./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2030530689 <...> forked to background, child pid 3182 no interfaces have a carrier [ 23.067523][ T3183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 23.079443][ T3183] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.68' (ECDSA) to the list of known hosts. execve("./syz-executor2030530689", ["./syz-executor2030530689"], 0x7ffc6d73b9b0 /* 10 vars */) = 0 brk(NULL) = 0x55555650a000 brk(0x55555650ac40) = 0x55555650ac40 arch_prctl(ARCH_SET_FS, 0x55555650a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2030530689", 4096) = 28 brk(0x55555652bc40) = 0x55555652bc40 brk(0x55555652c000) = 0x55555652c000 mprotect(0x7f52b1812000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555650a5d0) = 3613 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3613 attached ./strace-static-x86_64: Process 3614 attached , child_tidptr=0x55555650a5d0) = 3614 [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3615 attached ./strace-static-x86_64: Process 3616 attached [pid 3613] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3612] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3615 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3614] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3616 ./strace-static-x86_64: Process 3618 attached ./strace-static-x86_64: Process 3617 attached [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3616] <... prctl resumed>) = 0 [pid 3616] setpgid(0, 0 [pid 3615] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3617 [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3616] <... setpgid resumed>) = 0 [pid 3613] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3618 ./strace-static-x86_64: Process 3619 attached [pid 3612] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3619 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3618] <... prctl resumed>) = 0 [pid 3617] <... prctl resumed>) = 0 [pid 3616] <... openat resumed>) = 3 [pid 3619] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3620 attached [pid 3618] setpgid(0, 0 [pid 3617] setpgid(0, 0 [pid 3616] write(3, "1000", 4 [pid 3612] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3620 [pid 3620] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3618] <... setpgid resumed>) = 0 [pid 3617] <... setpgid resumed>) = 0 [pid 3616] <... write resumed>) = 4 [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3616] close(3./strace-static-x86_64: Process 3622 attached [pid 3620] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3621 [pid 3618] <... openat resumed>) = 3 [pid 3616] <... close resumed>) = 0 [pid 3612] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3623 [pid 3619] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3622 [pid 3618] write(3, "1000", 4 [pid 3617] <... openat resumed>) = 3 [pid 3616] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC [pid 3618] <... write resumed>) = 4 [pid 3617] write(3, "1000", 4 [pid 3616] <... openat resumed>) = 3 [pid 3618] close(3 [pid 3617] <... write resumed>) = 4 [pid 3616] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146./strace-static-x86_64: Process 3621 attached [pid 3622] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3618] <... close resumed>) = 0 [pid 3617] close(3./strace-static-x86_64: Process 3623 attached [pid 3622] <... prctl resumed>) = 0 [pid 3621] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3618] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC [pid 3617] <... close resumed>) = 0 [pid 3622] setpgid(0, 0 [pid 3618] <... openat resumed>) = 3 [pid 3617] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC [pid 3622] <... setpgid resumed>) = 0 [pid 3621] <... prctl resumed>) = 0 [pid 3618] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3617] <... openat resumed>) = 3 [pid 3622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3621] setpgid(0, 0 [pid 3617] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3623] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3622] <... openat resumed>) = 3 [pid 3621] <... setpgid resumed>) = 0 [pid 3622] write(3, "1000", 4 [pid 3621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3623] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3624 [pid 3622] <... write resumed>) = 4 [pid 3621] <... openat resumed>) = 3 [pid 3622] close(3 [pid 3621] write(3, "1000", 4 [pid 3622] <... close resumed>) = 0 [pid 3621] <... write resumed>) = 4 [pid 3622] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC [pid 3621] close(3) = 0 [pid 3622] <... openat resumed>) = 3 [pid 3621] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC [pid 3622] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3621] <... openat resumed>) = 3 ./strace-static-x86_64: Process 3624 attached [pid 3621] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3624] setpgid(0, 0) = 0 [pid 3624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3624] write(3, "1000", 4) = 4 [pid 3624] close(3) = 0 [pid 3624] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC) = 3 [pid 3624] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3614] kill(-3616, SIGKILL [pid 3615] kill(-3617, SIGKILL) = 0 [pid 3615] kill(3617, SIGKILL) = 0 [pid 3613] kill(-3618, SIGKILL) = 0 [pid 3613] kill(3618, SIGKILL) = 0 [pid 3614] <... kill resumed>) = 0 [pid 3614] kill(3616, SIGKILL) = 0 [pid 3619] kill(-3622, SIGKILL [pid 3620] kill(-3621, SIGKILL) = 0 [pid 3619] <... kill resumed>) = 0 [pid 3620] kill(3621, SIGKILL [pid 3619] kill(3622, SIGKILL [pid 3620] <... kill resumed>) = 0 [pid 3619] <... kill resumed>) = 0 [pid 3623] kill(-3624, SIGKILL) = 0 [pid 3623] kill(3624, SIGKILL) = 0 [pid 3615] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3620] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3615] <... openat resumed>) = 3 [pid 3620] fstat(3, [pid 3615] fstat(3, [pid 3620] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3615] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3620] getdents64(3, [pid 3615] getdents64(3, [pid 3614] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3620] <... getdents64 resumed>0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3619] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3620] getdents64(3, [pid 3619] <... openat resumed>) = 3 [pid 3615] <... getdents64 resumed>0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3614] <... openat resumed>) = 3 [pid 3620] <... getdents64 resumed>0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3619] fstat(3, [pid 3615] getdents64(3, [pid 3620] close(3 [pid 3619] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3615] <... getdents64 resumed>0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3614] fstat(3, [pid 3620] <... close resumed>) = 0 [pid 3619] getdents64(3, [pid 3615] close(3 [pid 3614] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3619] <... getdents64 resumed>0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3615] <... close resumed>) = 0 [pid 3614] getdents64(3, [pid 3619] getdents64(3, [pid 3614] <... getdents64 resumed>0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3619] <... getdents64 resumed>0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3614] getdents64(3, [pid 3619] close(3 [pid 3614] <... getdents64 resumed>0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3619] <... close resumed>) = 0 [pid 3614] close(3) = 0 [pid 3623] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3623] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3623] getdents64(3, 0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3623] getdents64(3, 0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3623] close(3) = 0 [pid 3613] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3613] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3613] getdents64(3, 0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3613] getdents64(3, 0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3613] close(3) = 0 syzkaller login: [ 70.654869][ T27] cfg80211: failed to load regulatory.db [pid 3616] <... fallocate resumed>) = ? [pid 3616] +++ killed by SIGKILL +++ [pid 3614] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3616, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5016} --- [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3642 attached , child_tidptr=0x55555650a5d0) = 3642 [pid 3642] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3642] setpgid(0, 0) = 0 [pid 3642] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3642] write(3, "1000", 4) = 4 [pid 3642] close(3) = 0 [pid 3642] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC) = 3 [pid 3642] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3614] kill(-3642, SIGKILL) = 0 [pid 3614] kill(3642, SIGKILL) = 0 [pid 3614] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3614] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3614] getdents64(3, 0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3614] getdents64(3, 0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3614] close(3) = 0 [pid 3618] <... fallocate resumed>) = ? [pid 3618] +++ killed by SIGKILL +++ [pid 3613] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3618, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=4931} --- [pid 3613] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555650a5d0) = 3643 ./strace-static-x86_64: Process 3643 attached [pid 3643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3643] setpgid(0, 0) = 0 [pid 3643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3643] write(3, "1000", 4) = 4 [pid 3643] close(3) = 0 [pid 3643] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC) = 3 [pid 3643] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3613] kill(-3643, SIGKILL) = 0 [pid 3613] kill(3643, SIGKILL) = 0 [pid 3613] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3613] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3613] getdents64(3, 0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3613] getdents64(3, 0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3613] close(3) = 0 [pid 3617] <... fallocate resumed>) = ? [pid 3617] +++ killed by SIGKILL +++ [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3617, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=4964} --- [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3650 attached [pid 3650] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3615] <... clone resumed>, child_tidptr=0x55555650a5d0) = 3650 [pid 3650] <... prctl resumed>) = 0 [pid 3650] setpgid(0, 0) = 0 [pid 3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3650] write(3, "1000", 4) = 4 [pid 3650] close(3) = 0 [pid 3650] openat(AT_FDCWD, "/dev/nullb0", O_WRONLY|O_TRUNC|O_APPEND|O_NONBLOCK|O_SYNC) = 3 [pid 3650] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 18014398509482146 [pid 3615] kill(-3650, SIGKILL) = 0 [pid 3615] kill(3650, SIGKILL) = 0 [pid 3615] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3615] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3615] getdents64(3, 0x55555650b620 /* 2 entries */, 32768) = 48 [pid 3615] getdents64(3, 0x55555650b620 /* 0 entries */, 32768) = 0 [pid 3615] close(3) = 0 [ 285.684755][ T29] INFO: task syz-executor203:3621 blocked for more than 143 seconds. [ 285.693315][ T29] Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 285.701209][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.710507][ T29] task:syz-executor203 state:D stack:28160 pid: 3621 ppid: 3620 flags:0x00004004 [ 285.720264][ T29] Call Trace: [ 285.723658][ T29] [ 285.727124][ T29] __schedule+0xadf/0x52b0 [ 285.731899][ T29] ? io_schedule_timeout+0x140/0x140 [ 285.738073][ T29] ? mark_held_locks+0x9f/0xe0 [ 285.743219][ T29] schedule+0xda/0x1b0 [ 285.747696][ T29] rwsem_down_write_slowpath+0x59c/0x11e0 [ 285.753473][ T29] ? __down_timeout+0x10/0x10 [ 285.758514][ T29] ? lock_release+0x780/0x780 [ 285.763485][ T29] down_write+0x135/0x150 [ 285.769316][ T29] ? down_write_killable_nested+0x180/0x180 [ 285.775470][ T29] blkdev_fallocate+0x1e2/0x410 [ 285.780909][ T29] ? blkdev_writepage+0x30/0x30 [ 285.785914][ T29] vfs_fallocate+0x487/0xe00 [ 285.791442][ T29] __x64_sys_fallocate+0xcf/0x140 [ 285.796568][ T29] do_syscall_64+0x35/0xb0 [ 285.801005][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.807311][ T29] RIP: 0033:0x7f52b17a5e09 [ 285.811745][ T29] RSP: 002b:00007ffcd6d47ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 285.820749][ T29] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f52b17a5e09 [ 285.829374][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 285.837784][ T29] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 285.846316][ T29] R10: 00400000000000a2 R11: 0000000000000246 R12: 00007f52b17695e0 [ 285.854681][ T29] R13: 0000000000000000 R14: 00007ffcd6d47af0 R15: 00007ffcd6d47ae0 [ 285.863101][ T29] [ 285.866785][ T29] INFO: task syz-executor203:3624 blocked for more than 143 seconds. [ 285.874914][ T29] Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 285.882758][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.891943][ T29] task:syz-executor203 state:D stack:28160 pid: 3624 ppid: 3623 flags:0x00004004 [ 285.901651][ T29] Call Trace: [ 285.905474][ T29] [ 285.908731][ T29] __schedule+0xadf/0x52b0 [ 285.913495][ T29] ? rwsem_down_write_slowpath+0x4c0/0x11e0 [ 285.919823][ T29] ? io_schedule_timeout+0x140/0x140 [ 285.925635][ T29] ? mark_held_locks+0x9f/0xe0 [ 285.930446][ T29] schedule+0xda/0x1b0 [ 285.934869][ T29] rwsem_down_write_slowpath+0x59c/0x11e0 [ 285.940958][ T29] ? __down_timeout+0x10/0x10 [ 285.945997][ T29] ? lock_release+0x780/0x780 [ 285.951067][ T29] down_write+0x135/0x150 [ 285.956552][ T29] ? down_write_killable_nested+0x180/0x180 [ 285.963653][ T29] blkdev_fallocate+0x1e2/0x410 [ 285.968988][ T29] ? blkdev_writepage+0x30/0x30 [ 285.973881][ T29] vfs_fallocate+0x487/0xe00 [ 285.978536][ T29] __x64_sys_fallocate+0xcf/0x140 [ 285.983874][ T29] do_syscall_64+0x35/0xb0 [ 285.988680][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.995000][ T29] RIP: 0033:0x7f52b17a5e09 [ 285.999794][ T29] RSP: 002b:00007ffcd6d47ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.008710][ T29] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f52b17a5e09 [ 286.017036][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 286.025628][ T29] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.034442][ T29] R10: 00400000000000a2 R11: 0000000000000246 R12: 00007f52b17695e0 [ 286.042786][ T29] R13: 0000000000000000 R14: 00007ffcd6d47af0 R15: 00007ffcd6d47ae0 [ 286.051219][ T29] [ 286.054942][ T29] INFO: task syz-executor203:3642 blocked for more than 143 seconds. [ 286.063489][ T29] Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 286.071689][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.080839][ T29] task:syz-executor203 state:D stack:27176 pid: 3642 ppid: 3614 flags:0x00004004 [ 286.090668][ T29] Call Trace: [ 286.094478][ T29] [ 286.097481][ T29] __schedule+0xadf/0x52b0 [ 286.102213][ T29] ? io_schedule_timeout+0x140/0x140 [ 286.107894][ T29] ? mark_held_locks+0x9f/0xe0 [ 286.113008][ T29] schedule+0xda/0x1b0 [ 286.117678][ T29] rwsem_down_write_slowpath+0x59c/0x11e0 [ 286.124485][ T29] ? __down_timeout+0x10/0x10 [ 286.129775][ T29] ? lock_release+0x780/0x780 [ 286.134925][ T29] down_write+0x135/0x150 [ 286.139627][ T29] ? down_write_killable_nested+0x180/0x180 [ 286.145661][ T29] blkdev_fallocate+0x1e2/0x410 [ 286.150555][ T29] ? blkdev_writepage+0x30/0x30 [ 286.155469][ T29] vfs_fallocate+0x487/0xe00 [ 286.160402][ T29] __x64_sys_fallocate+0xcf/0x140 [ 286.165917][ T29] do_syscall_64+0x35/0xb0 [ 286.170699][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.177025][ T29] RIP: 0033:0x7f52b17a5e09 [ 286.181881][ T29] RSP: 002b:00007ffcd6d47ac8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.191073][ T29] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f52b17a5e09 [ 286.199601][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 286.208284][ T29] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.216635][ T29] R10: 00400000000000a2 R11: 0000000000000246 R12: 000000000000a710 [ 286.225062][ T29] R13: 00007ffcd6d47adc R14: 00007ffcd6d47af0 R15: 00007ffcd6d47ae0 [ 286.233505][ T29] [ 286.237097][ T29] [ 286.237097][ T29] Showing all locks held in the system: [ 286.245392][ T29] 1 lock held by rcu_tasks_kthre/13: [ 286.251311][ T29] #0: ffffffff8bf888b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.263087][ T29] 1 lock held by rcu_tasks_trace/14: [ 286.269169][ T29] #0: ffffffff8bf885b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.280735][ T29] 1 lock held by khungtaskd/29: [ 286.286024][ T29] #0: ffffffff8bf89400 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.296353][ T29] 2 locks held by getty/3289: [ 286.301501][ T29] #0: ffff88814ae8f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.312227][ T29] #1: ffffc90002d162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 286.322818][ T29] 1 lock held by syz-executor203/3621: [ 286.328933][ T29] #0: ffff888140c49ec0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.340032][ T29] 1 lock held by syz-executor203/3622: [ 286.345803][ T29] 1 lock held by syz-executor203/3624: [ 286.351666][ T29] #0: ffff888140c49ec0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.362882][ T29] 1 lock held by syz-executor203/3642: [ 286.368862][ T29] #0: ffff888140c49ec0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.380115][ T29] 1 lock held by syz-executor203/3643: [ 286.386047][ T29] #0: ffff888140c49ec0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.397028][ T29] 1 lock held by syz-executor203/3650: [ 286.402937][ T29] #0: ffff888140c49ec0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.419556][ T29] [ 286.422290][ T29] ============================================= [ 286.422290][ T29] [ 286.431376][ T29] NMI backtrace for cpu 1 [ 286.436084][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 286.445900][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.456210][ T29] Call Trace: [ 286.459477][ T29] [ 286.462392][ T29] dump_stack_lvl+0xcd/0x134 [ 286.466994][ T29] nmi_cpu_backtrace.cold+0x46/0x14f [ 286.472366][ T29] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.477570][ T29] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 286.483549][ T29] watchdog+0xc18/0xf50 [ 286.487721][ T29] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.493700][ T29] kthread+0x2e4/0x3a0 [ 286.497780][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.503427][ T29] ret_from_fork+0x1f/0x30 [ 286.507868][ T29] [ 286.511283][ T29] Sending NMI from CPU 1 to CPUs 0: [ 286.516584][ C0] NMI backtrace for cpu 0 [ 286.516595][ C0] CPU: 0 PID: 2959 Comm: klogd Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 286.516611][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 286.516619][ C0] RIP: 0010:__orc_find+0x6f/0xf0 [ 286.516642][ C0] Code: 72 4d 4c 89 e0 48 29 e8 48 89 c2 48 c1 e8 3f 48 c1 fa 02 48 01 d0 48 d1 f8 48 8d 5c 85 00 48 89 d8 48 c1 e8 03 42 0f b6 14 38 <48> 89 d8 83 e0 07 83 c0 03 38 d0 7c 04 84 d2 75 48 48 63 03 48 01 [ 286.516662][ C0] RSP: 0018:ffffc90002c6f408 EFLAGS: 00000213 [ 286.516674][ C0] RAX: 1ffffffff1c78c6e RBX: ffffffff8e3c6374 RCX: ffffffff874f4ecf [ 286.516683][ C0] RDX: 0000000000000000 RSI: ffffffff8ed55a5c RDI: ffffffff8e3c6364 [ 286.516692][ C0] RBP: ffffffff8e3c6364 R08: ffffffff8be023e0 R09: ffffc90002c6f4f4 [ 286.516700][ C0] R10: fffff5200058dea3 R11: 000000000008c07c R12: ffffffff8e3c6384 [ 286.516709][ C0] R13: ffffffff8e3c6364 R14: ffffffff8e3c6364 R15: dffffc0000000000 [ 286.516721][ C0] FS: 00007fe551287800(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 286.516733][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.516742][ C0] CR2: 000055f5810f07e8 CR3: 000000007ed65000 CR4: 0000000000350ef0 [ 286.516751][ C0] Call Trace: [ 286.516755][ C0] [ 286.516760][ C0] ? arch_stack_walk+0x5c/0xe0 [ 286.516773][ C0] ? __alloc_skb+0x20f/0x2f0 [ 286.516790][ C0] unwind_next_frame+0x2a3/0x1cc0 [ 286.516808][ C0] ? __alloc_skb+0x210/0x2f0 [ 286.516821][ C0] ? kernel_text_address+0xd/0x80 [ 286.516834][ C0] ? write_profile+0x4a0/0x4a0 [ 286.516852][ C0] arch_stack_walk+0x7d/0xe0 [ 286.516865][ C0] ? __alloc_skb+0x210/0x2f0 [ 286.516879][ C0] stack_trace_save+0x8c/0xc0 [ 286.516895][ C0] ? filter_irq_stacks+0x90/0x90 [ 286.516910][ C0] ? __lock_acquire+0x166e/0x56d0 [ 286.516926][ C0] save_stack+0x151/0x1e0 [ 286.516943][ C0] ? hugetlb_cgroup_migrate+0x1300/0x1300 [ 286.516959][ C0] ? free_pcp_prepare+0x5e4/0xd20 [ 286.516975][ C0] ? free_unref_page+0x19/0x4d0 [ 286.516989][ C0] ? __unfreeze_partials+0x17c/0x1a0 [ 286.517003][ C0] ? qlist_free_all+0x6a/0x170 [ 286.517018][ C0] ? kasan_quarantine_reduce+0x180/0x200 [ 286.517034][ C0] ? __kasan_slab_alloc+0xa2/0xc0 [ 286.517048][ C0] ? kmem_cache_alloc_node+0x2b1/0x3f0 [ 286.517061][ C0] ? __alloc_skb+0x210/0x2f0 [ 286.517074][ C0] ? cpuacct_all_seq_show+0x520/0x520 [ 286.517091][ C0] __reset_page_owner+0x59/0x170 [ 286.517108][ C0] free_pcp_prepare+0x5e4/0xd20 [ 286.517124][ C0] free_unref_page+0x19/0x4d0 [ 286.517140][ C0] __unfreeze_partials+0x17c/0x1a0 [ 286.517154][ C0] ? put_cpu_partial+0x171/0x210 [ 286.517167][ C0] ? lockdep_hardirqs_on+0x79/0x100 [ 286.517186][ C0] qlist_free_all+0x6a/0x170 [ 286.517203][ C0] kasan_quarantine_reduce+0x180/0x200 [ 286.517220][ C0] __kasan_slab_alloc+0xa2/0xc0 [ 286.517235][ C0] kmem_cache_alloc_node+0x2b1/0x3f0 [ 286.517250][ C0] __alloc_skb+0x210/0x2f0 [ 286.517264][ C0] alloc_skb_with_frags+0x93/0x6c0 [ 286.517279][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.517296][ C0] sock_alloc_send_pskb+0x7a3/0x930 [ 286.517312][ C0] ? task_cls_classid+0x370/0x370 [ 286.517324][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 286.517337][ C0] ? do_raw_spin_lock+0x120/0x2a0 [ 286.517351][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 286.517367][ C0] unix_dgram_sendmsg+0x415/0x1b50 [ 286.517388][ C0] ? aa_sk_perm+0x30f/0xaa0 [ 286.517405][ C0] ? unix_stream_sendpage+0xcc0/0xcc0 [ 286.517421][ C0] ? aa_af_perm+0x230/0x230 [ 286.517436][ C0] ? __lock_acquire+0x166e/0x56d0 [ 286.517450][ C0] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 286.517467][ C0] ? unix_stream_sendpage+0xcc0/0xcc0 [ 286.517483][ C0] sock_sendmsg+0xcf/0x120 [ 286.517497][ C0] __sys_sendto+0x236/0x340 [ 286.517511][ C0] ? __ia32_sys_getpeername+0xb0/0xb0 [ 286.517526][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.517544][ C0] ? __ct_user_exit+0xff/0x150 [ 286.517560][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 286.517574][ C0] ? lock_downgrade+0x6e0/0x6e0 [ 286.517592][ C0] __x64_sys_sendto+0xdd/0x1b0 [ 286.517606][ C0] ? syscall_enter_from_user_mode+0x22/0xb0 [ 286.517623][ C0] do_syscall_64+0x35/0xb0 [ 286.517637][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.517657][ C0] RIP: 0033:0x7fe5514230ac [ 286.517668][ C0] Code: 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 19 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 64 c3 0f 1f 00 55 48 83 ec 20 48 89 54 24 10 [ 286.517679][ C0] RSP: 002b:00007ffdaaa994c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 286.517692][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5514230ac [ 286.517700][ C0] RDX: 000000000000004d RSI: 0000563d50860ab0 RDI: 0000000000000003 [ 286.517708][ C0] RBP: 0000563d5085c910 R08: 0000000000000000 R09: 0000000000000000 [ 286.517716][ C0] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000014 [ 286.517724][ C0] R13: 0000000000000001 R14: 00007fe55159e77d R15: 00007ffdaaa995d8 [ 286.517737][ C0] [ 286.517742][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.159 msecs [ 286.520779][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 287.030103][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.0.0-rc7-syzkaller-00220-gffb4d94b4314 #0 [ 287.039965][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 287.050032][ T29] Call Trace: [ 287.053311][ T29] [ 287.056236][ T29] dump_stack_lvl+0xcd/0x134 [ 287.060934][ T29] panic+0x2c8/0x627 [ 287.064830][ T29] ? panic_print_sys_info.part.0+0x10b/0x10b [ 287.070817][ T29] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.076048][ T29] ? preempt_schedule_thunk+0x16/0x18 [ 287.081453][ T29] ? watchdog.cold+0x130/0x158 [ 287.086231][ T29] watchdog.cold+0x141/0x158 [ 287.090822][ T29] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.096893][ T29] kthread+0x2e4/0x3a0 [ 287.101054][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.106779][ T29] ret_from_fork+0x1f/0x30 [ 287.111239][ T29] [ 287.115141][ T29] Kernel Offset: disabled [ 287.119642][ T29] Rebooting in 86400 seconds..