./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1494550313 <...> forked to background, child pid 3180 no interfaces have a carrier [ 25.972537][ T3181] 8021q: adding VLAN 0 to HW filter on device bond0 [ 25.989138][ T3181] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.111' (ECDSA) to the list of known hosts. execve("./syz-executor1494550313", ["./syz-executor1494550313"], 0x7ffd9afb2f40 /* 10 vars */) = 0 brk(NULL) = 0x555556892000 brk(0x555556892c40) = 0x555556892c40 arch_prctl(ARCH_SET_FS, 0x555556892300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1494550313", 4096) = 28 brk(0x5555568b3c40) = 0x5555568b3c40 brk(0x5555568b4000) = 0x5555568b4000 mprotect(0x7f5a2bdc2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3610 attached , child_tidptr=0x5555568925d0) = 3610 [pid 3610] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3610] setpgid(0, 0) = 0 [pid 3610] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3610] write(3, "1000", 4) = 4 [pid 3610] close(3) = 0 [pid 3610] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3610] ioctl(3, BLKPG, {op=BLKPG_ADD_PARTITION, flags=0, datalen=17, data={start=1069067264, length=7029819718479380480, pno=4, devname="", volname=""}}) = 0 [pid 3610] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 3610] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 3610] ioctl(4, NBD_SET_SOCK, 5) = 0 [pid 3610] exit_group(0) = ? [pid 3610] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3610, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3612 attached , child_tidptr=0x5555568925d0) = 3612 [pid 3612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3612] setpgid(0, 0) = 0 [pid 3612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3612] write(3, "1000", 4) = 4 [pid 3612] close(3) = 0 [pid 3612] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3612] ioctl(3, BLKPG, {op=BLKPG_ADD_PARTITION, flags=0, datalen=17, data={start=1069067264, length=7029819718479380480, pno=4, devname="", volname=""}}) = -1 EBUSY (Device or resource busy) [pid 3612] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 3612] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 3612] ioctl(4, NBD_SET_SOCK, 5 [pid 3609] kill(-3612, SIGKILL) = 0 [pid 3609] kill(3612, SIGKILL) = 0 [pid 3609] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3609] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3609] getdents64(3, 0x555556893620 /* 2 entries */, 32768) = 48 [pid 3609] getdents64(3, 0x555556893620 /* 0 entries */, 32768) = 0 [pid 3609] close(3) = 0 syzkaller login: [ 76.237845][ T14] cfg80211: failed to load regulatory.db [ 80.076258][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 30 seconds [ 110.156224][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 60 seconds [ 111.241618][ T2970] udevd[2970]: worker [3611] /devices/virtual/block/nbd0/nbd0p4 is taking a long time [ 140.236218][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 90 seconds [ 170.316262][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 120 seconds [ 200.396252][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 150 seconds [ 230.476232][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 180 seconds [ 231.394177][ T2970] udevd[2970]: worker [3611] /devices/virtual/block/nbd0/nbd0p4 timeout; kill it [ 231.404065][ T2970] udevd[2970]: seq 7455 '/devices/virtual/block/nbd0/nbd0p4' killed [ 260.556232][ T108] block nbd0: Possible stuck request ffff88801e1e0000: control (read@7029819719548382208,4096B). Runtime 210 seconds [ 286.156283][ T28] INFO: task syz-executor149:3612 blocked for more than 143 seconds. [ 286.164477][ T28] Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 286.171830][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.180613][ T28] task:syz-executor149 state:D stack:27008 pid: 3612 ppid: 3609 flags:0x00004004 [ 286.190113][ T28] Call Trace: [ 286.193396][ T28] [ 286.196481][ T28] __schedule+0x957/0xe20 [ 286.200938][ T28] ? __sched_text_start+0x8/0x8 [ 286.205774][ T28] ? sbitmap_any_bit_set+0x155/0x190 [ 286.211323][ T28] ? prepare_to_wait_event+0x444/0x540 [ 286.217060][ T28] schedule+0xcb/0x190 [ 286.221160][ T28] blk_mq_freeze_queue_wait+0x105/0x190 [ 286.227002][ T28] ? blk_mq_run_hw_queues+0x370/0x370 [ 286.232395][ T28] ? wake_bit_function+0x230/0x230 [ 286.237752][ T28] ? percpu_ref_kill_and_confirm+0x9c/0x130 [ 286.243697][ T28] ? unix_listen+0x2b0/0x2b0 [ 286.248523][ T28] nbd_add_socket+0x17b/0x8e0 [ 286.253268][ T28] ? refcount_inc+0x80/0x80 [ 286.257927][ T28] ? bpf_lsm_capable+0x5/0x10 [ 286.262675][ T28] ? security_capable+0xb1/0xd0 [ 286.267751][ T28] nbd_ioctl+0x260/0xa40 [ 286.272008][ T28] ? nbd_release+0x130/0x130 [ 286.276743][ T28] ? memset+0x1f/0x40 [ 286.280781][ T28] ? smack_file_ioctl+0x298/0x3a0 [ 286.285835][ T28] ? smack_file_alloc_security+0xd0/0xd0 [ 286.291905][ T28] ? nbd_release+0x130/0x130 [ 286.296567][ T28] blkdev_ioctl+0x3a6/0x760 [ 286.301239][ T28] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 286.306843][ T28] ? vtime_user_exit+0x2b2/0x3e0 [ 286.311841][ T28] ? __ct_user_exit+0x81/0xe0 [ 286.316737][ T28] ? bpf_lsm_file_ioctl+0x5/0x10 [ 286.321773][ T28] ? security_file_ioctl+0x9d/0xb0 [ 286.327075][ T28] ? blkdev_compat_ptr_ioctl+0xd0/0xd0 [ 286.332542][ T28] __se_sys_ioctl+0xfb/0x170 [ 286.337341][ T28] do_syscall_64+0x2b/0x70 [ 286.341765][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.347892][ T28] RIP: 0033:0x7f5a2bd553d9 [ 286.352321][ T28] RSP: 002b:00007fff7a0c3c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.360780][ T28] RAX: ffffffffffffffda RBX: 000000000000c195 RCX: 00007f5a2bd553d9 [ 286.368817][ T28] RDX: 0000000000000005 RSI: 000000000000ab00 RDI: 0000000000000004 [ 286.376842][ T28] RBP: 0000000000000000 R08: 00007fff7a0c3da8 R09: 00007fff7a0c3da8 [ 286.384821][ T28] R10: 00007fff7a0c3da8 R11: 0000000000000246 R12: 00007fff7a0c3c1c [ 286.392828][ T28] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 286.400838][ T28] [ 286.403861][ T28] [ 286.403861][ T28] Showing all locks held in the system: [ 286.411736][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.417062][ T28] #0: ffffffff8cb1f030 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.427735][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.433026][ T28] #0: ffffffff8cb1f830 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.444086][ T28] 1 lock held by khungtaskd/28: [ 286.448962][ T28] #0: ffffffff8cb1ee60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.458339][ T28] 2 locks held by getty/3285: [ 286.463011][ T28] #0: ffff88814a34a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 286.472854][ T28] #1: ffffc90002d162e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6e8/0x1e50 [ 286.483011][ T28] 1 lock held by udevd/3611: [ 286.487617][ T28] #0: ffff88801e103118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0x100/0x730 [ 286.497054][ T28] 1 lock held by syz-executor149/3612: [ 286.502510][ T28] #0: ffff888146e48198 (&nbd->config_lock){+.+.}-{3:3}, at: nbd_ioctl+0x13e/0xa40 [ 286.511865][ T28] [ 286.514186][ T28] ============================================= [ 286.514186][ T28] [ 286.522622][ T28] NMI backtrace for cpu 1 [ 286.526946][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 286.536551][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.546586][ T28] Call Trace: [ 286.549865][ T28] [ 286.552779][ T28] dump_stack_lvl+0x1e3/0x2cb [ 286.557447][ T28] ? io_notif_register+0x5e7/0x5e7 [ 286.562543][ T28] ? panic+0x76e/0x76e [ 286.566591][ T28] ? console_unlock+0x6bd/0x6f0 [ 286.571486][ T28] ? console_trylock_spinning+0x450/0x450 [ 286.577268][ T28] ? nmi_cpu_backtrace+0x248/0x4a0 [ 286.582399][ T28] nmi_cpu_backtrace+0x473/0x4a0 [ 286.587335][ T28] ? vprintk_emit+0x109/0x1e0 [ 286.592107][ T28] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 286.598250][ T28] ? _printk+0xcf/0x10f [ 286.602396][ T28] ? panic+0x76e/0x76e [ 286.606454][ T28] ? __wake_up_klogd+0xcd/0x100 [ 286.611296][ T28] ? panic+0x76e/0x76e [ 286.615359][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.621472][ T28] nmi_trigger_cpumask_backtrace+0x168/0x280 [ 286.627448][ T28] watchdog+0xcd5/0xd20 [ 286.631653][ T28] kthread+0x266/0x300 [ 286.635742][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.640767][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.645352][ T28] ret_from_fork+0x1f/0x30 [ 286.649782][ T28] [ 286.652903][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.658155][ C0] NMI backtrace for cpu 0 [ 286.658164][ C0] CPU: 0 PID: 3324 Comm: kworker/0:3 Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 286.658178][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.658185][ C0] Workqueue: 0x0 (mm_percpu_wq) [ 286.658203][ C0] RIP: 0010:schedule+0x8b/0x190 [ 286.658220][ C0] Code: f9 f9 eb 05 e8 96 46 23 f7 4d 8d b4 24 10 12 00 00 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 68 07 a7 f7 49 8b 3e <48> 85 ff 74 0a be 01 00 00 00 e8 76 e9 df f9 4c 89 e3 48 c1 eb 03 [ 286.658231][ C0] RSP: 0018:ffffc90002d2fda8 EFLAGS: 00000246 [ 286.658241][ C0] RAX: 1ffff1100f5fbd52 RBX: ffff8880b9a393c0 RCX: ffff88807afdd880 [ 286.658250][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 286.658258][ C0] RBP: ffff888027c7ea68 R08: ffffffff81572bd5 R09: ffffed1017347279 [ 286.658267][ C0] R10: ffffed1017347279 R11: 1ffff11017347278 R12: ffff88807afdd880 [ 286.658277][ C0] R13: ffff8880b9a39410 R14: ffff88807afdea90 R15: dffffc0000000000 [ 286.658286][ C0] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 286.658297][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.658306][ C0] CR2: 00005605aa6e9ee8 CR3: 000000000c88e000 CR4: 00000000003506f0 [ 286.658318][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.658325][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.658333][ C0] Call Trace: [ 286.658337][ C0] [ 286.658343][ C0] worker_thread+0xfbf/0x1330 [ 286.658405][ C0] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 286.658427][ C0] kthread+0x266/0x300 [ 286.658439][ C0] ? rcu_lock_release+0x20/0x20 [ 286.658452][ C0] ? kthread_blkcg+0xd0/0xd0 [ 286.658465][ C0] ret_from_fork+0x1f/0x30 [ 286.658485][ C0] [ 286.659177][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.842496][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 5.19.0-syzkaller-02972-g200e340f2196 #0 [ 286.852042][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.862092][ T28] Call Trace: [ 286.865366][ T28] [ 286.868308][ T28] dump_stack_lvl+0x1e3/0x2cb [ 286.873017][ T28] ? io_notif_register+0x5e7/0x5e7 [ 286.878129][ T28] ? panic+0x76e/0x76e [ 286.882197][ T28] ? vscnprintf+0x59/0x80 [ 286.886546][ T28] panic+0x312/0x76e [ 286.890436][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 286.896066][ T28] ? nmi_trigger_cpumask_backtrace+0x205/0x280 [ 286.902232][ T28] ? fb_is_primary_device+0xcc/0xcc [ 286.907430][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.913497][ T28] ? nmi_trigger_cpumask_backtrace+0x205/0x280 [ 286.919648][ T28] ? nmi_trigger_cpumask_backtrace+0x265/0x280 [ 286.925806][ T28] watchdog+0xd16/0xd20 [ 286.929970][ T28] kthread+0x266/0x300 [ 286.934040][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.939057][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.943640][ T28] ret_from_fork+0x1f/0x30 [ 286.948063][ T28] [ 286.951355][ T28] Kernel Offset: disabled [ 286.955684][ T28] Rebooting in 86400 seconds..