./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3677390679 <...> forked to background, child pid 3207 no interfaces have a carrier [ 27.981179][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 27.990733][ T3208] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.91' (ECDSA) to the list of known hosts. execve("./syz-executor3677390679", ["./syz-executor3677390679"], 0x7fff5d97c9e0 /* 10 vars */) = 0 brk(NULL) = 0x5555565b9000 brk(0x5555565b9c40) = 0x5555565b9c40 arch_prctl(ARCH_SET_FS, 0x5555565b9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3677390679", 4096) = 28 brk(0x5555565dac40) = 0x5555565dac40 brk(0x5555565db000) = 0x5555565db000 mprotect(0x7f16e929d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565b95d0) = 3629 ./strace-static-x86_64: Process 3629 attached [pid 3629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3629] setpgid(0, 0) = 0 [pid 3629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3629] write(3, "1000", 4) = 4 [pid 3629] close(3) = 0 [pid 3629] memfd_create("syzkaller", 0) = 3 [pid 3629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f16e0de2000 [pid 3629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 3629] munmap(0x7f16e0de2000, 1048576) = 0 [pid 3629] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 3629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 3629] close(3) = 0 [pid 3629] mkdir("./file0", 0777) = 0 syzkaller login: [ 54.891885][ T3629] loop0: detected capacity change from 0 to 2048 [ 54.904054][ T3629] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 3629] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "data_err=abort,usrjquota=,dioread_nolock,abort,,errors=continue") = 0 [pid 3629] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 3629] chdir("./file0") = 0 [pid 3629] ioctl(4, LOOP_CLR_FD) = 0 [pid 3629] close(4) = 0 [pid 3629] openat(AT_FDCWD, "cpuset.memory_pressure_enabled", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 3629] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 11) = 11 [pid 3629] openat(AT_FDCWD, "cpuset.memory_pressure_enabled", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 5 [ 54.937871][ T3629] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 3629] fallocate(5, FALLOC_FL_COLLAPSE_RANGE, 6, 19715 [pid 3628] kill(-3629, SIGKILL) = 0 [pid 3628] kill(3629, SIGKILL) = 0 [pid 3628] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3628] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3628] getdents64(3, 0x5555565ba620 /* 2 entries */, 32768) = 48 [pid 3628] getdents64(3, 0x5555565ba620 /* 0 entries */, 32768) = 0 [pid 3628] close(3) = 0 [ 75.785642][ T149] cfg80211: failed to load regulatory.db [ 285.703773][ T27] INFO: task syz-executor367:3629 blocked for more than 143 seconds. [ 285.711937][ T27] Not tainted 6.1.0-syzkaller-00071-g3a28c2c89f4b #0 [ 285.719338][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.728117][ T27] task:syz-executor367 state:D stack:26456 pid:3629 ppid:3628 flags:0x00004004 [ 285.737602][ T27] Call Trace: [ 285.740887][ T27] [ 285.743867][ T27] __schedule+0xae9/0x53f0 [ 285.748347][ T27] ? mark_held_locks+0x9f/0xe0 [ 285.753105][ T27] ? lockdep_hardirqs_on+0x7d/0x100 [ 285.758361][ T27] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 285.764558][ T27] ? io_schedule_timeout+0x150/0x150 [ 285.769863][ T27] schedule+0xde/0x1b0 [ 285.773975][ T27] io_schedule+0xbe/0x130 [ 285.778343][ T27] bit_wait_io+0x16/0xe0 [ 285.782572][ T27] __wait_on_bit_lock+0x11f/0x1a0 [ 285.787626][ T27] ? bit_wait+0xe0/0xe0 [ 285.791799][ T27] out_of_line_wait_on_bit_lock+0xd9/0x110 [ 285.797756][ T27] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 285.803014][ T27] ? sugov_start+0x580/0x580 [ 285.807678][ T27] __sync_dirty_buffer+0x30e/0x380 [ 285.812800][ T27] __ext4_handle_dirty_metadata+0x2b7/0x6f0 [ 285.818748][ T27] ? __ext4_journal_get_create_access+0x182/0x1f0 [ 285.825441][ T27] ext4_convert_inline_data_nolock+0x6e6/0xf10 [ 285.831596][ T27] ? ext4_destroy_inline_data_nolock+0x580/0x580 [ 285.838293][ T27] ? down_write_killable_nested+0x250/0x250 [ 285.844247][ T27] ? __ext4_journal_start_sb+0x223/0x530 [ 285.849904][ T27] ? ext4_convert_inline_data+0x315/0x5f0 [ 285.855681][ T27] ext4_convert_inline_data+0x517/0x5f0 [ 285.861338][ T27] ? ext4_inline_data_truncate+0xce0/0xce0 [ 285.867182][ T27] ? down_write_killable_nested+0x250/0x250 [ 285.873085][ T27] ? do_raw_spin_lock+0x124/0x2b0 [ 285.878159][ T27] ext4_fallocate+0x19a/0x4220 [ 285.883048][ T27] ? lock_release+0x810/0x810 [ 285.887762][ T27] ? ext4_ext_truncate+0x400/0x400 [ 285.892915][ T27] ? ext4_ext_truncate+0x400/0x400 [ 285.898093][ T27] vfs_fallocate+0x48b/0xe00 [ 285.902714][ T27] __x64_sys_fallocate+0xd3/0x140 [ 285.907800][ T27] do_syscall_64+0x39/0xb0 [ 285.912257][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.918215][ T27] RIP: 0033:0x7f16e922f2d9 [ 285.922653][ T27] RSP: 002b:00007ffcc4aa03a8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 285.931359][ T27] RAX: ffffffffffffffda RBX: 00007f16e9273860 RCX: 00007f16e922f2d9 [ 285.939642][ T27] RDX: 0000000000000006 RSI: 0000000000000008 RDI: 0000000000000005 [ 285.947827][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 285.955971][ T27] R10: 0000000000004d03 R11: 0000000000000246 R12: 00007ffcc4aa03d0 [ 285.963986][ T27] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 285.971989][ T27] [ 285.975099][ T27] [ 285.975099][ T27] Showing all locks held in the system: [ 285.982905][ T27] 1 lock held by rcu_tasks_kthre/12: [ 285.988234][ T27] #0: ffffffff8c58f070 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 285.998769][ T27] 1 lock held by rcu_tasks_trace/13: [ 286.004077][ T27] #0: ffffffff8c58ed70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.015135][ T27] 1 lock held by khungtaskd/27: [ 286.019976][ T27] #0: ffffffff8c58fbc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 [ 286.029891][ T27] 2 locks held by getty/3307: [ 286.034638][ T27] #0: ffff88814b658098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.044549][ T27] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.054707][ T27] 3 locks held by syz-executor367/3629: [ 286.060404][ T27] #0: ffff88807a4cc460 (sb_writers#4){.+.+}-{0:0}, at: __x64_sys_fallocate+0xd3/0x140 [ 286.070089][ T27] #1: ffff888073573628 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x192/0x4220 [ 286.080787][ T27] #2: ffff8880735732f0 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x34f/0x5f0 [ 286.091199][ T27] [ 286.093590][ T27] ============================================= [ 286.093590][ T27] [ 286.102001][ T27] NMI backtrace for cpu 1 [ 286.106318][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.0-syzkaller-00071-g3a28c2c89f4b #0 [ 286.115759][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.125802][ T27] Call Trace: [ 286.129066][ T27] [ 286.131984][ T27] dump_stack_lvl+0xd1/0x138 [ 286.136575][ T27] nmi_cpu_backtrace.cold+0x24/0x18a [ 286.141855][ T27] nmi_trigger_cpumask_backtrace+0x333/0x3c0 [ 286.147830][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.153034][ T27] watchdog+0xc75/0xfc0 [ 286.157189][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.163163][ T27] kthread+0x2e8/0x3a0 [ 286.167218][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.172842][ T27] ret_from_fork+0x1f/0x30 [ 286.177262][ T27] [ 286.180351][ T27] Sending NMI from CPU 1 to CPUs 0: [ 286.185624][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1fd/0x2a0 [ 286.186638][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 286.202106][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.0-syzkaller-00071-g3a28c2c89f4b #0 [ 286.211636][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.221681][ T27] Call Trace: [ 286.224943][ T27] [ 286.227876][ T27] dump_stack_lvl+0xd1/0x138 [ 286.232452][ T27] panic+0x2cc/0x626 [ 286.236506][ T27] ? panic_print_sys_info.part.0+0x110/0x110 [ 286.242472][ T27] ? preempt_schedule_thunk+0x1a/0x1c [ 286.247843][ T27] ? watchdog.cold+0x130/0x158 [ 286.252601][ T27] watchdog.cold+0x141/0x158 [ 286.257186][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.263166][ T27] kthread+0x2e8/0x3a0 [ 286.267220][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.272844][ T27] ret_from_fork+0x1f/0x30 [ 286.277264][ T27] [ 286.281344][ T27] Kernel Offset: disabled [ 286.285659][ T27] Rebooting in 86400 seconds..