./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1048719148 <...> DUID 00:04:06:88:74:a7:04:75:62:cb:55:93:34:09:94:90:e1:fe forked to background, child pid 4645 [ 32.987046][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.009008][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.117' (ECDSA) to the list of known hosts. execve("./syz-executor1048719148", ["./syz-executor1048719148"], 0x7ffcce955a10 /* 10 vars */) = 0 brk(NULL) = 0x5555563bb000 brk(0x5555563bbc40) = 0x5555563bbc40 arch_prctl(ARCH_SET_FS, 0x5555563bb300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563bb5d0) = 5071 set_robust_list(0x5555563bb5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f93daa21820, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f93daa21ef0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f93daa218c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f93daa21ef0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1048719148", 4096) = 28 brk(0x5555563dcc40) = 0x5555563dcc40 brk(0x5555563dd000) = 0x5555563dd000 mprotect(0x7f93daae5000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x5555563bb5d0) = 5072 [pid 5072] set_robust_list(0x5555563bb5e0, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f93da9f1000 [pid 5072] mprotect(0x7f93da9f2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f93daa113f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5073], tls=0x7f93daa11700, child_tidptr=0x7f93daa119d0) = 5073 [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f93daa119e0, 24) = 0 [pid 5073] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 3 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x26\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f93daaeb4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 1 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 0 [pid 5073] pivot_root("./file0", "./file0") = 0 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... futex resumed>) = 1 [pid 5073] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x15\x30\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 5073] futex(0x7f93daaeb4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7f93daaeb4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f93daaeb4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] futex(0x7f93daaeb4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] openat(AT_FDCWD, "/dev/input/mouse6", O_RDONLY|O_DIRECT [pid 5072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f93daaeb4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f93da9d0000 [pid 5072] mprotect(0x7f93da9d1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] clone(child_stack=0x7f93da9f03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5075 attached , parent_tid=[5075], tls=0x7f93da9f0700, child_tidptr=0x7f93da9f09d0) = 5075 [pid 5072] futex(0x7f93daaeb4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] set_robust_list(0x7f93da9f09e0, 24) = 0 [pid 5075] read(3, "\x2d\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2\x13\x00\x00\x00\x00\x00\x00\x70\x72\x6f\x63\x00", 8192) = 45 [pid 5075] futex(0x7f93daaeb4dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5075] write(3, "\x2c\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x28\x39\x5c\x00", 44 [pid 5072] futex(0x7f93daaeb4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f93daaeb4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f93daaeb4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5072] futex(0x7f93daaeb4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5072] exit_group(0) = ? [pid 5071] kill(-5072, SIGKILL) = 0 [pid 5071] kill(5072, SIGKILL) = 0 syzkaller login: [ 76.359625][ T2488] cfg80211: failed to load regulatory.db [ 286.277772][ T28] INFO: task syslogd:4415 blocked for more than 143 seconds. [ 286.285267][ T28] Not tainted 6.1.0-next-20221216-syzkaller #0 [ 286.292021][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.300730][ T28] task:syslogd state:D stack:25488 pid:4415 ppid:1 flags:0x00000000 [ 286.309964][ T28] Call Trace: [ 286.313240][ T28] [ 286.316166][ T28] __schedule+0x2544/0x53f0 [ 286.320781][ T28] ? lock_chain_count+0x20/0x20 [ 286.325667][ T28] ? find_held_lock+0x2d/0x110 [ 286.330478][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.335766][ T28] ? rwsem_down_read_slowpath+0x29f/0xb20 [ 286.341601][ T28] schedule+0xde/0x1b0 [ 286.345678][ T28] rwsem_down_read_slowpath+0x5a7/0xb20 [ 286.351260][ T28] ? down_write+0x220/0x220 [ 286.355757][ T28] ? lock_release+0x810/0x810 [ 286.360458][ T28] ? walk_component+0x332/0x5a0 [ 286.365351][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.370949][ T28] ? walk_component+0x332/0x5a0 [ 286.375795][ T28] ? lock_acquire+0x32/0xc0 [ 286.380321][ T28] ? walk_component+0x332/0x5a0 [ 286.385172][ T28] down_read+0xe6/0x450 [ 286.389368][ T28] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 286.395118][ T28] ? lookup_fast+0x14e/0x520 [ 286.399789][ T28] walk_component+0x332/0x5a0 [ 286.404493][ T28] link_path_walk.part.0+0x730/0xdf0 [ 286.409851][ T28] ? walk_component+0x5a0/0x5a0 [ 286.414700][ T28] ? percpu_counter_add_batch+0xc1/0x180 [ 286.420451][ T28] path_openat+0x25c/0x2a50 [ 286.424960][ T28] ? path_lookupat+0x840/0x840 [ 286.429833][ T28] do_filp_open+0x1ba/0x410 [ 286.434339][ T28] ? may_open_dev+0xf0/0xf0 [ 286.438876][ T28] ? find_held_lock+0x2d/0x110 [ 286.443662][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 286.448718][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.453654][ T28] ? _raw_spin_unlock+0x28/0x40 [ 286.458535][ T28] ? alloc_fd+0x2d8/0x6d0 [ 286.462882][ T28] do_sys_openat2+0x16d/0x4c0 [ 286.467623][ T28] ? build_open_flags+0x6f0/0x6f0 [ 286.472642][ T28] ? blkcg_maybe_throttle_current+0x31f/0xc80 [ 286.478744][ T28] __x64_sys_openat+0x143/0x1f0 [ 286.483588][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.488563][ T28] ? syscall_enter_from_user_mode+0x26/0xb0 [ 286.494490][ T28] do_syscall_64+0x39/0xb0 [ 286.499001][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.504953][ T28] RIP: 0033:0x7f1a13b44697 [ 286.509430][ T28] RSP: 002b:00007fff97e38fe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.517881][ T28] RAX: ffffffffffffffda RBX: 000055e93c555910 RCX: 00007f1a13b44697 [ 286.525847][ T28] RDX: 0000000000000d41 RSI: 00007f1a13cd299a RDI: 00000000ffffff9c [ 286.533853][ T28] RBP: 00007f1a13cd299a R08: 00007f1a13bd4040 R09: 00007f1a13bd40c0 [ 286.541866][ T28] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000d41 [ 286.549916][ T28] R13: 000055e93c555a50 R14: 0000000000000003 R15: 000055e93c555a60 [ 286.557929][ T28] [ 286.560952][ T28] INFO: task udevd:4433 blocked for more than 143 seconds. [ 286.568182][ T28] Not tainted 6.1.0-next-20221216-syzkaller #0 [ 286.574844][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.583536][ T28] task:udevd state:D stack:26960 pid:4433 ppid:1 flags:0x00000000 [ 286.592767][ T28] Call Trace: [ 286.596036][ T28] [ 286.598993][ T28] __schedule+0x2544/0x53f0 [ 286.603505][ T28] ? lock_chain_count+0x20/0x20 [ 286.608387][ T28] ? find_held_lock+0x2d/0x110 [ 286.613154][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.618461][ T28] ? rwsem_down_read_slowpath+0x29f/0xb20 [ 286.624183][ T28] schedule+0xde/0x1b0 [ 286.628286][ T28] rwsem_down_read_slowpath+0x5a7/0xb20 [ 286.633828][ T28] ? down_write+0x220/0x220 [ 286.638352][ T28] ? lock_release+0x810/0x810 [ 286.643062][ T28] ? walk_component+0x332/0x5a0 [ 286.647943][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.653486][ T28] ? walk_component+0x332/0x5a0 [ 286.658382][ T28] ? lock_acquire+0x32/0xc0 [ 286.662877][ T28] ? walk_component+0x332/0x5a0 [ 286.667761][ T28] down_read+0xe6/0x450 [ 286.671909][ T28] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 286.677646][ T28] ? lookup_fast+0x14e/0x520 [ 286.682237][ T28] walk_component+0x332/0x5a0 [ 286.686914][ T28] link_path_walk.part.0+0x730/0xdf0 [ 286.692237][ T28] ? walk_component+0x5a0/0x5a0 [ 286.697091][ T28] path_lookupat+0xb7/0x840 [ 286.701628][ T28] filename_lookup+0x1d2/0x590 [ 286.706391][ T28] ? may_linkat+0x500/0x500 [ 286.710937][ T28] ? find_held_lock+0x2d/0x110 [ 286.715704][ T28] ? __might_fault+0xd9/0x180 [ 286.720496][ T28] ? kfence_object_start+0xb1/0xd0 [ 286.725687][ T28] ? __check_heap_object+0xbf/0x110 [ 286.730951][ T28] ? __phys_addr_symbol+0x30/0x70 [ 286.735988][ T28] vfs_statx+0x14c/0x430 [ 286.740296][ T28] ? inode_sub_bytes+0x100/0x100 [ 286.745249][ T28] ? getname_flags.part.0+0x1dd/0x4f0 [ 286.750697][ T28] vfs_fstatat+0x90/0xb0 [ 286.754960][ T28] __do_sys_newfstatat+0x8a/0x110 [ 286.760059][ T28] ? __do_compat_sys_newlstat+0x100/0x100 [ 286.765797][ T28] ? __up_read+0x192/0x720 [ 286.770258][ T28] ? up_write+0x520/0x520 [ 286.774590][ T28] ? handle_mm_fault+0x25b/0x850 [ 286.779627][ T28] ? syscall_enter_from_user_mode+0x26/0xb0 [ 286.785521][ T28] do_syscall_64+0x39/0xb0 [ 286.790017][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.795943][ T28] RIP: 0033:0x7f11a3f251da [ 286.800411][ T28] RSP: 002b:00007fff23cb1e88 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 286.808882][ T28] RAX: ffffffffffffffda RBX: 0000561537a926a0 RCX: 00007f11a3f251da [ 286.816856][ T28] RDX: 00007fff23cb1e98 RSI: 0000561537a807ed RDI: 00000000ffffff9c [ 286.824867][ T28] RBP: 0000561537dab838 R08: 00000000038e3d1d R09: 00007fff23dd7080 [ 286.832864][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.840867][ T28] R13: 0000000000000001 R14: 0000000000000000 R15: 00007fff23cb1e98 [ 286.848936][ T28] [ 286.851964][ T28] INFO: task syz-executor104:5071 blocked for more than 143 seconds. [ 286.860040][ T28] Not tainted 6.1.0-next-20221216-syzkaller #0 [ 286.866710][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.875454][ T28] task:syz-executor104 state:D stack:27552 pid:5071 ppid:5068 flags:0x00004000 [ 286.884702][ T28] Call Trace: [ 286.888012][ T28] [ 286.890946][ T28] __schedule+0x2544/0x53f0 [ 286.895457][ T28] ? lock_chain_count+0x20/0x20 [ 286.900332][ T28] ? find_held_lock+0x2d/0x110 [ 286.905094][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.910410][ T28] ? rwsem_down_read_slowpath+0x29f/0xb20 [ 286.916130][ T28] schedule+0xde/0x1b0 [ 286.920283][ T28] rwsem_down_read_slowpath+0x5a7/0xb20 [ 286.925827][ T28] ? down_write+0x220/0x220 [ 286.930363][ T28] ? lock_release+0x810/0x810 [ 286.935034][ T28] ? walk_component+0x332/0x5a0 [ 286.939957][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 286.945504][ T28] ? walk_component+0x332/0x5a0 [ 286.950384][ T28] ? lock_acquire+0x32/0xc0 [ 286.954882][ T28] ? walk_component+0x332/0x5a0 [ 286.959756][ T28] down_read+0xe6/0x450 [ 286.963909][ T28] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 286.969655][ T28] ? lookup_fast+0x14e/0x520 [ 286.974245][ T28] walk_component+0x332/0x5a0 [ 286.978941][ T28] link_path_walk.part.0+0x730/0xdf0 [ 286.984227][ T28] ? walk_component+0x5a0/0x5a0 [ 286.989102][ T28] ? percpu_counter_add_batch+0xc1/0x180 [ 286.994736][ T28] path_openat+0x25c/0x2a50 [ 286.999300][ T28] ? path_lookupat+0x840/0x840 [ 287.004077][ T28] do_filp_open+0x1ba/0x410 [ 287.008616][ T28] ? may_open_dev+0xf0/0xf0 [ 287.013115][ T28] ? find_held_lock+0x2d/0x110 [ 287.017907][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 287.022925][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 287.027896][ T28] ? _raw_spin_unlock+0x28/0x40 [ 287.032743][ T28] ? alloc_fd+0x2d8/0x6d0 [ 287.037077][ T28] do_sys_openat2+0x16d/0x4c0 [ 287.041784][ T28] ? build_open_flags+0x6f0/0x6f0 [ 287.046805][ T28] ? ptrace_notify+0xfe/0x140 [ 287.051525][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 287.056387][ T28] __x64_sys_openat+0x143/0x1f0 [ 287.061258][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 287.066188][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.071414][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.076605][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 287.081817][ T28] ? ptrace_notify+0xfe/0x140 [ 287.086489][ T28] do_syscall_64+0x39/0xb0 [ 287.090934][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.096820][ T28] RIP: 0033:0x7f93daa64338 [ 287.101245][ T28] RSP: 002b:00007ffddcf654f0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 287.109679][ T28] RAX: ffffffffffffffda RBX: 00007ffddcf65560 RCX: 00007f93daa64338 [ 287.117674][ T28] RDX: 0000000000090800 RSI: 00007f93daab6004 RDI: 00000000ffffff9c [ 287.125638][ T28] RBP: 00000000000013d0 R08: 0000000000090800 R09: 00007f93daab6004 [ 287.133633][ T28] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffddcf656e4 [ 287.141616][ T28] R13: 00007ffddcf656e4 R14: 0000000000000000 R15: 0000000000000000 [ 287.149631][ T28] [ 287.152650][ T28] INFO: task syz-executor104:5073 blocked for more than 144 seconds. [ 287.160719][ T28] Not tainted 6.1.0-next-20221216-syzkaller #0 [ 287.167378][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.176060][ T28] task:syz-executor104 state:D stack:26632 pid:5073 ppid:5071 flags:0x00004004 [ 287.185279][ T28] Call Trace: [ 287.188579][ T28] [ 287.191508][ T28] __schedule+0x2544/0x53f0 [ 287.196014][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.202011][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.208017][ T28] ? kasan_set_track+0x25/0x30 [ 287.212777][ T28] ? d_alloc+0x4e/0x240 [ 287.216925][ T28] ? d_alloc_parallel+0xe8/0x1410 [ 287.221969][ T28] ? read_lock_is_recursive+0x10/0x20 [ 287.227341][ T28] ? io_schedule_timeout+0x150/0x150 [ 287.232711][ T28] ? __mutex_lock+0xa43/0x1360 [ 287.237727][ T28] schedule+0xde/0x1b0 [ 287.241825][ T28] schedule_preempt_disabled+0x13/0x20 [ 287.247296][ T28] __mutex_lock+0xa48/0x1360 [ 287.251948][ T28] ? fuse_lock_inode+0xd2/0x110 [ 287.256829][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 287.262421][ T28] ? find_held_lock+0x2d/0x110 [ 287.267187][ T28] ? d_alloc_parallel+0x7b3/0x1410 [ 287.272329][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 287.277178][ T28] fuse_lock_inode+0xd2/0x110 [ 287.281914][ T28] fuse_lookup.part.0+0x86/0x390 [ 287.286860][ T28] ? fuse_lookup_name+0x620/0x620 [ 287.291969][ T28] ? d_alloc_parallel+0x694/0x1410 [ 287.297116][ T28] ? __d_lookup_rcu+0x4c0/0x4c0 [ 287.302011][ T28] ? lockdep_init_map_type+0x21e/0x800 [ 287.307475][ T28] ? lockdep_init_map_type+0x21e/0x800 [ 287.312970][ T28] fuse_lookup+0x74/0x90 [ 287.317214][ T28] __lookup_slow+0x24c/0x460 [ 287.321824][ T28] ? __lookup_hash+0x180/0x180 [ 287.326579][ T28] ? trace_lock_acquire+0x1d1/0x290 [ 287.331817][ T28] ? verify_cpu+0xc0/0x100 [ 287.336236][ T28] ? verify_cpu+0xc0/0x100 [ 287.340675][ T28] ? lookup_fast+0x14e/0x520 [ 287.345300][ T28] walk_component+0x33f/0x5a0 [ 287.350011][ T28] link_path_walk.part.0+0x730/0xdf0 [ 287.355298][ T28] ? walk_component+0x5a0/0x5a0 [ 287.360234][ T28] ? percpu_counter_add_batch+0xc1/0x180 [ 287.365870][ T28] path_openat+0x25c/0x2a50 [ 287.370419][ T28] ? path_lookupat+0x840/0x840 [ 287.375185][ T28] do_filp_open+0x1ba/0x410 [ 287.379708][ T28] ? may_open_dev+0xf0/0xf0 [ 287.384206][ T28] ? find_held_lock+0x2d/0x110 [ 287.389008][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 287.394024][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 287.398981][ T28] ? _raw_spin_unlock+0x28/0x40 [ 287.403823][ T28] ? alloc_fd+0x2d8/0x6d0 [ 287.408182][ T28] do_sys_openat2+0x16d/0x4c0 [ 287.412853][ T28] ? build_open_flags+0x6f0/0x6f0 [ 287.417905][ T28] ? ptrace_notify+0xfe/0x140 [ 287.422577][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 287.427424][ T28] __x64_sys_openat+0x143/0x1f0 [ 287.432302][ T28] ? __ia32_sys_open+0x1c0/0x1c0 [ 287.437229][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.442448][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.447719][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 287.452917][ T28] ? ptrace_notify+0xfe/0x140 [ 287.457612][ T28] do_syscall_64+0x39/0xb0 [ 287.462028][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.467947][ T28] RIP: 0033:0x7f93daa20f34 [ 287.472355][ T28] RSP: 002b:00007f93daa10e60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 287.480805][ T28] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f93daa20f34 [ 287.488802][ T28] RDX: 0000000000004000 RSI: 00007f93daa10ee0 RDI: 00000000ffffff9c [ 287.496767][ T28] RBP: 00007f93daa10ee0 R08: 0000000000000000 R09: 0000000000000000 [ 287.504754][ T28] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004000 [ 287.512752][ T28] R13: 0000000000000065 R14: 00007f93daab80a8 R15: 00007f93daaeb4c8 [ 287.520753][ T28] [ 287.523773][ T28] INFO: task syz-executor104:5075 blocked for more than 144 seconds. [ 287.531857][ T28] Not tainted 6.1.0-next-20221216-syzkaller #0 [ 287.538547][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.547201][ T28] task:syz-executor104 state:D stack:28792 pid:5075 ppid:5071 flags:0x00004004 [ 287.556429][ T28] Call Trace: [ 287.559717][ T28] [ 287.562644][ T28] __schedule+0x2544/0x53f0 [ 287.567149][ T28] ? lock_chain_count+0x20/0x20 [ 287.572025][ T28] ? save_trace+0x43/0xad0 [ 287.576443][ T28] ? find_held_lock+0x2d/0x110 [ 287.581229][ T28] ? io_schedule_timeout+0x150/0x150 [ 287.586513][ T28] ? rwsem_down_write_slowpath+0x5af/0x12e0 [ 287.592439][ T28] ? mark_held_locks+0x9f/0xe0 [ 287.597201][ T28] schedule+0xde/0x1b0 [ 287.601301][ T28] rwsem_down_write_slowpath+0x600/0x12e0 [ 287.607022][ T28] ? down_killable+0xa0/0xa0 [ 287.611636][ T28] ? lock_release+0x810/0x810 [ 287.616304][ T28] ? fuse_reverse_inval_entry+0x59/0x580 [ 287.621950][ T28] ? rcu_read_lock_sched_held+0x3e/0x70 [ 287.627491][ T28] ? fuse_reverse_inval_entry+0x59/0x580 [ 287.633236][ T28] ? lock_acquire+0x32/0xc0 [ 287.637925][ T28] ? fuse_reverse_inval_entry+0x59/0x580 [ 287.643553][ T28] down_write_nested+0x1ec/0x220 [ 287.648518][ T28] ? up_read+0x20/0x20 [ 287.652586][ T28] ? down_read+0x19c/0x450 [ 287.656995][ T28] fuse_reverse_inval_entry+0x59/0x580 [ 287.662485][ T28] fuse_dev_do_write+0x2384/0x2c00 [ 287.667624][ T28] ? find_held_lock+0x2d/0x110 [ 287.672397][ T28] ? fuse_dev_splice_read+0x700/0x700 [ 287.677828][ T28] ? aa_file_perm+0x592/0x1210 [ 287.682657][ T28] ? aa_path_link+0x2f0/0x2f0 [ 287.687333][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.693426][ T28] fuse_dev_write+0x154/0x1e0 [ 287.698199][ T28] ? fuse_dev_splice_write+0xa70/0xa70 [ 287.703676][ T28] ? security_file_permission+0xaf/0xd0 [ 287.709296][ T28] ? rw_verify_area+0xba/0x1b0 [ 287.714061][ T28] vfs_write+0xa45/0xe40 [ 287.718394][ T28] ? kernel_write+0x630/0x630 [ 287.723073][ T28] ? __fget_files+0x26a/0x440 [ 287.727772][ T28] ? __fget_light+0xe5/0x270 [ 287.732359][ T28] ksys_write+0x12b/0x250 [ 287.736682][ T28] ? __ia32_sys_read+0xb0/0xb0 [ 287.741465][ T28] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.746657][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 287.751970][ T28] ? ptrace_notify+0xfe/0x140 [ 287.756659][ T28] do_syscall_64+0x39/0xb0 [ 287.761105][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.766994][ T28] RIP: 0033:0x7f93daa64669 [ 287.771420][ T28] RSP: 002b:00007f93da9f02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 287.779852][ T28] RAX: ffffffffffffffda RBX: 00007f93daaeb4d0 RCX: 00007f93daa64669 [ 287.787835][ T28] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 287.795798][ T28] RBP: 00007f93daab8084 R08: 0000000000000000 R09: 0000000000000000 [ 287.803869][ T28] R10: 00007f93da9f0700 R11: 0000000000000246 R12: 0030656c69662f2e [ 287.811897][ T28] R13: 0000000000000003 R14: 00007f93daab80a8 R15: 00007f93daaeb4d8 [ 287.819916][ T28] [ 287.822933][ T28] [ 287.822933][ T28] Showing all locks held in the system: [ 287.830659][ T28] 1 lock held by rcu_tasks_kthre/12: [ 287.835930][ T28] #0: ffffffff8c791d70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.846427][ T28] 1 lock held by rcu_tasks_trace/13: [ 287.851717][ T28] #0: ffffffff8c791a70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.862706][ T28] 1 lock held by khungtaskd/28: [ 287.867584][ T28] #0: ffffffff8c7928c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x2c2 [ 287.877448][ T28] 2 locks held by kworker/u4:5/999: [ 287.882675][ T28] #0: ffff888012479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 [ 287.893744][ T28] #1: ffffc900051efda8 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 [ 287.905874][ T28] 1 lock held by syslogd/4415: [ 287.910644][ T28] #0: ffff888076a28150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.921027][ T28] 1 lock held by udevd/4433: [ 287.925604][ T28] #0: ffff888076a28150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.936018][ T28] 2 locks held by getty/4753: [ 287.940709][ T28] #0: ffff888027cc2098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 287.950544][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 287.960661][ T28] 1 lock held by syz-executor104/5071: [ 287.966105][ T28] #0: ffff888076a28150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.976496][ T28] 2 locks held by syz-executor104/5073: [ 287.982051][ T28] #0: ffff888076a28150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.992433][ T28] #1: ffff888076a285b8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xd2/0x110 [ 288.001609][ T28] 2 locks held by syz-executor104/5075: [ 288.007141][ T28] #0: ffff888021832b38 (&fc->killsb){.+.+}-{3:3}, at: fuse_dev_do_write+0x2361/0x2c00 [ 288.016825][ T28] #1: ffff888076a28150 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: fuse_reverse_inval_entry+0x59/0x580 [ 288.028166][ T28] 2 locks held by udevd/5074: [ 288.032831][ T28] #0: ffff888076a28150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 288.043386][ T28] #1: ffff888076a285b8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xd2/0x110 [ 288.052561][ T28] [ 288.054875][ T28] ============================================= [ 288.054875][ T28] [ 288.063300][ T28] NMI backtrace for cpu 0 [ 288.067614][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-next-20221216-syzkaller #0 [ 288.076539][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 288.086841][ T28] Call Trace: [ 288.090111][ T28] [ 288.093033][ T28] dump_stack_lvl+0xd1/0x138 [ 288.097620][ T28] nmi_cpu_backtrace.cold+0x24/0x18a [ 288.102903][ T28] nmi_trigger_cpumask_backtrace+0x32f/0x3c0 [ 288.108893][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 288.114083][ T28] watchdog+0xc75/0xfc0 [ 288.118276][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 288.124256][ T28] kthread+0x2e8/0x3a0 [ 288.128314][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 288.133939][ T28] ret_from_fork+0x1f/0x30 [ 288.138359][ T28] [ 288.141409][ T28] Sending NMI from CPU 0 to CPUs 1: [ 288.146624][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1fd/0x2a0 [ 288.147605][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 288.147616][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-next-20221216-syzkaller #0 [ 288.147638][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 288.147649][ T28] Call Trace: [ 288.147656][ T28] [ 288.147663][ T28] dump_stack_lvl+0xd1/0x138 [ 288.147692][ T28] panic+0x2cc/0x626 [ 288.147740][ T28] ? panic_print_sys_info.part.0+0x110/0x110 [ 288.147773][ T28] ? __irq_work_queue_local+0xd8/0x1b0 [ 288.147842][ T28] ? irq_work_queue+0x2d/0x80 [ 288.147868][ T28] ? watchdog.cold+0x130/0x158 [ 288.147905][ T28] watchdog.cold+0x141/0x158 [ 288.147933][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 288.147970][ T28] kthread+0x2e8/0x3a0 [ 288.147990][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 288.148016][ T28] ret_from_fork+0x1f/0x30 [ 288.148057][ T28] [ 288.156394][ T28] Kernel Offset: disabled [ 288.249408][ T28] Rebooting in 86400 seconds..