./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1509169319 <...> Warning: Permanently added '10.128.0.172' (ED25519) to the list of known hosts. execve("./syz-executor1509169319", ["./syz-executor1509169319"], 0x7fffd68b7310 /* 10 vars */) = 0 brk(NULL) = 0x555556fb0000 brk(0x555556fb0d00) = 0x555556fb0d00 arch_prctl(ARCH_SET_FS, 0x555556fb0380) = 0 set_tid_address(0x555556fb0650) = 5041 set_robust_list(0x555556fb0660, 24) = 0 rseq(0x555556fb0ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1509169319", 4096) = 28 getrandom("\xaa\x70\x6c\x44\x8b\x74\xc6\xe8", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556fb0d00 brk(0x555556fd1d00) = 0x555556fd1d00 brk(0x555556fd2000) = 0x555556fd2000 mprotect(0x7ffbf8109000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fb0650) = 5042 ./strace-static-x86_64: Process 5042 attached [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5042] set_robust_list(0x555556fb0660, 24) = 0 [pid 5042] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5043 attached [pid 5041] <... clone resumed>, child_tidptr=0x555556fb0650) = 5043 [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5044 attached [pid 5043] set_robust_list(0x555556fb0660, 24) = 0 [pid 5042] <... clone resumed>, child_tidptr=0x555556fb0650) = 5044 [pid 5043] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5044] set_robust_list(0x555556fb0660, 24./strace-static-x86_64: Process 5045 attached ) = 0 [pid 5045] set_robust_list(0x555556fb0660, 24 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5045] <... set_robust_list resumed>) = 0 [pid 5044] <... prctl resumed>) = 0 [pid 5043] <... clone resumed>, child_tidptr=0x555556fb0650) = 5045 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5044] setpgid(0, 0) = 0 [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5046 attached [pid 5041] <... clone resumed>, child_tidptr=0x555556fb0650) = 5046 [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5046] set_robust_list(0x555556fb0660, 24 [pid 5044] <... openat resumed>) = 3 [pid 5044] write(3, "1000", 4) = 4 [pid 5044] close(3 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5044] <... close resumed>) = 0 [pid 5046] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5044] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC) = 3 [pid 5044] ioctl(3, BLKZEROOUT, [0, 137438955520]./strace-static-x86_64: Process 5048 attached ./strace-static-x86_64: Process 5047 attached [pid 5045] <... prctl resumed>) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556fb0650) = 5047 [pid 5048] set_robust_list(0x555556fb0660, 24 [pid 5047] set_robust_list(0x555556fb0660, 24 [pid 5046] <... clone resumed>, child_tidptr=0x555556fb0650) = 5048 [pid 5045] setpgid(0, 0 [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5048] <... set_robust_list resumed>) = 0 [pid 5047] <... set_robust_list resumed>) = 0 [pid 5047] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5045] <... setpgid resumed>) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5045] <... openat resumed>) = 3 [pid 5048] <... prctl resumed>) = 0 [pid 5045] write(3, "1000", 4) = 4 [pid 5048] setpgid(0, 0 [pid 5045] close(3) = 0 ./strace-static-x86_64: Process 5049 attached [pid 5048] <... setpgid resumed>) = 0 [pid 5045] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC [pid 5049] set_robust_list(0x555556fb0660, 24 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5045] <... openat resumed>) = 3 [pid 5041] <... clone resumed>, child_tidptr=0x555556fb0650) = 5049 [pid 5049] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5050 attached [pid 5048] <... openat resumed>) = 3 [pid 5047] <... clone resumed>, child_tidptr=0x555556fb0650) = 5050 [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5050] set_robust_list(0x555556fb0660, 24 [pid 5049] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5050] <... set_robust_list resumed>) = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5051 attached [pid 5048] write(3, "1000", 4 [pid 5045] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5051] set_robust_list(0x555556fb0660, 24 [pid 5049] <... clone resumed>, child_tidptr=0x555556fb0650) = 5051 [pid 5048] <... write resumed>) = 4 [pid 5051] <... set_robust_list resumed>) = 0 [pid 5048] close(3 [pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5048] <... close resumed>) = 0 [pid 5051] <... prctl resumed>) = 0 [pid 5051] setpgid(0, 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5051] <... setpgid resumed>) = 0 [pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5050] <... openat resumed>) = 3 [pid 5051] <... openat resumed>) = 3 [pid 5048] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC./strace-static-x86_64: Process 5052 attached [pid 5051] write(3, "1000", 4 [pid 5048] <... openat resumed>) = 3 [pid 5050] write(3, "1000", 4 [pid 5051] <... write resumed>) = 4 [pid 5052] set_robust_list(0x555556fb0660, 24 [pid 5051] close(3 [pid 5050] <... write resumed>) = 4 [pid 5041] <... clone resumed>, child_tidptr=0x555556fb0650) = 5052 [pid 5051] <... close resumed>) = 0 [pid 5050] close(3 [pid 5048] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5052] <... set_robust_list resumed>) = 0 [pid 5051] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC [pid 5050] <... close resumed>) = 0 [pid 5052] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5051] <... openat resumed>) = 3 [pid 5050] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC [pid 5051] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5050] <... openat resumed>) = 3 [pid 5050] ioctl(3, BLKZEROOUT, [0, 137438955520]./strace-static-x86_64: Process 5053 attached [pid 5052] <... clone resumed>, child_tidptr=0x555556fb0650) = 5053 [pid 5053] set_robust_list(0x555556fb0660, 24) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC) = 3 [ 102.449316][ T23] cfg80211: failed to load regulatory.db [pid 5053] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5042] kill(-5044, SIGKILL) = 0 [pid 5042] kill(5044, SIGKILL) = 0 [pid 5043] kill(-5045, SIGKILL) = 0 [pid 5043] kill(5045, SIGKILL) = 0 [pid 5046] kill(-5048, SIGKILL) = 0 [pid 5046] kill(5048, SIGKILL) = 0 [pid 5047] kill(-5050, SIGKILL) = 0 [pid 5047] kill(5050, SIGKILL) = 0 [pid 5049] kill(-5051, SIGKILL) = 0 [pid 5049] kill(5051, SIGKILL) = 0 [pid 5052] kill(-5053, SIGKILL) = 0 [pid 5052] kill(5053, SIGKILL) = 0 [pid 5043] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5042] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5042] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5042] getdents64(3, [pid 5043] <... openat resumed>) = 3 [pid 5042] <... getdents64 resumed>0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5043] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5042] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5042] close(3) = 0 [pid 5043] getdents64(3, 0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5047] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5043] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5047] <... openat resumed>) = 3 [pid 5043] close(3) = 0 [pid 5047] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5047] getdents64(3, 0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5047] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5047] close(3) = 0 [pid 5049] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5049] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5046] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5049] getdents64(3, [pid 5046] <... openat resumed>) = 3 [pid 5046] newfstatat(3, "", [pid 5049] <... getdents64 resumed>0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5046] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5049] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5049] close(3 [pid 5046] getdents64(3, [pid 5049] <... close resumed>) = 0 [pid 5046] <... getdents64 resumed>0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5046] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5046] close(3) = 0 [pid 5052] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5052] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5052] getdents64(3, 0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5052] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5052] close(3) = 0 [pid 5044] <... ioctl resumed>) = ? [pid 5044] +++ killed by SIGKILL +++ [pid 5042] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5044, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=6152 /* 61.52 s */} --- [pid 5042] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached , child_tidptr=0x555556fb0650) = 5071 [pid 5071] set_robust_list(0x555556fb0660, 24) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC) = 3 [pid 5071] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5042] kill(-5071, SIGKILL) = 0 [pid 5042] kill(5071, SIGKILL) = 0 [pid 5042] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5042] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5042] getdents64(3, 0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5042] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5042] close(3) = 0 [pid 5045] <... ioctl resumed>) = ? [pid 5045] +++ killed by SIGKILL +++ [pid 5043] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5045, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5983 /* 59.83 s */} --- [pid 5043] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached , child_tidptr=0x555556fb0650) = 5072 [pid 5072] set_robust_list(0x555556fb0660, 24) = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME|O_CLOEXEC) = 3 [pid 5072] ioctl(3, BLKZEROOUT, [0, 137438955520] [pid 5043] kill(-5072, SIGKILL) = 0 [pid 5043] kill(5072, SIGKILL) = 0 [pid 5043] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5043] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5043] getdents64(3, 0x555556fb16f0 /* 2 entries */, 32768) = 48 [pid 5043] getdents64(3, 0x555556fb16f0 /* 0 entries */, 32768) = 0 [pid 5043] close(3) = 0 [ 286.776433][ T29] INFO: task syz-executor150:5050 blocked for more than 143 seconds. [ 286.784750][ T29] Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 286.804310][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.813718][ T29] task:syz-executor150 state:D stack:28160 pid:5050 ppid:5047 flags:0x00004006 [ 286.823119][ T29] Call Trace: [ 286.826550][ T29] [ 286.830053][ T29] __schedule+0xee1/0x5a10 [ 286.835228][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.841963][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 286.848423][ T29] ? io_schedule_timeout+0x150/0x150 [ 286.853822][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 286.860463][ T29] schedule+0xe7/0x1b0 [ 286.865105][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.871323][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 286.877208][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.883293][ T29] ? down_timeout+0x90/0x90 [ 286.888002][ T29] ? preempt_count_sub+0x150/0x150 [ 286.893640][ T29] down_write+0x1d3/0x200 [ 286.898123][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 286.904180][ T29] ? _copy_from_user+0x5d/0xf0 [ 286.909190][ T29] blkdev_common_ioctl+0x10ee/0x1ce0 [ 286.915120][ T29] ? blkdev_pr_preempt+0x2f0/0x2f0 [ 286.920912][ T29] ? find_held_lock+0x2d/0x110 [ 286.926339][ T29] blkdev_ioctl+0x249/0x770 [ 286.931444][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 286.937591][ T29] ? bpf_lsm_file_ioctl+0x9/0x10 [ 286.943287][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 286.949445][ T29] __x64_sys_ioctl+0x18f/0x210 [ 286.954821][ T29] do_syscall_64+0x38/0xb0 [ 286.959461][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.965512][ T29] RIP: 0033:0x7ffbf8096ae9 [ 286.970081][ T29] RSP: 002b:00007ffc86b0d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.978596][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbf8096ae9 [ 286.986715][ T29] RDX: 0000000020000040 RSI: 000000000000127f RDI: 0000000000000003 [ 286.994749][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.003354][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.011974][ T29] R13: 00007ffc86b0d9c8 R14: 00007ffc86b0d7d0 R15: 00007ffc86b0d7c0 [ 287.020641][ T29] [ 287.023781][ T29] INFO: task syz-executor150:5051 blocked for more than 143 seconds. [ 287.032560][ T29] Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 287.041100][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.050493][ T29] task:syz-executor150 state:D stack:28160 pid:5051 ppid:5049 flags:0x00004006 [ 287.060437][ T29] Call Trace: [ 287.064224][ T29] [ 287.067283][ T29] __schedule+0xee1/0x5a10 [ 287.071786][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.077917][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 287.083551][ T29] ? io_schedule_timeout+0x150/0x150 [ 287.089011][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 287.094985][ T29] schedule+0xe7/0x1b0 [ 287.099225][ T29] schedule_preempt_disabled+0x13/0x20 [ 287.105249][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 287.111186][ T29] ? down_timeout+0x90/0x90 [ 287.115744][ T29] ? lock_acquire+0x1ef/0x510 [ 287.121161][ T29] ? preempt_count_sub+0x150/0x150 [ 287.126955][ T29] down_write+0x1d3/0x200 [ 287.131827][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 287.138470][ T29] ? _copy_from_user+0x5d/0xf0 [ 287.143317][ T29] blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.149263][ T29] ? blkdev_pr_preempt+0x2f0/0x2f0 [ 287.154949][ T29] ? find_held_lock+0x2d/0x110 [ 287.160430][ T29] blkdev_ioctl+0x249/0x770 [ 287.165018][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 287.170653][ T29] ? bpf_lsm_file_ioctl+0x9/0x10 [ 287.175663][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 287.181333][ T29] __x64_sys_ioctl+0x18f/0x210 [ 287.186203][ T29] do_syscall_64+0x38/0xb0 [ 287.190696][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.197258][ T29] RIP: 0033:0x7ffbf8096ae9 [ 287.202222][ T29] RSP: 002b:00007ffc86b0d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.211245][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbf8096ae9 [ 287.219867][ T29] RDX: 0000000020000040 RSI: 000000000000127f RDI: 0000000000000003 [ 287.228570][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.237232][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.245394][ T29] R13: 00007ffc86b0d9c8 R14: 00007ffc86b0d7d0 R15: 00007ffc86b0d7c0 [ 287.253582][ T29] [ 287.256781][ T29] INFO: task syz-executor150:5053 blocked for more than 143 seconds. [ 287.264887][ T29] Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 287.272605][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.281457][ T29] task:syz-executor150 state:D stack:28160 pid:5053 ppid:5052 flags:0x00004006 [ 287.291240][ T29] Call Trace: [ 287.295001][ T29] [ 287.298951][ T29] __schedule+0xee1/0x5a10 [ 287.303900][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.310917][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 287.317254][ T29] ? io_schedule_timeout+0x150/0x150 [ 287.323084][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 287.329169][ T29] schedule+0xe7/0x1b0 [ 287.335166][ T29] schedule_preempt_disabled+0x13/0x20 [ 287.345739][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 287.354850][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.361497][ T29] ? down_timeout+0x90/0x90 [ 287.366544][ T29] ? preempt_count_sub+0x150/0x150 [ 287.371771][ T29] down_write+0x1d3/0x200 [ 287.376452][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 287.382515][ T29] ? _copy_from_user+0x5d/0xf0 [ 287.387464][ T29] blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.392836][ T29] ? blkdev_pr_preempt+0x2f0/0x2f0 [ 287.398529][ T29] ? find_held_lock+0x2d/0x110 [ 287.403834][ T29] blkdev_ioctl+0x249/0x770 [ 287.409052][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 287.415041][ T29] ? bpf_lsm_file_ioctl+0x9/0x10 [ 287.420636][ T29] ? blkdev_common_ioctl+0x1ce0/0x1ce0 [ 287.426306][ T29] __x64_sys_ioctl+0x18f/0x210 [ 287.431158][ T29] do_syscall_64+0x38/0xb0 [ 287.436779][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.442776][ T29] RIP: 0033:0x7ffbf8096ae9 [ 287.447703][ T29] RSP: 002b:00007ffc86b0d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.456699][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbf8096ae9 [ 287.465839][ T29] RDX: 0000000020000040 RSI: 000000000000127f RDI: 0000000000000003 [ 287.474482][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.483376][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.492071][ T29] R13: 00007ffc86b0d9c8 R14: 00007ffc86b0d7d0 R15: 00007ffc86b0d7c0 [ 287.500220][ T29] [ 287.503328][ T29] [ 287.503328][ T29] Showing all locks held in the system: [ 287.512469][ T29] 1 lock held by khungtaskd/29: [ 287.517521][ T29] #0: ffffffff8cbab2e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 287.527882][ T29] 2 locks held by getty/4795: [ 287.533058][ T29] #0: ffff8880261960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 287.543502][ T29] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc5/0x1480 [ 287.553825][ T29] 1 lock held by syz-executor150/5048: [ 287.559470][ T29] 1 lock held by syz-executor150/5050: [ 287.564986][ T29] #0: ffff88814888abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.586522][ T29] 1 lock held by syz-executor150/5051: [ 287.592465][ T29] #0: ffff88814888abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.604731][ T29] 1 lock held by syz-executor150/5053: [ 287.611078][ T29] #0: ffff88814888abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.622495][ T29] 1 lock held by syz-executor150/5071: [ 287.628083][ T29] #0: ffff88814888abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.640660][ T29] 1 lock held by syz-executor150/5072: [ 287.646257][ T29] #0: ffff88814888abc0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_common_ioctl+0x10ee/0x1ce0 [ 287.658003][ T29] [ 287.660819][ T29] ============================================= [ 287.660819][ T29] [ 287.669896][ T29] NMI backtrace for cpu 1 [ 287.674267][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 287.684275][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 287.694348][ T29] Call Trace: [ 287.697670][ T29] [ 287.700627][ T29] dump_stack_lvl+0xd9/0x1b0 [ 287.705335][ T29] nmi_cpu_backtrace+0x277/0x380 [ 287.710315][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.715608][ T29] nmi_trigger_cpumask_backtrace+0x299/0x300 [ 287.721626][ T29] watchdog+0xf87/0x1210 [ 287.725905][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.731991][ T29] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.737220][ T29] ? __kthread_parkme+0x14b/0x220 [ 287.742302][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.748308][ T29] kthread+0x33c/0x440 [ 287.752397][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.757691][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.763344][ T29] ret_from_fork+0x45/0x80 [ 287.767801][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.773469][ T29] ret_from_fork_asm+0x11/0x20 [ 287.778306][ T29] [ 287.781463][ T29] Sending NMI from CPU 1 to CPUs 0: [ 287.786768][ C0] NMI backtrace for cpu 0 [ 287.786780][ C0] CPU: 0 PID: 42 Comm: kworker/u4:2 Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 287.786806][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 287.786821][ C0] Workqueue: events_unbound toggle_allocation_gate [ 287.786884][ C0] RIP: 0010:x2apic_send_IPI+0x97/0xe0 [ 287.786911][ C0] Code: b7 13 0f ae f0 0f ae e8 b9 00 04 00 00 41 83 fc 02 44 89 e0 48 0f 44 c1 48 c1 e2 20 b9 30 08 00 00 48 09 d0 48 c1 ea 20 0f 30 <66> 90 5b 5d 41 5c c3 5b 31 d2 48 89 c6 bf 30 08 00 00 5d 41 5c e9 [ 287.786935][ C0] RSP: 0018:ffffc90000b2f900 EFLAGS: 00000202 [ 287.786952][ C0] RAX: 00000001000000fb RBX: ffff8880b9921a0c RCX: 0000000000000830 [ 287.786968][ C0] RDX: 0000000000000001 RSI: 00000000000000fb RDI: ffffffff8c5c5a48 [ 287.786983][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 287.786997][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 00000000000000fb [ 287.787012][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b983d8d0 [ 287.787027][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.787051][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.787067][ C0] CR2: 000055a999c70600 CR3: 000000000c976000 CR4: 00000000003506f0 [ 287.787083][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.787097][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.787112][ C0] Call Trace: [ 287.787119][ C0] [ 287.787127][ C0] ? show_regs+0x8f/0xa0 [ 287.787156][ C0] ? nmi_cpu_backtrace+0x1d4/0x380 [ 287.787189][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.787224][ C0] ? nmi_handle+0x1a6/0x570 [ 287.787255][ C0] ? x2apic_send_IPI+0x97/0xe0 [ 287.787278][ C0] ? default_do_nmi+0x69/0x160 [ 287.787317][ C0] ? exc_nmi+0x171/0x1e0 [ 287.787353][ C0] ? end_repeat_nmi+0x16/0x31 [ 287.787399][ C0] ? x2apic_send_IPI+0x97/0xe0 [ 287.787422][ C0] ? x2apic_send_IPI+0x97/0xe0 [ 287.787445][ C0] ? x2apic_send_IPI+0x97/0xe0 [ 287.787468][ C0] [ 287.787474][ C0] [ 287.787482][ C0] ? on_each_cpu_cond_mask+0x40/0x90 [ 287.787518][ C0] smp_call_function_many_cond+0x12df/0x1570 [ 287.787558][ C0] ? __text_poke+0xc90/0xc90 [ 287.787580][ C0] ? __kmem_cache_alloc_node+0xc3/0x340 [ 287.787623][ C0] ? generic_smp_call_function_single_interrupt+0x20/0x20 [ 287.787666][ C0] ? apply_relocation+0x830/0x830 [ 287.787690][ C0] ? __text_poke+0xc90/0xc90 [ 287.787712][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 287.787755][ C0] ? __kmem_cache_alloc_node+0xc3/0x340 [ 287.787794][ C0] text_poke_bp_batch+0x746/0x960 [ 287.787820][ C0] ? __kmem_cache_alloc_node+0xc4/0x340 [ 287.787862][ C0] ? do_sync_core+0x40/0x40 [ 287.787882][ C0] ? __jump_label_patch+0x1db/0x3f0 [ 287.787916][ C0] ? text_poke_queue+0xef/0x180 [ 287.787946][ C0] ? arch_jump_label_transform_queue+0xc0/0x110 [ 287.787987][ C0] text_poke_finish+0x30/0x40 [ 287.788011][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 287.788048][ C0] jump_label_update+0x32e/0x410 [ 287.788088][ C0] static_key_enable_cpuslocked+0x1b5/0x270 [ 287.788128][ C0] static_key_enable+0x1a/0x20 [ 287.788164][ C0] toggle_allocation_gate+0xf4/0x250 [ 287.788197][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 287.788236][ C0] process_one_work+0x884/0x15c0 [ 287.788273][ C0] ? lock_sync+0x190/0x190 [ 287.788306][ C0] ? init_worker_pool+0x770/0x770 [ 287.788341][ C0] ? assign_work+0x1a0/0x240 [ 287.788370][ C0] worker_thread+0x8b9/0x1290 [ 287.788406][ C0] ? __kthread_parkme+0x14b/0x220 [ 287.788431][ C0] ? process_one_work+0x15c0/0x15c0 [ 287.788461][ C0] kthread+0x33c/0x440 [ 287.788486][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.788516][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.788545][ C0] ret_from_fork+0x45/0x80 [ 287.788572][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.788600][ C0] ret_from_fork_asm+0x11/0x20 [ 287.788644][ C0] [ 287.788652][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.885 msecs [ 287.788790][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 288.193774][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.0-rc7-syzkaller-00151-g56567a20b22b #0 [ 288.203601][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 288.213673][ T29] Call Trace: [ 288.217061][ T29] [ 288.220021][ T29] dump_stack_lvl+0xd9/0x1b0 [ 288.224654][ T29] panic+0x6a6/0x750 [ 288.228585][ T29] ? panic_smp_self_stop+0xa0/0xa0 [ 288.233736][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 288.238994][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 288.244407][ T29] ? watchdog+0xd3e/0x1210 [ 288.248856][ T29] watchdog+0xd4f/0x1210 [ 288.253130][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 288.259133][ T29] ? lockdep_hardirqs_on+0x7d/0x100 [ 288.264365][ T29] ? __kthread_parkme+0x14b/0x220 [ 288.269447][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 288.275454][ T29] kthread+0x33c/0x440 [ 288.279551][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 288.284782][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 288.290444][ T29] ret_from_fork+0x45/0x80 [ 288.294888][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 288.300552][ T29] ret_from_fork_asm+0x11/0x20 [ 288.305369][ T29] [ 288.308609][ T29] Kernel Offset: disabled [ 288.312945][ T29] Rebooting in 86400 seconds..