f\x13\x03\x84\xfc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556b0ad00 brk(0x555556b2bd00) = 0x555556b2bd00 brk(0x555556b2c000) = 0x555556b2c000 mprotect(0x7f199266a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b0a650) = 5067 ./strace-static-x86_64: Process 5067 attached [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5067] set_robust_list(0x555556b0a660, 24) = 0 ./strace-static-x86_64: Process 5068 attached [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... clone resumed>, child_tidptr=0x555556b0a650) = 5068 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached [pid 5068] set_robust_list(0x555556b0a660, 24./strace-static-x86_64: Process 5070 attached ) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556b0a650) = 5070 [pid 5070] set_robust_list(0x555556b0a660, 24 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] set_robust_list(0x555556b0a660, 24 [pid 5067] <... clone resumed>, child_tidptr=0x555556b0a650) = 5069 ./strace-static-x86_64: Process 5071 attached [pid 5070] <... set_robust_list resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556b0a650) = 5071 [pid 5071] set_robust_list(0x555556b0a660, 24 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... set_robust_list resumed>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555556b0a660, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5068] <... clone resumed>, child_tidptr=0x555556b0a650) = 5072 [pid 5069] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5074 attached [pid 5072] <... prctl resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x555556b0a650) = 5074 [pid 5069] setpgid(0, 0./strace-static-x86_64: Process 5075 attached ./strace-static-x86_64: Process 5073 attached [pid 5072] setpgid(0, 0 [pid 5075] set_robust_list(0x555556b0a660, 24 [pid 5073] set_robust_list(0x555556b0a660, 24 [pid 5072] <... setpgid resumed>) = 0 [pid 5069] <... setpgid resumed>) = 0 [pid 5066] <... clone resumed>, child_tidptr=0x555556b0a650) = 5073 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5074] set_robust_list(0x555556b0a660, 24 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] <... clone resumed>, child_tidptr=0x555556b0a650) = 5075 [pid 5066] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] <... set_robust_list resumed>) = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] <... openat resumed>) = 3 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 5076 attached [pid 5075] <... prctl resumed>) = 0 [pid 5074] setpgid(0, 0 [pid 5069] <... openat resumed>) = 3 [pid 5075] setpgid(0, 0 [pid 5072] write(3, "1000", 4 [pid 5075] <... setpgid resumed>) = 0 [pid 5072] <... write resumed>) = 4 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] <... setpgid resumed>) = 0 [pid 5076] set_robust_list(0x555556b0a660, 24 [pid 5075] <... openat resumed>) = 3 [pid 5072] close(3./strace-static-x86_64: Process 5077 attached [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] write(3, "1000", 4 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] <... close resumed>) = 0 [pid 5069] write(3, "1000", 4 [pid 5066] <... clone resumed>, child_tidptr=0x555556b0a650) = 5076 [pid 5077] set_robust_list(0x555556b0a660, 24 [pid 5076] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5075] <... write resumed>) = 4 [pid 5073] <... clone resumed>, child_tidptr=0x555556b0a650) = 5077 [pid 5072] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5069] <... write resumed>) = 4 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5075] close(3 [pid 5074] <... openat resumed>) = 3 [pid 5072] <... openat resumed>) = 3 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] <... close resumed>) = 0 [pid 5072] dup(3 [pid 5075] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5077] <... prctl resumed>) = 0 [pid 5075] <... openat resumed>) = 3 [pid 5074] write(3, "1000", 4 [pid 5072] <... dup resumed>) = 4 [pid 5069] close(3 [pid 5077] setpgid(0, 0 [pid 5072] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5069] <... close resumed>) = 0 ./strace-static-x86_64: Process 5078 attached [pid 5075] dup(3 [pid 5074] <... write resumed>) = 4 [pid 5078] set_robust_list(0x555556b0a660, 24 [pid 5077] <... setpgid resumed>) = 0 [pid 5076] <... clone resumed>, child_tidptr=0x555556b0a650) = 5078 [pid 5075] <... dup resumed>) = 4 [pid 5074] close(3 [pid 5069] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5074] <... close resumed>) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] <... openat resumed>) = 3 [pid 5074] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5069] <... openat resumed>) = 3 [pid 5078] <... prctl resumed>) = 0 [pid 5077] write(3, "1000", 4 [pid 5074] <... openat resumed>) = 3 [pid 5069] dup(3 [pid 5078] setpgid(0, 0 [pid 5077] <... write resumed>) = 4 [pid 5074] dup(3 [pid 5069] <... dup resumed>) = 4 [pid 5078] <... setpgid resumed>) = 0 [pid 5077] close(3 [pid 5074] <... dup resumed>) = 4 [pid 5069] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5077] <... close resumed>) = 0 [pid 5074] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5078] <... openat resumed>) = 3 [pid 5077] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5078] write(3, "1000", 4 [pid 5077] <... openat resumed>) = 3 [pid 5078] <... write resumed>) = 4 [pid 5078] close(3 [pid 5077] dup(3 [pid 5078] <... close resumed>) = 0 [pid 5077] <... dup resumed>) = 4 [pid 5077] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5078] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5078] dup(3) = 4 [pid 5078] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5067] kill(-5069, SIGKILL) = 0 [pid 5067] kill(5069, SIGKILL) = 0 [pid 5073] kill(-5077, SIGKILL [pid 5070] kill(-5074, SIGKILL [pid 5068] kill(-5072, SIGKILL) = 0 [pid 5068] kill(5072, SIGKILL [pid 5073] <... kill resumed>) = 0 [pid 5070] <... kill resumed>) = 0 [pid 5068] <... kill resumed>) = 0 [pid 5073] kill(5077, SIGKILL) = 0 [pid 5071] kill(-5075, SIGKILL [pid 5070] kill(5074, SIGKILL [pid 5071] <... kill resumed>) = 0 [pid 5070] <... kill resumed>) = 0 [pid 5071] kill(5075, SIGKILL) = 0 [pid 5076] kill(-5078, SIGKILL) = 0 [pid 5076] kill(5078, SIGKILL) = 0 [pid 5071] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... openat resumed>) = 3 [pid 5071] newfstatat(3, "", [pid 5070] <... openat resumed>) = 3 [pid 5070] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5071] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5070] getdents64(3, [pid 5071] getdents64(3, [pid 5067] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... getdents64 resumed>0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5067] <... openat resumed>) = 3 [pid 5070] <... getdents64 resumed>0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5067] newfstatat(3, "", [pid 5070] getdents64(3, [pid 5067] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5070] <... getdents64 resumed>0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5067] getdents64(3, [pid 5076] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] close(3 [pid 5067] <... getdents64 resumed>0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5076] <... openat resumed>) = 3 [pid 5070] <... close resumed>) = 0 [pid 5067] getdents64(3, [pid 5076] newfstatat(3, "", [pid 5071] getdents64(3, [pid 5067] <... getdents64 resumed>0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5076] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5071] <... getdents64 resumed>0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3 [pid 5076] getdents64(3, [pid 5073] newfstatat(3, "", [pid 5071] close(3 [pid 5067] <... close resumed>) = 0 [pid 5076] <... getdents64 resumed>0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5073] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5071] <... close resumed>) = 0 [pid 5076] getdents64(3, 0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5073] getdents64(3, [pid 5076] close(3 [pid 5073] <... getdents64 resumed>0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5076] <... close resumed>) = 0 [pid 5073] getdents64(3, 0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5073] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(3, 0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 syzkaller login: [ 87.000187][ T23] cfg80211: failed to load regulatory.db [pid 5072] <... fallocate resumed>) = ? [pid 5072] +++ killed by SIGKILL +++ [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5072, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7797 /* 77.97 s */} --- [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x555556b0a650) = 5096 [pid 5096] set_robust_list(0x555556b0a660, 24) = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5096] dup(3) = 4 [pid 5096] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5068] kill(-5096, SIGKILL) = 0 [pid 5068] kill(5096, SIGKILL) = 0 [pid 5068] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5068] getdents64(3, 0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(3, 0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5075] <... fallocate resumed>) = ? [pid 5075] +++ killed by SIGKILL +++ [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5075, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7851 /* 78.51 s */} --- [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached , child_tidptr=0x555556b0a650) = 5103 [pid 5103] set_robust_list(0x555556b0a660, 24) = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5103] dup(3) = 4 [pid 5103] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 70368760963072 [pid 5071] kill(-5103, SIGKILL) = 0 [pid 5071] kill(5103, SIGKILL) = 0 [pid 5071] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5071] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5071] getdents64(3, 0x555556b0b6f0 /* 2 entries */, 32768) = 48 [pid 5071] getdents64(3, 0x555556b0b6f0 /* 0 entries */, 32768) = 0 [pid 5071] close(3) = 0 [ 286.659875][ T29] INFO: task syz-executor280:5074 blocked for more than 143 seconds. [ 286.668207][ T29] Not tainted 6.7.0-rc1-syzkaller #0 [ 286.675347][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.685500][ T29] task:syz-executor280 state:D stack:26920 pid:5074 tgid:5074 ppid:5070 flags:0x00004006 [ 286.699815][ T29] Call Trace: [ 286.704349][ T29] [ 286.708381][ T29] __schedule+0x1960/0x4a80 [ 286.714742][ T29] ? release_firmware_map_entry+0x190/0x190 [ 286.729270][ T29] ? __lock_acquire+0x7f70/0x7f70 [ 286.735838][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.743220][ T29] ? print_irqtrace_events+0x220/0x220 [ 286.749703][ T29] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.754900][ T29] ? schedule+0x8e/0x260 [ 286.759204][ T29] schedule+0x149/0x260 [ 286.763771][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.770513][ T29] rwsem_down_write_slowpath+0xee6/0x13a0 [ 286.782057][ T29] ? rwsem_down_write_slowpath+0xa05/0x13a0 [ 286.791027][ T29] ? down_write_killable_nested+0x80/0x80 [ 286.797360][ T29] ? read_lock_is_recursive+0x20/0x20 [ 286.802917][ T29] __down_write_common+0x1aa/0x200 [ 286.808085][ T29] ? clear_nonspinnable+0x60/0x60 [ 286.814012][ T29] blkdev_fallocate+0x22a/0x570 [ 286.819006][ T29] vfs_fallocate+0x551/0x6b0 [ 286.824953][ T29] __x64_sys_fallocate+0xbd/0x100 [ 286.831236][ T29] do_syscall_64+0x44/0x110 [ 286.838233][ T29] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 286.845507][ T29] RIP: 0033:0x7f19925f7b29 [ 286.851214][ T29] RSP: 002b:00007ffff3e93c18 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.861070][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f19925f7b29 [ 286.872089][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.881554][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.891078][ T29] R10: 0000400001002000 R11: 0000000000000246 R12: 0000000000000001 [ 286.899737][ T29] R13: 00007ffff3e93e38 R14: 00007ffff3e93c40 R15: 00007ffff3e93c30 [ 286.908177][ T29] [ 286.912363][ T29] INFO: task syz-executor280:5077 blocked for more than 143 seconds. [ 286.922776][ T29] Not tainted 6.7.0-rc1-syzkaller #0 [ 286.929186][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.938058][ T29] task:syz-executor280 state:D stack:27176 pid:5077 tgid:5077 ppid:5073 flags:0x00004006 [ 286.949385][ T29] Call Trace: [ 286.953274][ T29] [ 286.956719][ T29] __schedule+0x1960/0x4a80 [ 286.961819][ T29] ? release_firmware_map_entry+0x190/0x190 [ 286.968518][ T29] ? __lock_acquire+0x7f70/0x7f70 [ 286.974253][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.981257][ T29] ? print_irqtrace_events+0x220/0x220 [ 286.987351][ T29] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.992977][ T29] ? schedule+0x8e/0x260 [ 286.997374][ T29] schedule+0x149/0x260 [ 287.001761][ T29] schedule_preempt_disabled+0x13/0x20 [ 287.007714][ T29] rwsem_down_write_slowpath+0xee6/0x13a0 [ 287.014827][ T29] ? rwsem_down_write_slowpath+0xa05/0x13a0 [ 287.021723][ T29] ? down_write_killable_nested+0x80/0x80 [ 287.028005][ T29] ? read_lock_is_recursive+0x20/0x20 [ 287.033959][ T29] __down_write_common+0x1aa/0x200 [ 287.039594][ T29] ? clear_nonspinnable+0x60/0x60 [ 287.044787][ T29] blkdev_fallocate+0x22a/0x570 [ 287.050368][ T29] vfs_fallocate+0x551/0x6b0 [ 287.055563][ T29] __x64_sys_fallocate+0xbd/0x100 [ 287.061246][ T29] do_syscall_64+0x44/0x110 [ 287.066468][ T29] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.072515][ T29] RIP: 0033:0x7f19925f7b29 [ 287.076991][ T29] RSP: 002b:00007ffff3e93c18 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.086000][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f19925f7b29 [ 287.094544][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 287.103465][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.112341][ T29] R10: 0000400001002000 R11: 0000000000000246 R12: 0000000000000001 [ 287.121205][ T29] R13: 00007ffff3e93e38 R14: 00007ffff3e93c40 R15: 00007ffff3e93c30 [ 287.131383][ T29] [ 287.134780][ T29] INFO: task syz-executor280:5078 blocked for more than 143 seconds. [ 287.145043][ T29] Not tainted 6.7.0-rc1-syzkaller #0 [ 287.153004][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.170106][ T29] task:syz-executor280 state:D stack:25200 pid:5078 tgid:5078 ppid:5076 flags:0x00004006 [ 287.180683][ T29] Call Trace: [ 287.184346][ T29] [ 287.188546][ T29] __schedule+0x1960/0x4a80 [ 287.194762][ T29] ? release_firmware_map_entry+0x190/0x190 [ 287.202526][ T29] ? __lock_acquire+0x7f70/0x7f70 [ 287.209199][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 287.218155][ T29] ? print_irqtrace_events+0x220/0x220 [ 287.225856][ T29] ? _raw_spin_lock_irq+0xdf/0x120 [ 287.236225][ T29] ? schedule+0x8e/0x260 [ 287.240676][ T29] schedule+0x149/0x260 [ 287.245292][ T29] schedule_preempt_disabled+0x13/0x20 [ 287.251652][ T29] rwsem_down_write_slowpath+0xee6/0x13a0 [ 287.258018][ T29] ? rwsem_down_write_slowpath+0xa05/0x13a0 [ 287.265435][ T29] ? down_write_killable_nested+0x80/0x80 [ 287.272050][ T29] ? read_lock_is_recursive+0x20/0x20 [ 287.278026][ T29] __down_write_common+0x1aa/0x200 [ 287.283951][ T29] ? clear_nonspinnable+0x60/0x60 [ 287.289203][ T29] blkdev_fallocate+0x22a/0x570 [ 287.294915][ T29] vfs_fallocate+0x551/0x6b0 [ 287.299579][ T29] __x64_sys_fallocate+0xbd/0x100 [ 287.304870][ T29] do_syscall_64+0x44/0x110 [ 287.309806][ T29] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.316042][ T29] RIP: 0033:0x7f19925f7b29 [ 287.321068][ T29] RSP: 002b:00007ffff3e93c18 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.339830][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f19925f7b29 [ 287.348112][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 287.359865][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.367946][ T29] R10: 0000400001002000 R11: 0000000000000246 R12: 0000000000000001 [ 287.378476][ T29] R13: 00007ffff3e93e38 R14: 00007ffff3e93c40 R15: 00007ffff3e93c30 [ 287.387646][ T29] [ 287.391378][ T29] [ 287.391378][ T29] Showing all locks held in the system: [ 287.399857][ T29] 1 lock held by khungtaskd/29: [ 287.405754][ T29] #0: ffffffff8d92d0a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 287.420236][ T29] 2 locks held by getty/4820: [ 287.425184][ T29] #0: ffff8880263ab0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 287.437334][ T29] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 [ 287.448575][ T29] 1 lock held by syz-executor280/5069: [ 287.455057][ T29] 1 lock held by syz-executor280/5074: [ 287.462317][ T29] #0: ffff888148c9abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.474895][ T29] 1 lock held by syz-executor280/5077: [ 287.481321][ T29] #0: ffff888148c9abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.494118][ T29] 1 lock held by syz-executor280/5078: [ 287.500714][ T29] #0: ffff888148c9abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.514228][ T29] 1 lock held by syz-executor280/5096: [ 287.520581][ T29] #0: ffff888148c9abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.532365][ T29] 1 lock held by syz-executor280/5103: [ 287.538903][ T29] #0: ffff888148c9abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.550419][ T29] [ 287.552844][ T29] ============================================= [ 287.552844][ T29] [ 287.562423][ T29] NMI backtrace for cpu 1 [ 287.566928][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc1-syzkaller #0 [ 287.575386][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 287.585568][ T29] Call Trace: [ 287.588922][ T29] [ 287.592132][ T29] dump_stack_lvl+0x1e7/0x2d0 [ 287.596848][ T29] ? nf_tcp_handle_invalid+0x650/0x650 [ 287.602351][ T29] ? panic+0x850/0x850 [ 287.606505][ T29] ? vprintk_emit+0x607/0x720 [ 287.611329][ T29] ? printk_sprint+0x480/0x480 [ 287.616183][ T29] nmi_cpu_backtrace+0x498/0x4d0 [ 287.621177][ T29] ? nmi_trigger_cpumask_backtrace+0x310/0x310 [ 287.627380][ T29] ? _printk+0xd5/0x120 [ 287.631722][ T29] ? panic+0x850/0x850 [ 287.635868][ T29] ? __wake_up_klogd+0xcc/0x100 [ 287.640926][ T29] ? panic+0x850/0x850 [ 287.645109][ T29] ? __rcu_read_unlock+0x96/0x100 [ 287.650274][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.656436][ T29] nmi_trigger_cpumask_backtrace+0x198/0x310 [ 287.662619][ T29] watchdog+0xfa9/0xff0 [ 287.666974][ T29] ? watchdog+0x1e9/0xff0 [ 287.671452][ T29] kthread+0x2d3/0x370 [ 287.675621][ T29] ? hungtask_pm_notify+0x90/0x90 [ 287.680911][ T29] ? kthread_blkcg+0xd0/0xd0 [ 287.685801][ T29] ret_from_fork+0x48/0x80 [ 287.690447][ T29] ? kthread_blkcg+0xd0/0xd0 [ 287.695103][ T29] ret_from_fork_asm+0x11/0x20 [ 287.700585][ T29] [ 287.704142][ T29] Sending NMI from CPU 1 to CPUs 0: [ 287.710516][ C0] NMI backtrace for cpu 0 [ 287.710531][ C0] CPU: 0 PID: 4507 Comm: klogd Not tainted 6.7.0-rc1-syzkaller #0 [ 287.710549][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 287.710559][ C0] RIP: 0010:deref_stack_reg+0x1c2/0x250 [ 287.710597][ C0] Code: 48 8b 04 24 74 58 48 39 c5 77 53 49 39 c7 76 4e 48 83 c0 08 48 39 e8 76 4c 4c 39 f8 77 47 e8 65 c5 50 00 48 8b 2c 24 48 89 ef 29 08 00 00 48 89 c3 48 8b 6c 24 18 48 89 e8 48 c1 e8 03 48 b9 [ 287.710611][ C0] RSP: 0018:ffffc9000314f228 EFLAGS: 00000293 [ 287.710628][ C0] RAX: ffffffff813dfc05 RBX: ffffc9000314f360 RCX: ffff88807c828000 [ 287.710642][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffc9000314f790 [ 287.710653][ C0] RBP: ffffc9000314f790 R08: ffffffff813dfbdb R09: ffffffff813de790 [ 287.710667][ C0] R10: 0000000000000003 R11: ffff88807c828000 R12: 1ffff92000629e6d [ 287.710679][ C0] R13: 1ffff92000629e6e R14: 1ffff92000629e6c R15: ffffc90003150000 [ 287.710693][ C0] FS: 00007f0323b29380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.710708][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.710721][ C0] CR2: 00007f199266e0d0 CR3: 000000002703b000 CR4: 00000000003506f0 [ 287.710736][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.710746][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.710757][ C0] Call Trace: [ 287.710764][ C0] [ 287.710770][ C0] ? nmi_cpu_backtrace+0x3be/0x4d0 [ 287.710798][ C0] ? read_lock_is_recursive+0x20/0x20 [ 287.710824][ C0] ? nmi_trigger_cpumask_backtrace+0x310/0x310 [ 287.710850][ C0] ? nmi_handle+0x2a/0x570 [ 287.710887][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.710912][ C0] ? nmi_handle+0x14c/0x570 [ 287.710933][ C0] ? nmi_handle+0x2a/0x570 [ 287.710956][ C0] ? deref_stack_reg+0x1c2/0x250 [ 287.710982][ C0] ? default_do_nmi+0x62/0x150 [ 287.711085][ C0] ? exc_nmi+0x121/0x200 [ 287.711109][ C0] ? end_repeat_nmi+0xf/0x2a [ 287.711139][ C0] ? unwind_next_frame+0x1970/0x29e0 [ 287.711165][ C0] ? deref_stack_reg+0xab/0x250 [ 287.711189][ C0] ? deref_stack_reg+0xd5/0x250 [ 287.711215][ C0] ? deref_stack_reg+0x1c2/0x250 [ 287.711243][ C0] ? deref_stack_reg+0x1c2/0x250 [ 287.711270][ C0] ? deref_stack_reg+0x1c2/0x250 [ 287.711297][ C0] [ 287.711302][ C0] [ 287.711313][ C0] unwind_next_frame+0x1ab9/0x29e0 [ 287.711346][ C0] ? __kmalloc_node_track_caller+0xb6/0x230 [ 287.711389][ C0] ? __kmalloc_node_track_caller+0xb6/0x230 [ 287.711415][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 287.711439][ C0] arch_stack_walk+0x146/0x1a0 [ 287.711460][ C0] ? kmalloc_reserve+0xf3/0x260 [ 287.711515][ C0] stack_trace_save+0x117/0x1c0 [ 287.711541][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 287.711570][ C0] ? kasan_set_track+0x61/0x70 [ 287.711587][ C0] ? kasan_set_track+0x4f/0x70 [ 287.711605][ C0] kasan_set_track+0x4f/0x70 [ 287.711620][ C0] ? kasan_set_track+0x4f/0x70 [ 287.711635][ C0] ? __kasan_kmalloc+0x98/0xb0 [ 287.711652][ C0] ? __kmalloc_node_track_caller+0xb6/0x230 [ 287.711710][ C0] __kasan_kmalloc+0x98/0xb0 [ 287.711728][ C0] ? __alloc_skb+0x1b1/0x420 [ 287.711743][ C0] __kmalloc_node_track_caller+0xb6/0x230 [ 287.711773][ C0] ? __alloc_skb+0x1b1/0x420 [ 287.711788][ C0] kmalloc_reserve+0xf3/0x260 [ 287.711808][ C0] __alloc_skb+0x1b1/0x420 [ 287.711827][ C0] ? napi_build_skb+0x270/0x270 [ 287.711843][ C0] ? rcu_preempt_deferred_qs_irqrestore+0x877/0xc50 [ 287.711869][ C0] alloc_skb_with_frags+0xc3/0x780 [ 287.711939][ C0] sock_alloc_send_pskb+0x919/0xa50 [ 287.711976][ C0] ? sock_kzfree_s+0x50/0x50 [ 287.712004][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 287.712034][ C0] unix_dgram_sendmsg+0x696/0x2200 [ 287.712079][ C0] ? tomoyo_socket_sendmsg_permission+0x287/0x410 [ 287.712123][ C0] ? unix_dgram_poll+0x6c0/0x6c0 [ 287.712157][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 287.712173][ C0] ? security_socket_sendmsg+0x81/0xa0 [ 287.712195][ C0] ? unix_dgram_poll+0x6c0/0x6c0 [ 287.712217][ C0] __sys_sendto+0x484/0x640 [ 287.712257][ C0] ? __ia32_sys_getpeername+0x90/0x90 [ 287.712294][ C0] ? print_irqtrace_events+0x220/0x220 [ 287.712319][ C0] __x64_sys_sendto+0xde/0xf0 [ 287.712339][ C0] do_syscall_64+0x44/0x110 [ 287.712362][ C0] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.712388][ C0] RIP: 0033:0x7f0323c8b9b5 [ 287.712403][ C0] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 287.712417][ C0] RSP: 002b:00007ffd315d8498 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 287.712435][ C0] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f0323c8b9b5 [ 287.712447][ C0] RDX: 0000000000000074 RSI: 000055c8886ced70 RDI: 0000000000000003 [ 287.712457][ C0] RBP: 000055c8886ca910 R08: 0000000000000000 R09: 0000000000000000 [ 287.712468][ C0] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 287.712478][ C0] R13: 00007f0323e19212 R14: 00007ffd315d8598 R15: 0000000000000000 [ 287.712500][ C0] [ 287.712508][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.992 msecs [ 287.712953][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 288.261121][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc1-syzkaller #0 [ 288.271076][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 288.281499][ T29] Call Trace: [ 288.285451][ T29] [ 288.288946][ T29] dump_stack_lvl+0x1e7/0x2d0 [ 288.293817][ T29] ? nf_tcp_handle_invalid+0x650/0x650 [ 288.299444][ T29] ? panic+0x850/0x850 [ 288.303620][ T29] ? vscnprintf+0x5d/0x80 [ 288.308054][ T29] panic+0x349/0x850 [ 288.312245][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x310 [ 288.318746][ T29] ? __memcpy_flushcache+0x2b0/0x2b0 [ 288.324303][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 288.331279][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 288.336899][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x310 [ 288.343159][ T29] ? nmi_trigger_cpumask_backtrace+0x2c5/0x310 [ 288.349339][ T29] ? nmi_trigger_cpumask_backtrace+0x2ca/0x310 [ 288.355552][ T29] watchdog+0xfe8/0xff0 [ 288.359753][ T29] ? watchdog+0x1e9/0xff0 [ 288.364150][ T29] kthread+0x2d3/0x370 [ 288.368285][ T29] ? hungtask_pm_notify+0x90/0x90 [ 288.373637][ T29] ? kthread_blkcg+0xd0/0xd0 [ 288.379071][ T29] ret_from_fork+0x48/0x80 [ 288.383625][ T29] ? kthread_blkcg+0xd0/0xd0 [ 288.388321][ T29] ret_from_fork_asm+0x11/0x20 [ 288.393141][ T29] [ 288.396536][ T29] Kernel Offset: disabled [ 288.400911][ T29] Rebooting in 86400 seconds..