./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1203103026 <...> DUID 00:04:ab:21:30:2a:f6:ad:63:06:1d:ce:9a:68:94:64:4e:95 forked to background, child pid 4668 [ 21.073664][ T4669] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.084422][ T4669] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.153' (ECDSA) to the list of known hosts. execve("./syz-executor1203103026", ["./syz-executor1203103026"], 0x7ffcae651730 /* 10 vars */) = 0 brk(NULL) = 0x555556a71000 brk(0x555556a71c40) = 0x555556a71c40 arch_prctl(ARCH_SET_FS, 0x555556a71300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1203103026", 4096) = 28 brk(0x555556a92c40) = 0x555556a92c40 brk(0x555556a93000) = 0x555556a93000 mprotect(0x7f2d0ef5f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a715d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5001] setpgid(0, 0) = 0 [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5001] write(3, "1000", 4) = 4 [pid 5001] close(3) = 0 [pid 5001] memfd_create("syzkaller", 0) = 3 [pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d06a99000 syzkaller login: [ 40.708767][ T5001] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5001 'syz-executor120' [pid 5001] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00"..., 33554432) = 33554432 [pid 5001] munmap(0x7f2d06a99000, 33554432) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5001] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5001] close(3) = 0 [pid 5001] mkdir("./file0", 0777) = 0 [ 40.892634][ T5001] loop0: detected capacity change from 0 to 65536 [ 40.901678][ T5001] XFS: noikeep mount option is deprecated. [ 40.907547][ T5001] XFS: ikeep mount option is deprecated. [ 40.913172][ T5001] XFS: attr2 mount option is deprecated. [ 40.922513][ T5001] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030. [ 40.932575][ T5001] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 40.940948][ T5001] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261 [ 40.950383][ T5001] XFS (loop0): Log size 256 blocks too small, minimum size is 2880 blocks [ 40.958978][ T5001] XFS (loop0): Log size out of supported range. [ 40.965212][ T5001] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. [pid 5001] mount("/dev/loop0", "./file0", "xfs", 0, "noikeep,grpquota,usrquota,ikeep,grpquota,attr2,dax,noquota,largeio,,nouuid") = 0 [pid 5001] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5001] chdir("./file0") = 0 [pid 5001] ioctl(4, LOOP_CLR_FD) = 0 [pid 5001] close(4) = 0 [ 41.001452][ T5001] XFS (loop0): Starting recovery (logdev: internal) [ 41.012278][ T5001] XFS (loop0): Ending recovery (logdev: internal) [ 41.019089][ T5001] xfs filesystem being mounted at /root/file0 supports timestamps until 2038-01-19 (0x7fffffff) [pid 5001] openat(AT_FDCWD, "cpuacct.usage_sys", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4999] kill(-5001, SIGKILL) = 0 [pid 4999] kill(5001, SIGKILL) = 0 [pid 4999] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 4999] getdents64(3, 0x555556a72620 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(3, 0x555556a72620 /* 0 entries */, 32768) = 0 [pid 4999] close(3) = 0 [ 70.478394][ T896] cfg80211: failed to load regulatory.db [ 285.515952][ T27] INFO: task syz-executor120:5001 blocked for more than 143 seconds. [ 285.524073][ T27] Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0 [ 285.531643][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.540397][ T27] task:syz-executor120 state:D stack:25640 pid:5001 ppid:4999 flags:0x00004004 [ 285.549656][ T27] Call Trace: [ 285.553022][ T27] [ 285.556025][ T27] __schedule+0xc9a/0x5880 [ 285.560475][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 285.566484][ T27] ? print_usage_bug.part.0+0x660/0x660 [ 285.572039][ T27] ? __x64_sys_openat+0x143/0x1f0 [ 285.577085][ T27] ? io_schedule_timeout+0x150/0x150 [ 285.582373][ T27] ? xlog_grant_head_wait+0x2ef/0xb10 [ 285.587781][ T27] schedule+0xde/0x1a0 [ 285.591853][ T27] xlog_grant_head_wait+0x140/0xb10 [ 285.597073][ T27] xlog_grant_head_check+0x3d9/0x420 [ 285.602367][ T27] ? xlog_grant_head_wait+0xb10/0xb10 [ 285.607771][ T27] ? xfs_ail_push+0x19/0x1f0 [ 285.612377][ T27] xfs_log_reserve+0x35d/0x890 [ 285.617159][ T27] ? percpu_counter_add_batch+0x170/0x1e0 [ 285.622884][ T27] ? xlog_ticket_alloc+0x2b0/0x2b0 [ 285.628020][ T27] ? __percpu_counter_compare+0xbc/0x130 [ 285.633664][ T27] ? xfs_mod_freecounter+0x92/0x540 [ 285.638874][ T27] xfs_trans_reserve+0x479/0x670 [ 285.643840][ T27] xfs_trans_alloc+0x33e/0x880 [ 285.648853][ T27] xfs_trans_alloc_icreate+0xb9/0x230 [ 285.654249][ T27] ? xfs_trans_alloc_inode+0x330/0x330 [ 285.659738][ T27] ? make_vfsuid+0x170/0x170 [ 285.664338][ T27] xfs_create+0x5d7/0x1080 [ 285.668791][ T27] ? xfs_irele+0x1e0/0x1e0 [ 285.673215][ T27] ? vfs_set_acl+0x8f0/0x8f0 [ 285.677820][ T27] ? find_held_lock+0x2d/0x110 [ 285.682587][ T27] ? current_umask+0xa/0x80 [ 285.687110][ T27] ? posix_acl_create.part.0+0x2b3/0x4e0 [ 285.692862][ T27] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 285.698802][ T27] xfs_generic_create+0x5ea/0x790 [ 285.703833][ T27] ? xfs_setup_iops+0x430/0x430 [ 285.708761][ T27] ? xfs_vn_link+0x1f0/0x1f0 [ 285.713362][ T27] ? userns_owner+0x2d/0x40 [ 285.717887][ T27] ? bpf_lsm_inode_permission+0x9/0x10 [ 285.723456][ T27] ? bpf_lsm_inode_create+0x9/0x10 [ 285.728689][ T27] ? xfs_vn_mkdir+0x40/0x40 [ 285.733206][ T27] lookup_open.isra.0+0x105a/0x1400 [ 285.738428][ T27] ? link_path_walk.part.0+0xd60/0xd60 [ 285.743899][ T27] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 285.749920][ T27] ? __mnt_want_write+0x1fe/0x2e0 [ 285.754957][ T27] path_openat+0x975/0x2750 [ 285.759721][ T27] ? path_lookupat+0x840/0x840 [ 285.764491][ T27] do_filp_open+0x1ba/0x410 [ 285.769049][ T27] ? may_open_dev+0xf0/0xf0 [ 285.773566][ T27] ? find_held_lock+0x2d/0x110 [ 285.778365][ T27] ? do_raw_spin_lock+0x124/0x2b0 [ 285.783398][ T27] ? spin_bug+0x1c0/0x1c0 [ 285.787805][ T27] ? _raw_spin_unlock+0x28/0x40 [ 285.792752][ T27] ? alloc_fd+0x2e4/0x750 [ 285.797108][ T27] do_sys_openat2+0x16d/0x4c0 [ 285.801800][ T27] ? ptrace_stop.part.0+0x60f/0x8e0 [ 285.807047][ T27] ? build_open_flags+0x720/0x720 [ 285.812103][ T27] ? ptrace_notify+0xfe/0x140 [ 285.816796][ T27] ? lock_downgrade+0x690/0x690 [ 285.821658][ T27] __x64_sys_openat+0x143/0x1f0 [ 285.826556][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 285.831501][ T27] ? _raw_spin_unlock_irq+0x23/0x50 [ 285.836718][ T27] ? lockdep_hardirqs_on+0x7d/0x100 [ 285.841921][ T27] ? _raw_spin_unlock_irq+0x2e/0x50 [ 285.847176][ T27] ? ptrace_notify+0xfe/0x140 [ 285.851859][ T27] do_syscall_64+0x39/0xb0 [ 285.856290][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.862197][ T27] RIP: 0033:0x7f2d0eee62c9 [ 285.866653][ T27] RSP: 002b:00007ffe6c494838 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 285.875070][ T27] RAX: ffffffffffffffda RBX: 61746f7571727375 RCX: 00007f2d0eee62c9 [ 285.883056][ T27] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c [ 285.891058][ T27] RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000001 [ 285.899095][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe6c494860 [ 285.907109][ T27] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 285.915098][ T27] [ 285.918169][ T27] [ 285.918169][ T27] Showing all locks held in the system: [ 285.925903][ T27] 1 lock held by rcu_tasks_kthre/13: [ 285.931164][ T27] #0: ffffffff8c7984f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.941615][ T27] 1 lock held by rcu_tasks_trace/14: [ 285.946908][ T27] #0: ffffffff8c7981f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.957880][ T27] 1 lock held by khungtaskd/27: [ 285.962721][ T27] #0: ffffffff8c799100 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 285.972618][ T27] 2 locks held by getty/4755: [ 285.977299][ T27] #0: ffff888027e45098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 285.987059][ T27] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 285.997275][ T27] 3 locks held by syz-executor120/5001: [ 286.002792][ T27] #0: ffff88807d21e460 (sb_writers#9){.+.+}-{0:0}, at: path_openat+0x2716/0x2750 [ 286.012055][ T27] #1: ffff888073da0338 (&inode->i_sb->s_type->i_mutex_dir_key){+.+.}-{3:3}, at: path_openat+0x90f/0x2750 [ 286.023403][ T27] #2: ffff88807d21e650 (sb_internal#2){.+.+}-{0:0}, at: xfs_trans_alloc_icreate+0xb9/0x230 [ 286.033628][ T27] [ 286.035993][ T27] ============================================= [ 286.035993][ T27] [ 286.044396][ T27] NMI backtrace for cpu 1 [ 286.048714][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0 [ 286.058503][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 286.068543][ T27] Call Trace: [ 286.071807][ T27] [ 286.074725][ T27] dump_stack_lvl+0xd9/0x150 [ 286.079308][ T27] nmi_cpu_backtrace+0x29c/0x350 [ 286.084243][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.089431][ T27] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 286.095408][ T27] watchdog+0xe16/0x1090 [ 286.099650][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.105625][ T27] kthread+0x344/0x440 [ 286.109690][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.115315][ T27] ret_from_fork+0x1f/0x30 [ 286.119732][ T27] [ 286.122789][ T27] Sending NMI from CPU 1 to CPUs 0: [ 286.128023][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_safe_halt+0x40/0x50 [ 286.129009][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 286.143949][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.4.0-rc7-syzkaller-00226-ga92b7d26c743 #0 [ 286.153728][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 286.163759][ T27] Call Trace: [ 286.167017][ T27] [ 286.169930][ T27] dump_stack_lvl+0xd9/0x150 [ 286.174497][ T27] panic+0x686/0x730 [ 286.178372][ T27] ? panic_smp_self_stop+0xa0/0xa0 [ 286.183487][ T27] ? irq_work_claim+0x76/0x90 [ 286.188155][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.193333][ T27] ? irq_work_queue+0x2d/0x80 [ 286.197983][ T27] ? watchdog+0xbe8/0x1090 [ 286.202377][ T27] watchdog+0xbf9/0x1090 [ 286.206601][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.212563][ T27] kthread+0x344/0x440 [ 286.216610][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.222234][ T27] ret_from_fork+0x1f/0x30 [ 286.226645][ T27] [ 286.230568][ T27] Kernel Offset: disabled [ 286.234879][ T27] Rebooting in 86400 seconds..