./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1905278618 <...> Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts. execve("./syz-executor1905278618", ["./syz-executor1905278618"], 0x7ffcebed0aa0 /* 10 vars */) = 0 brk(NULL) = 0x555555b96000 brk(0x555555b96d00) = 0x555555b96d00 arch_prctl(ARCH_SET_FS, 0x555555b96380) = 0 set_tid_address(0x555555b96650) = 5063 set_robust_list(0x555555b96660, 24) = 0 rseq(0x555555b96ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1905278618", 4096) = 28 getrandom("\xa9\x47\xf6\xb4\x83\xe2\x3f\xe5", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555555b96d00 brk(0x555555bb7d00) = 0x555555bb7d00 brk(0x555555bb8000) = 0x555555bb8000 mprotect(0x7f4eebed1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5064 attached , child_tidptr=0x555555b96650) = 5064 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] set_robust_list(0x555555b96660, 24) = 0 [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... clone resumed>, child_tidptr=0x555555b96650) = 5065 ./strace-static-x86_64: Process 5066 attached ./strace-static-x86_64: Process 5065 attached [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] set_robust_list(0x555555b96660, 24 [pid 5065] set_robust_list(0x555555b96660, 24 [pid 5064] <... clone resumed>, child_tidptr=0x555555b96650) = 5066 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached ./strace-static-x86_64: Process 5067 attached [pid 5066] <... prctl resumed>) = 0 [pid 5066] setpgid(0, 0 [pid 5065] <... clone resumed>, child_tidptr=0x555555b96650) = 5068 [pid 5066] <... setpgid resumed>) = 0 [ 103.958775][ T27] audit: type=1400 audit(1701859205.759:83): avc: denied { execmem } for pid=5063 comm="syz-executor190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] <... clone resumed>, child_tidptr=0x555555b96650) = 5067 [pid 5068] set_robust_list(0x555555b96660, 24 [pid 5067] set_robust_list(0x555555b96660, 24 [pid 5066] <... openat resumed>) = 3 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5066] <... openat resumed>) = 3 [pid 5068] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5070 attached [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5063] <... clone resumed>, child_tidptr=0x555555b96650) = 5069 [pid 5070] set_robust_list(0x555555b96660, 24 [pid 5068] <... prctl resumed>) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x555555b96650) = 5070 [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] setpgid(0, 0 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5068] <... setpgid resumed>) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5070] setpgid(0, 0) = 0 [pid 5068] write(3, "1000", 4 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5068] <... write resumed>) = 4 ./strace-static-x86_64: Process 5069 attached [pid 5068] close(3./strace-static-x86_64: Process 5071 attached [pid 5070] <... openat resumed>) = 3 [pid 5063] <... clone resumed>, child_tidptr=0x555555b96650) = 5071 [pid 5071] set_robust_list(0x555555b96660, 24 [pid 5068] <... close resumed>) = 0 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... set_robust_list resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5068] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5068] <... openat resumed>) = 3 [pid 5068] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5063] <... clone resumed>, child_tidptr=0x555555b96650) = 5072 ./strace-static-x86_64: Process 5073 attached ./strace-static-x86_64: Process 5072 attached [pid 5069] set_robust_list(0x555555b96660, 24 [pid 5073] set_robust_list(0x555555b96660, 24 [pid 5072] set_robust_list(0x555555b96660, 24) = 0 [pid 5071] <... clone resumed>, child_tidptr=0x555555b96650) = 5073 [pid 5073] <... set_robust_list resumed>) = 0 [pid 5069] <... set_robust_list resumed>) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... prctl resumed>) = 0 [pid 5073] setpgid(0, 0./strace-static-x86_64: Process 5075 attached ./strace-static-x86_64: Process 5074 attached ) = 0 [pid 5072] <... clone resumed>, child_tidptr=0x555555b96650) = 5074 [pid 5069] <... clone resumed>, child_tidptr=0x555555b96650) = 5075 [pid 5074] set_robust_list(0x555555b96660, 24) = 0 [ 104.030125][ T27] audit: type=1400 audit(1701859205.829:84): avc: denied { read append } for pid=5066 comm="syz-executor190" name="nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 104.054688][ T27] audit: type=1400 audit(1701859205.829:85): avc: denied { open } for pid=5066 comm="syz-executor190" path="/dev/nullb0" dev="devtmpfs" ino=681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5074] setpgid(0, 0 [pid 5075] set_robust_list(0x555555b96660, 24 [pid 5074] <... setpgid resumed>) = 0 [pid 5075] <... set_robust_list resumed>) = 0 [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5073] <... openat resumed>) = 3 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5074] <... openat resumed>) = 3 [pid 5075] <... prctl resumed>) = 0 [pid 5073] write(3, "1000", 4 [pid 5075] setpgid(0, 0 [pid 5073] <... write resumed>) = 4 [pid 5073] close(3 [pid 5075] <... setpgid resumed>) = 0 [pid 5074] write(3, "1000", 4 [pid 5073] <... close resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] <... write resumed>) = 4 [pid 5073] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5075] <... openat resumed>) = 3 [pid 5074] close(3 [pid 5073] <... openat resumed>) = 3 [pid 5074] <... close resumed>) = 0 [pid 5075] write(3, "1000", 4 [pid 5074] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5075] <... write resumed>) = 4 [pid 5074] <... openat resumed>) = 3 [pid 5073] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5075] close(3) = 0 [pid 5074] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5075] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5075] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5064] kill(-5066, SIGKILL) = 0 [pid 5064] kill(5066, SIGKILL) = 0 [pid 5065] kill(-5068, SIGKILL) = 0 [pid 5065] kill(5068, SIGKILL) = 0 [pid 5067] kill(-5070, SIGKILL) = 0 [pid 5067] kill(5070, SIGKILL) = 0 [pid 5071] kill(-5073, SIGKILL) = 0 [pid 5071] kill(5073, SIGKILL) = 0 [pid 5072] kill(-5074, SIGKILL) = 0 [pid 5072] kill(5074, SIGKILL) = 0 [pid 5069] kill(-5075, SIGKILL) = 0 [pid 5069] kill(5075, SIGKILL) = 0 [pid 5064] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", [pid 5065] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, [pid 5065] <... getdents64 resumed>0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(3, [pid 5064] <... getdents64 resumed>0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5065] <... getdents64 resumed>0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5064] close(3 [pid 5065] <... close resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5067] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5067] getdents64(3, 0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(3, 0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [pid 5072] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5072] getdents64(3, 0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(3, 0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5071] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5071] getdents64(3, 0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5071] getdents64(3, 0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5071] close(3) = 0 [pid 5069] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(3, 0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 134.455012][ T27] audit: type=1400 audit(1701859236.249:86): avc: denied { append } for pid=4492 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 134.477944][ T27] audit: type=1400 audit(1701859236.259:87): avc: denied { open } for pid=4492 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 134.500516][ T27] audit: type=1400 audit(1701859236.259:88): avc: denied { getattr } for pid=4492 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 5066] <... fallocate resumed>) = ? [pid 5066] +++ killed by SIGKILL +++ [pid 5064] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5066, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=12097 /* 120.97 s */} --- [pid 5064] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x555555b96650) = 5090 [pid 5090] set_robust_list(0x555555b96660, 24) = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5090] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5064] kill(-5090, SIGKILL) = 0 [pid 5064] kill(5090, SIGKILL) = 0 [pid 5064] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5064] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5064] getdents64(3, 0x555555b976f0 /* 2 entries */, 32768) = 48 [pid 5064] getdents64(3, 0x555555b976f0 /* 0 entries */, 32768) = 0 [pid 5064] close(3) = 0 [ 286.663727][ T28] INFO: task syz-executor190:5068 blocked for more than 143 seconds. [ 286.672194][ T28] Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 286.680343][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.689736][ T28] task:syz-executor190 state:D stack:28304 pid:5068 tgid:5068 ppid:5065 flags:0x00004006 [ 286.700558][ T28] Call Trace: [ 286.704442][ T28] [ 286.707416][ T28] __schedule+0xedb/0x5af0 [ 286.711992][ T28] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 286.718623][ T28] ? hlock_class+0x4e/0x130 [ 286.724236][ T28] ? mark_lock+0xb5/0xc50 [ 286.728651][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.734051][ T28] ? schedule+0x1fc/0x270 [ 286.739003][ T28] ? reacquire_held_locks+0x4c0/0x4c0 [ 286.744553][ T28] ? __down_write_common+0x899/0x1400 [ 286.749999][ T28] schedule+0xe9/0x270 [ 286.754516][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.760309][ T28] __down_write_common+0x948/0x1400 [ 286.765648][ T28] ? ptrace_stop.part.0+0x457/0x7a0 [ 286.770937][ T28] ? up_write+0x510/0x510 [ 286.775384][ T28] ? lock_sync+0x190/0x190 [ 286.780370][ T28] ? preempt_count_sub+0x160/0x160 [ 286.786101][ T28] blkdev_fallocate+0x1e9/0x450 [ 286.791370][ T28] ? file_to_blk_mode+0x1a0/0x1a0 [ 286.797022][ T28] vfs_fallocate+0x46c/0xe50 [ 286.801720][ T28] __x64_sys_fallocate+0xd5/0x140 [ 286.807420][ T28] do_syscall_64+0x40/0x110 [ 286.812501][ T28] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 286.818611][ T28] RIP: 0033:0x7f4eebe5eae9 [ 286.823067][ T28] RSP: 002b:00007fff1959b7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.832404][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eebe5eae9 [ 286.841084][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 286.849907][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.857990][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 286.867283][ T28] R13: 00007fff1959ba08 R14: 00007fff1959b810 R15: 00007fff1959b800 [ 286.875374][ T28] [ 286.878460][ T28] INFO: task syz-executor190:5073 blocked for more than 143 seconds. [ 286.886638][ T28] Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 286.894259][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.903069][ T28] task:syz-executor190 state:D stack:28160 pid:5073 tgid:5073 ppid:5071 flags:0x00004006 [ 286.915228][ T28] Call Trace: [ 286.925007][ T28] [ 286.928016][ T28] __schedule+0xedb/0x5af0 [ 286.932496][ T28] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 286.948557][ T28] ? preempt_schedule_notrace+0x5f/0xe0 [ 286.954822][ T28] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 286.962024][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.968031][ T28] ? schedule+0x1fc/0x270 [ 286.972443][ T28] ? reacquire_held_locks+0x4c0/0x4c0 [ 286.977959][ T28] schedule+0xe9/0x270 [ 286.982101][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.987739][ T28] __down_write_common+0x948/0x1400 [ 286.993029][ T28] ? ptrace_stop.part.0+0x457/0x7a0 [ 286.998481][ T28] ? up_write+0x510/0x510 [ 287.003390][ T28] ? lock_sync+0x190/0x190 [ 287.007957][ T28] ? preempt_count_sub+0x160/0x160 [ 287.013703][ T28] blkdev_fallocate+0x1e9/0x450 [ 287.019098][ T28] ? file_to_blk_mode+0x1a0/0x1a0 [ 287.024287][ T28] vfs_fallocate+0x46c/0xe50 [ 287.029568][ T28] __x64_sys_fallocate+0xd5/0x140 [ 287.035496][ T28] do_syscall_64+0x40/0x110 [ 287.040097][ T28] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.046642][ T28] RIP: 0033:0x7f4eebe5eae9 [ 287.051639][ T28] RSP: 002b:00007fff1959b7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.060807][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eebe5eae9 [ 287.068964][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 287.077083][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.085186][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 287.093216][ T28] R13: 00007fff1959ba08 R14: 00007fff1959b810 R15: 00007fff1959b800 [ 287.101828][ T28] [ 287.105544][ T28] INFO: task syz-executor190:5074 blocked for more than 143 seconds. [ 287.114365][ T28] Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 287.122485][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.131768][ T28] task:syz-executor190 state:D stack:28112 pid:5074 tgid:5074 ppid:5072 flags:0x00004006 [ 287.142638][ T28] Call Trace: [ 287.146614][ T28] [ 287.149598][ T28] __schedule+0xedb/0x5af0 [ 287.154157][ T28] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 287.161005][ T28] ? hlock_class+0x4e/0x130 [ 287.165671][ T28] ? mark_lock+0xb5/0xc50 [ 287.170252][ T28] ? io_schedule_timeout+0x150/0x150 [ 287.175676][ T28] ? schedule+0x1fc/0x270 [ 287.180073][ T28] ? reacquire_held_locks+0x4c0/0x4c0 [ 287.185669][ T28] ? __down_write_common+0x899/0x1400 [ 287.191598][ T28] schedule+0xe9/0x270 [ 287.196280][ T28] schedule_preempt_disabled+0x13/0x20 [ 287.201816][ T28] __down_write_common+0x948/0x1400 [ 287.207669][ T28] ? ptrace_stop.part.0+0x457/0x7a0 [ 287.213417][ T28] ? up_write+0x510/0x510 [ 287.218551][ T28] ? lock_sync+0x190/0x190 [ 287.223317][ T28] ? preempt_count_sub+0x160/0x160 [ 287.229170][ T28] blkdev_fallocate+0x1e9/0x450 [ 287.234160][ T28] ? file_to_blk_mode+0x1a0/0x1a0 [ 287.239748][ T28] vfs_fallocate+0x46c/0xe50 [ 287.245127][ T28] __x64_sys_fallocate+0xd5/0x140 [ 287.250250][ T28] do_syscall_64+0x40/0x110 [ 287.254869][ T28] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.260841][ T28] RIP: 0033:0x7f4eebe5eae9 [ 287.265374][ T28] RSP: 002b:00007fff1959b7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.273887][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eebe5eae9 [ 287.281912][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 287.290018][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.298105][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 287.306887][ T28] R13: 00007fff1959ba08 R14: 00007fff1959b810 R15: 00007fff1959b800 [ 287.314983][ T28] [ 287.318590][ T28] INFO: task syz-executor190:5075 blocked for more than 144 seconds. [ 287.327510][ T28] Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 287.335156][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.344453][ T28] task:syz-executor190 state:D stack:28064 pid:5075 tgid:5075 ppid:5069 flags:0x00004006 [ 287.354766][ T28] Call Trace: [ 287.358608][ T28] [ 287.362041][ T28] __schedule+0xedb/0x5af0 [ 287.367246][ T28] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 287.397229][ T28] ? hlock_class+0x4e/0x130 [ 287.401840][ T28] ? mark_lock+0xb5/0xc50 [ 287.406484][ T28] ? io_schedule_timeout+0x150/0x150 [ 287.412364][ T28] ? schedule+0x1fc/0x270 [ 287.417292][ T28] ? reacquire_held_locks+0x4c0/0x4c0 [ 287.422825][ T28] ? __down_write_common+0x899/0x1400 [ 287.428373][ T28] schedule+0xe9/0x270 [ 287.433031][ T28] schedule_preempt_disabled+0x13/0x20 [ 287.439129][ T28] __down_write_common+0x948/0x1400 [ 287.445150][ T28] ? ptrace_stop.part.0+0x457/0x7a0 [ 287.450422][ T28] ? up_write+0x510/0x510 [ 287.454870][ T28] ? lock_sync+0x190/0x190 [ 287.459893][ T28] ? preempt_count_sub+0x160/0x160 [ 287.465834][ T28] blkdev_fallocate+0x1e9/0x450 [ 287.471389][ T28] ? file_to_blk_mode+0x1a0/0x1a0 [ 287.476536][ T28] vfs_fallocate+0x46c/0xe50 [ 287.481300][ T28] __x64_sys_fallocate+0xd5/0x140 [ 287.486482][ T28] do_syscall_64+0x40/0x110 [ 287.491052][ T28] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.497067][ T28] RIP: 0033:0x7f4eebe5eae9 [ 287.501522][ T28] RSP: 002b:00007fff1959b7e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.510808][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eebe5eae9 [ 287.519425][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 287.528054][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.536984][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 287.545666][ T28] R13: 00007fff1959ba08 R14: 00007fff1959b810 R15: 00007fff1959b800 [ 287.553917][ T28] [ 287.557530][ T28] [ 287.557530][ T28] Showing all locks held in the system: [ 287.565860][ T28] 1 lock held by khungtaskd/28: [ 287.571263][ T28] #0: ffffffff8cfa81e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 287.581317][ T28] 2 locks held by klogd/4499: [ 287.586104][ T28] 2 locks held by getty/4812: [ 287.590821][ T28] #0: ffff888028db70a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 287.601158][ T28] #1: ffffc900020382f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc6/0x1490 [ 287.611996][ T28] 1 lock held by syz-executor190/5068: [ 287.618077][ T28] #0: ffff88801b776d00 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 287.629558][ T28] 1 lock held by syz-executor190/5070: [ 287.636498][ T28] 1 lock held by syz-executor190/5073: [ 287.641997][ T28] #0: ffff88801b776d00 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 287.655167][ T28] 1 lock held by syz-executor190/5074: [ 287.660690][ T28] #0: ffff88801b776d00 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 287.673596][ T28] 1 lock held by syz-executor190/5075: [ 287.681048][ T28] #0: ffff88801b776d00 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 287.710644][ T28] 1 lock held by syz-executor190/5090: [ 287.717897][ T28] #0: ffff88801b776d00 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 287.730629][ T28] [ 287.734840][ T28] ============================================= [ 287.734840][ T28] [ 287.745209][ T28] NMI backtrace for cpu 0 [ 287.750070][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 287.760133][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 287.770245][ T28] Call Trace: [ 287.773665][ T28] [ 287.776638][ T28] dump_stack_lvl+0xd9/0x1b0 [ 287.781384][ T28] nmi_cpu_backtrace+0x277/0x390 [ 287.786381][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.791756][ T28] nmi_trigger_cpumask_backtrace+0x299/0x300 [ 287.797814][ T28] watchdog+0xf87/0x1210 [ 287.802166][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.808208][ T28] ? lockdep_hardirqs_on+0x7d/0x110 [ 287.813692][ T28] ? __kthread_parkme+0x14b/0x220 [ 287.818780][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.824932][ T28] kthread+0x2c6/0x3a0 [ 287.829106][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.834492][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.840207][ T28] ret_from_fork+0x45/0x80 [ 287.844729][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.850432][ T28] ret_from_fork_asm+0x11/0x20 [ 287.855273][ T28] [ 287.858483][ T28] Sending NMI from CPU 0 to CPUs 1: [ 287.863755][ C1] NMI backtrace for cpu 1 [ 287.863768][ C1] CPU: 1 PID: 10 Comm: kworker/u4:0 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 287.863796][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 287.863811][ C1] Workqueue: events_unbound toggle_allocation_gate [ 287.863848][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 287.863882][ C1] Code: 00 00 f3 0f 1e fa 48 8b 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 c8 fe ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 aa fe ff ff 66 2e 0f 1f 84 00 00 00 [ 287.863905][ C1] RSP: 0018:ffffc9000030f7f0 EFLAGS: 00000246 [ 287.863923][ C1] RAX: 0000000000000000 RBX: ffffc9000030fa28 RCX: ffffffff8a73df31 [ 287.863940][ C1] RDX: 0000000000000000 RSI: 00000000fffffff3 RDI: 0000000000000002 [ 287.863955][ C1] RBP: ffffc9000030fa7b R08: 0000000000000005 R09: 000000000000000c [ 287.863970][ C1] R10: 0000000000000000 R11: 0000000000000004 R12: 000000000000000f [ 287.863984][ C1] R13: 00000000fffffff3 R14: 0000000000000000 R15: dffffc0000000000 [ 287.864000][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 287.864025][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.864042][ C1] CR2: 000055ef0b466680 CR3: 000000007d306000 CR4: 00000000003506f0 [ 287.864057][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.864072][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.864087][ C1] Call Trace: [ 287.864094][ C1] [ 287.864101][ C1] ? show_regs+0x8f/0xa0 [ 287.864133][ C1] ? nmi_cpu_backtrace+0x1d4/0x390 [ 287.864163][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.864200][ C1] ? nmi_handle+0x1a6/0x570 [ 287.864231][ C1] ? __sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 287.864261][ C1] ? default_do_nmi+0x6a/0x160 [ 287.864296][ C1] ? exc_nmi+0x186/0x200 [ 287.864326][ C1] ? end_repeat_nmi+0xf/0x2a [ 287.864351][ C1] ? insn_get_prefixes+0x6e1/0x1120 [ 287.864408][ C1] ? __sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 287.864438][ C1] ? __sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 287.864468][ C1] ? __sanitizer_cov_trace_const_cmp4+0x8/0x20 [ 287.864497][ C1] [ 287.864504][ C1] [ 287.864510][ C1] insn_get_prefixes+0x6e1/0x1120 [ 287.864539][ C1] ? kmem_cache_alloc_node+0xca/0x4a0 [ 287.864578][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.864617][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.864654][ C1] insn_get_opcode+0x462/0xa30 [ 287.864682][ C1] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 287.864721][ C1] ? inat_get_opcode_attribute+0xc/0x50 [ 287.864754][ C1] ? insn_get_opcode+0x444/0xa30 [ 287.864783][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.864820][ C1] insn_get_modrm+0x30e/0x730 [ 287.864848][ C1] ? lock_acquire+0x1ae/0x520 [ 287.864883][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.864920][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.864958][ C1] insn_get_sib+0x1ad/0x320 [ 287.864986][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865023][ C1] insn_get_displacement+0x23a/0x680 [ 287.865053][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865091][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865128][ C1] insn_get_immediate+0x550/0x1c50 [ 287.865158][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865195][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865232][ C1] insn_decode+0x2ae/0x340 [ 287.865262][ C1] arch_jump_entry_size+0xb3/0x150 [ 287.865299][ C1] ? arch_jump_entry_size.part.0+0x10/0x10 [ 287.865339][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865376][ C1] ? kmem_cache_alloc_node+0xca/0x4a0 [ 287.865413][ C1] ? kmem_cache_alloc_node+0xbb/0x4a0 [ 287.865452][ C1] ? kmem_cache_alloc_node+0x211/0x4a0 [ 287.865490][ C1] __jump_label_patch+0x85/0x400 [ 287.865528][ C1] arch_jump_label_transform_queue+0x7e/0x110 [ 287.865568][ C1] __jump_label_update+0x125/0x420 [ 287.865603][ C1] jump_label_update+0x1d7/0x400 [ 287.865628][ C1] static_key_enable_cpuslocked+0x1b7/0x270 [ 287.865654][ C1] static_key_enable+0x1a/0x20 [ 287.865677][ C1] toggle_allocation_gate+0xf4/0x250 [ 287.865710][ C1] ? wake_up_kfence_timer+0x30/0x30 [ 287.865750][ C1] process_one_work+0x886/0x15d0 [ 287.865785][ C1] ? do_flush_stats+0xf0/0xf0 [ 287.865820][ C1] ? workqueue_congested+0x300/0x300 [ 287.865854][ C1] ? assign_work+0x1a0/0x250 [ 287.865884][ C1] worker_thread+0x8b9/0x1290 [ 287.865919][ C1] ? process_one_work+0x15d0/0x15d0 [ 287.865950][ C1] kthread+0x2c6/0x3a0 [ 287.865977][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.866002][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 287.866032][ C1] ret_from_fork+0x45/0x80 [ 287.866062][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 287.866091][ C1] ret_from_fork_asm+0x11/0x20 [ 287.866130][ C1] [ 287.866138][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.383 msecs [ 288.351068][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 288.357997][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 [ 288.367851][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 288.377950][ T28] Call Trace: [ 288.381260][ T28] [ 288.384226][ T28] dump_stack_lvl+0xd9/0x1b0 [ 288.388871][ T28] panic+0x6dc/0x790 [ 288.392824][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 288.398003][ T28] ? preempt_schedule_thunk+0x1a/0x30 [ 288.403442][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 288.408740][ T28] ? preempt_schedule_thunk+0x1a/0x30 [ 288.414178][ T28] ? watchdog+0xd3e/0x1210 [ 288.418652][ T28] ? watchdog+0xd31/0x1210 [ 288.423122][ T28] watchdog+0xd4f/0x1210 [ 288.427516][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 288.433560][ T28] ? lockdep_hardirqs_on+0x7d/0x110 [ 288.438821][ T28] ? __kthread_parkme+0x14b/0x220 [ 288.443900][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 288.449942][ T28] kthread+0x2c6/0x3a0 [ 288.454063][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.459311][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 288.464997][ T28] ret_from_fork+0x45/0x80 [ 288.469501][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 288.475226][ T28] ret_from_fork_asm+0x11/0x20 [ 288.480051][ T28] [ 288.483362][ T28] Kernel Offset: disabled [ 288.487703][ T28] Rebooting in 86400 seconds..