./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3123900844 <...> forked to background, child pid 4639 no interfaces have a carrier [ 29.671824][ T4640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.693678][ T4640] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.188' (ECDSA) to the list of known hosts. execve("./syz-executor3123900844", ["./syz-executor3123900844"], 0x7ffc8da791e0 /* 10 vars */) = 0 brk(NULL) = 0x5555564a2000 brk(0x5555564a2c40) = 0x5555564a2c40 arch_prctl(ARCH_SET_FS, 0x5555564a2300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3123900844", 4096) = 28 brk(0x5555564c3c40) = 0x5555564c3c40 brk(0x5555564c4000) = 0x5555564c4000 mprotect(0x7f321956c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555564a25d0) = 5066 ./strace-static-x86_64: Process 5066 attached [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] memfd_create("syzkaller", 0) = 3 [pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f32110b1000 [pid 5066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5066] munmap(0x7f32110b1000, 262144) = 0 [pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5066] close(3) = 0 [pid 5066] mkdir("./file0", 0777) = 0 [pid 5066] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_SILENT, ",errors=continue") = 0 [pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5066] chdir("./file0") = 0 [pid 5066] ioctl(4, LOOP_CLR_FD) = 0 [pid 5066] close(4) = 0 [pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY) = 4 [pid 5066] setxattr("./file0", "user.incfs.id", "\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x00", 32, 0) = 0 [pid 5066] mkdirat(4, "./file0", 000) = 0 [pid 5066] openat(4, ".", O_RDONLY) = 5 syzkaller login: [ 55.415729][ T5066] loop0: detected capacity change from 0 to 512 [ 55.419704][ T5067] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 55.440177][ T5066] EXT4-fs (loop0): 1 truncate cleaned up [ 55.445975][ T5066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5066] renameat2(5, "./file0", 5, "./bus", 0 [pid 5065] kill(-5066, SIGKILL) = 0 [pid 5065] kill(5066, SIGKILL) = 0 [pid 5065] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5065] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5065] getdents64(3, 0x5555564a3620 /* 2 entries */, 32768) = 48 [pid 5065] getdents64(3, 0x5555564a3620 /* 0 entries */, 32768) = 0 [pid 5065] close(3) = 0 [ 75.794737][ T22] cfg80211: failed to load regulatory.db [ 285.713148][ T28] INFO: task syz-executor312:5066 blocked for more than 143 seconds. [ 285.721628][ T28] Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 285.729628][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.738407][ T28] task:syz-executor312 state:D stack:25648 pid:5066 ppid:5065 flags:0x00004004 [ 285.747714][ T28] Call Trace: [ 285.751029][ T28] [ 285.753989][ T28] __schedule+0xb8a/0x5450 [ 285.758461][ T28] ? find_held_lock+0x2d/0x110 [ 285.763326][ T28] ? io_schedule_timeout+0x150/0x150 [ 285.768646][ T28] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 285.774483][ T28] schedule+0xde/0x1b0 [ 285.778574][ T28] io_schedule+0xbe/0x130 [ 285.782944][ T28] bit_wait_io+0x16/0xe0 [ 285.787208][ T28] __wait_on_bit_lock+0x11f/0x1a0 [ 285.792223][ T28] ? out_of_line_wait_on_bit_timeout+0x170/0x170 [ 285.798647][ T28] out_of_line_wait_on_bit_lock+0xd9/0x110 [ 285.804507][ T28] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 285.809699][ T28] ? sugov_start+0x580/0x580 [ 285.814335][ T28] __sync_dirty_buffer+0x30e/0x380 [ 285.819461][ T28] __ext4_handle_dirty_metadata+0x2b7/0x6f0 [ 285.825399][ T28] ext4_handle_dirty_dirblock+0x371/0x470 [ 285.831140][ T28] ? ext4_rename_dir_prepare+0x7b0/0x7b0 [ 285.836811][ T28] ? memcpy+0x3d/0x60 [ 285.840926][ T28] ? ext4_init_dot_dotdot+0x3d7/0x5a0 [ 285.846614][ T28] ext4_convert_inline_data_nolock+0xac1/0xf10 [ 285.853018][ T28] ? ext4_destroy_inline_data_nolock+0x580/0x580 [ 285.859391][ T28] ? down_write_killable+0x250/0x250 [ 285.864740][ T28] ? ext4_inode_attach_jinode+0x230/0x230 [ 285.870480][ T28] ? get_max_inline_xattr_value_size+0x114/0x560 [ 285.876928][ T28] ext4_try_add_inline_entry+0x473/0x8d0 [ 285.882593][ T28] ? ext4_set_context+0x5a0/0x5a0 [ 285.887681][ T28] ? ext4_da_write_inline_data_begin+0x1270/0x1270 [ 285.894253][ T28] ext4_add_entry+0x80d/0xe30 [ 285.898918][ T28] ? errseq_check+0x4f/0x80 [ 285.903514][ T28] ? make_indexed_dir+0x1080/0x1080 [ 285.908740][ T28] ? __ext4_journal_start_sb+0x231/0x860 [ 285.914574][ T28] ? ext4_rename+0x1544/0x2620 [ 285.919382][ T28] ext4_rename+0x1979/0x2620 [ 285.924117][ T28] ? ext4_empty_dir+0x9b0/0x9b0 [ 285.929002][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 285.933909][ T28] ? do_raw_spin_lock+0x124/0x2b0 [ 285.938956][ T28] ext4_rename2+0x1c7/0x270 [ 285.943541][ T28] ? ext4_rename+0x2620/0x2620 [ 285.948322][ T28] vfs_rename+0x1162/0x1a90 [ 285.952820][ T28] ? path_openat+0x2a50/0x2a50 [ 285.957623][ T28] ? do_raw_spin_unlock+0x175/0x230 [ 285.962835][ T28] ? _raw_spin_unlock+0x28/0x40 [ 285.967807][ T28] ? bpf_lsm_path_rename+0x9/0x10 [ 285.972864][ T28] ? security_path_rename+0x158/0x230 [ 285.978345][ T28] do_renameat2+0xb22/0xc30 [ 285.982866][ T28] ? __ia32_sys_link+0xa0/0xa0 [ 285.987777][ T28] ? __virt_addr_valid+0x61/0x2e0 [ 285.992795][ T28] ? __phys_addr_symbol+0x30/0x70 [ 285.997870][ T28] ? strncpy_from_user+0x28b/0x3c0 [ 286.003082][ T28] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.008288][ T28] __x64_sys_renameat2+0xe8/0x120 [ 286.013357][ T28] do_syscall_64+0x39/0xb0 [ 286.017795][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.023724][ T28] RIP: 0033:0x7f32194fe5e9 [ 286.028148][ T28] RSP: 002b:00007ffcc332ecf8 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 286.036600][ T28] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f32194fe5e9 [ 286.044810][ T28] RDX: 0000000000000005 RSI: 00000000200001c0 RDI: 0000000000000005 [ 286.052770][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001 [ 286.060780][ T28] R10: 0000000020000200 R11: 0000000000000246 R12: 00007ffcc332ed20 [ 286.068783][ T28] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 286.077147][ T28] [ 286.080212][ T28] [ 286.080212][ T28] Showing all locks held in the system: [ 286.088286][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.093634][ T28] #0: ffffffff8c790fb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.104195][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.109470][ T28] #0: ffffffff8c790cb0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.120467][ T28] 1 lock held by khungtaskd/28: [ 286.125349][ T28] #0: ffffffff8c791b00 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 [ 286.135293][ T28] 4 locks held by klogd/4416: [ 286.139979][ T28] #0: ffff8880b993b598 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 [ 286.149953][ T28] #1: ffff8880b99287c8 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: __wake_up_common_lock+0xb8/0x140 [ 286.161860][ T28] #2: ffff88807e4c0970 (&p->pi_lock){-.-.}-{2:2}, at: try_to_wake_up+0xb2/0x2080 [ 286.171411][ T28] #3: ffff8880b993b598 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2f/0x120 [ 286.181507][ T28] 2 locks held by getty/4749: [ 286.186226][ T28] #0: ffff888027d14098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.196756][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.206934][ T28] 3 locks held by syz-executor312/5066: [ 286.212492][ T28] #0: ffff88802b554460 (sb_writers#4){.+.+}-{0:0}, at: do_renameat2+0x37f/0xc30 [ 286.221816][ T28] #1: ffff8880761e5e48 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: lock_rename+0x229/0x280 [ 286.232270][ T28] #2: ffff8880761e5b10 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_add_inline_entry+0x10c/0x8d0 [ 286.242991][ T28] [ 286.245317][ T28] ============================================= [ 286.245317][ T28] [ 286.253760][ T28] NMI backtrace for cpu 0 [ 286.258211][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 286.268009][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 286.278046][ T28] Call Trace: [ 286.281305][ T28] [ 286.284219][ T28] dump_stack_lvl+0xd1/0x138 [ 286.288798][ T28] nmi_cpu_backtrace.cold+0x24/0x18a [ 286.294070][ T28] nmi_trigger_cpumask_backtrace+0x333/0x3c0 [ 286.300052][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.305235][ T28] watchdog+0xc75/0xfc0 [ 286.309554][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.315533][ T28] kthread+0x2e8/0x3a0 [ 286.319596][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.325221][ T28] ret_from_fork+0x1f/0x30 [ 286.329669][ T28] [ 286.332803][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.338073][ C1] NMI backtrace for cpu 1 [ 286.338082][ C1] CPU: 1 PID: 11 Comm: kworker/u4:1 Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 286.338097][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 286.338106][ C1] Workqueue: events_unbound toggle_allocation_gate [ 286.338131][ C1] RIP: 0010:__default_send_IPI_dest_field+0x32/0x130 [ 286.338155][ C1] Code: fc 55 53 89 d3 48 83 ec 08 83 fe 02 74 73 a0 60 f8 eb ff ff fb ff ff 84 c0 74 08 3c 03 0f 8e a8 00 00 00 8b 04 25 00 c3 5f ff <48> bd 60 f8 eb ff ff fb ff ff f6 c4 10 74 1e f3 90 0f b6 45 00 84 [ 286.338168][ C1] RSP: 0018:ffffc900001078a8 EFLAGS: 00000046 [ 286.338178][ C1] RAX: 00000000000008fb RBX: 0000000000000800 RCX: 0000000000000001 [ 286.338186][ C1] RDX: 0000000000000800 RSI: 00000000000000fb RDI: 0000000000000001 [ 286.338194][ C1] RBP: 1ffff92000020f1e R08: 0000000000000005 R09: 0000000000000001 [ 286.338202][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 286.338210][ C1] R13: ffffc90000107910 R14: 0000000000000002 R15: dffffc0000000000 [ 286.338223][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.338235][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.338244][ C1] CR2: 0000563a723b2680 CR3: 000000000c48e000 CR4: 0000000000350ee0 [ 286.338253][ C1] Call Trace: [ 286.338256][ C1] [ 286.338260][ C1] ? trace_hardirqs_off+0x12/0x170 [ 286.338275][ C1] _flat_send_IPI_mask+0x4e/0x60 [ 286.338293][ C1] send_call_function_single_ipi+0x1ed/0x3b0 [ 286.338313][ C1] ? sched_ttwu_pending+0x550/0x550 [ 286.338326][ C1] ? __bitmap_and+0x18c/0x210 [ 286.338350][ C1] ? _find_next_bit+0x11b/0x140 [ 286.338366][ C1] smp_call_function_many_cond+0xe64/0x10a0 [ 286.338388][ C1] ? optimize_nops+0x2d0/0x2d0 [ 286.338405][ C1] ? smp_call_on_cpu+0x250/0x250 [ 286.338422][ C1] ? perf_event_bpf_event+0x4d0/0x4d0 [ 286.338439][ C1] ? text_poke_memset+0x60/0x60 [ 286.338454][ C1] ? optimize_nops+0x2d0/0x2d0 [ 286.338469][ C1] on_each_cpu_cond_mask+0x5a/0xa0 [ 286.338486][ C1] ? __kmem_cache_alloc_node+0x132/0x430 [ 286.338500][ C1] text_poke_bp_batch+0x3f1/0x6b0 [ 286.338518][ C1] ? do_sync_core+0x30/0x30 [ 286.338534][ C1] ? __jump_label_update+0x296/0x410 [ 286.338556][ C1] text_poke_finish+0x1a/0x30 [ 286.338571][ C1] arch_jump_label_transform_apply+0x17/0x30 [ 286.338585][ C1] jump_label_update+0x32f/0x410 [ 286.338606][ C1] static_key_disable_cpuslocked+0x156/0x1b0 [ 286.338628][ C1] static_key_disable+0x1a/0x20 [ 286.338647][ C1] toggle_allocation_gate+0x143/0x230 [ 286.338670][ C1] ? wake_up_kfence_timer+0x30/0x30 [ 286.338692][ C1] process_one_work+0x9bf/0x1710 [ 286.338711][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.338727][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 286.338741][ C1] ? _raw_spin_lock_irq+0x45/0x50 [ 286.338760][ C1] worker_thread+0x669/0x1090 [ 286.338779][ C1] ? process_one_work+0x1710/0x1710 [ 286.338795][ C1] kthread+0x2e8/0x3a0 [ 286.338806][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 286.338820][ C1] ret_from_fork+0x1f/0x30 [ 286.338841][ C1] [ 286.339070][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.649560][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc5-syzkaller-00047-g7c46948a6e9c #0 [ 286.659356][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 286.669398][ T28] Call Trace: [ 286.672665][ T28] [ 286.675590][ T28] dump_stack_lvl+0xd1/0x138 [ 286.680185][ T28] panic+0x2cc/0x626 [ 286.684081][ T28] ? panic_print_sys_info.part.0+0x110/0x110 [ 286.690062][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 286.695434][ T28] ? watchdog.cold+0x130/0x158 [ 286.700198][ T28] watchdog.cold+0x141/0x158 [ 286.704785][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.710765][ T28] kthread+0x2e8/0x3a0 [ 286.714825][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.720474][ T28] ret_from_fork+0x1f/0x30 [ 286.724895][ T28] [ 286.728655][ T28] Kernel Offset: disabled [ 286.732978][ T28] Rebooting in 86400 seconds..