./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1237749577 <...> Warning: Permanently added '10.128.0.231' (ECDSA) to the list of known hosts. execve("./syz-executor1237749577", ["./syz-executor1237749577"], 0x7fff8cc95800 /* 10 vars */) = 0 brk(NULL) = 0x55555728a000 brk(0x55555728ac40) = 0x55555728ac40 arch_prctl(ARCH_SET_FS, 0x55555728a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555728a5d0) = 3606 set_robust_list(0x55555728a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f6453cf5820, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f6453cf5ef0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f6453cf58c0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f6453cf5ef0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1237749577", 4096) = 28 brk(0x5555572abc40) = 0x5555572abc40 brk(0x5555572ac000) = 0x5555572ac000 mprotect(0x7f6453db9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3607 attached , child_tidptr=0x55555728a5d0) = 3607 [pid 3607] set_robust_list(0x55555728a5e0, 24) = 0 [pid 3607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3607] setpgid(0, 0) = 0 [pid 3607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3607] write(3, "1000", 4) = 4 [pid 3607] close(3) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6453cc5000 [pid 3607] mprotect(0x7f6453cc6000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7f6453ce53f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3608 attached , parent_tid=[3608], tls=0x7f6453ce5700, child_tidptr=0x7f6453ce59d0) = 3608 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] set_robust_list(0x7f6453ce59e0, 24 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... set_robust_list resumed>) = 0 [pid 3608] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... futex resumed>) = 1 [pid 3608] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000) = 3 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3608] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"... [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... mount resumed>) = 0 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3608] futex(0x7f6453dbf4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... futex resumed>) = 0 [pid 3608] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] <... futex resumed>) = 1 [pid 3608] pivot_root("./file0", "./file0") = 0 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3608] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x15\x30\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 3608] futex(0x7f6453dbf4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3608] <... futex resumed>) = 1 [pid 3607] futex(0x7f6453dbf4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3608] openat(AT_FDCWD, "/dev/input/mouse6", O_RDONLY|O_DIRECT [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7f6453dbf4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f6453ca4000 [pid 3607] mprotect(0x7f6453ca5000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3607] clone(child_stack=0x7f6453cc43f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3610], tls=0x7f6453cc4700, child_tidptr=0x7f6453cc49d0) = 3610 [pid 3607] futex(0x7f6453dbf4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f6453dbf4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3610 attached [pid 3610] set_robust_list(0x7f6453cc49e0, 24) = 0 [pid 3610] read(3, "\x2c\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9d\x0b\x00\x00\x00\x00\x00\x00\x72\x75\x6e\x00", 8192) = 44 [pid 3610] futex(0x7f6453dbf4dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3607] <... futex resumed>) = 0 [pid 3607] futex(0x7f6453dbf4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3607] futex(0x7f6453dbf4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3610] <... futex resumed>) = 1 [pid 3610] write(3, "\x2c\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x28\x39\x5c\x00", 44 [pid 3607] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3607] futex(0x7f6453dbf4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3607] exit_group(0) = ? [pid 3606] kill(-3607, SIGKILL) = 0 [pid 3606] kill(3607, SIGKILL) = 0 syzkaller login: [ 75.747602][ T7] cfg80211: failed to load regulatory.db [ 285.666896][ T27] INFO: task syslogd:2955 blocked for more than 143 seconds. [ 285.674545][ T27] Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 285.682181][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.691998][ T27] task:syslogd state:D stack:25472 pid:2955 ppid:1 flags:0x00000000 [ 285.701222][ T27] Call Trace: [ 285.704497][ T27] [ 285.707441][ T27] __schedule+0xae9/0x53f0 [ 285.711882][ T27] ? find_held_lock+0x2d/0x110 [ 285.716631][ T27] ? rwsem_down_read_slowpath+0x240/0xb10 [ 285.722404][ T27] ? io_schedule_timeout+0x140/0x140 [ 285.727785][ T27] schedule+0xda/0x1b0 [ 285.731839][ T27] rwsem_down_read_slowpath+0x59f/0xb10 [ 285.737399][ T27] ? down_write+0x220/0x220 [ 285.741883][ T27] ? lock_release+0x810/0x810 [ 285.746550][ T27] down_read+0xe2/0x450 [ 285.750711][ T27] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 285.756413][ T27] ? lookup_fast+0x14e/0x520 [ 285.761015][ T27] walk_component+0x332/0x5a0 [ 285.765676][ T27] link_path_walk.part.0+0x74e/0xe20 [ 285.770980][ T27] ? walk_component+0x5a0/0x5a0 [ 285.775824][ T27] ? percpu_counter_add_batch+0xbd/0x180 [ 285.781510][ T27] path_openat+0x262/0x2860 [ 285.786008][ T27] ? path_lookupat+0x840/0x840 [ 285.790801][ T27] do_filp_open+0x1b6/0x400 [ 285.795287][ T27] ? may_open_dev+0xf0/0xf0 [ 285.799814][ T27] ? find_held_lock+0x2d/0x110 [ 285.804566][ T27] ? do_raw_spin_lock+0x120/0x2a0 [ 285.809593][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 285.814518][ T27] ? _raw_spin_unlock+0x24/0x40 [ 285.819381][ T27] ? alloc_fd+0x2d8/0x6d0 [ 285.823702][ T27] do_sys_openat2+0x16d/0x4c0 [ 285.828389][ T27] ? build_open_flags+0x6f0/0x6f0 [ 285.833400][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 285.838285][ T27] __x64_sys_openat+0x13f/0x1f0 [ 285.843120][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 285.848066][ T27] ? syscall_enter_from_user_mode+0x22/0xb0 [ 285.853948][ T27] do_syscall_64+0x35/0xb0 [ 285.858394][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.864276][ T27] RIP: 0033:0x7fcf5897e697 [ 285.868692][ T27] RSP: 002b:00007ffea18da1f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 285.877360][ T27] RAX: ffffffffffffffda RBX: 000055c65c0fe910 RCX: 00007fcf5897e697 [ 285.885333][ T27] RDX: 0000000000000d41 RSI: 00007fcf58b0c99a RDI: 00000000ffffff9c [ 285.893320][ T27] RBP: 00007fcf58b0c99a R08: 00007fcf58a0e040 R09: 00007fcf58a0e0c0 [ 285.901404][ T27] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000d41 [ 285.909383][ T27] R13: 000055c65c0fea50 R14: 0000000000000003 R15: 000055c65c0fea60 [ 285.917467][ T27] [ 285.920495][ T27] INFO: task syz-executor123:3606 blocked for more than 143 seconds. [ 285.928559][ T27] Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 285.936087][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.944835][ T27] task:syz-executor123 state:D stack:27368 pid:3606 ppid:3603 flags:0x00004000 [ 285.954065][ T27] Call Trace: [ 285.957367][ T27] [ 285.960284][ T27] __schedule+0xae9/0x53f0 [ 285.964688][ T27] ? find_held_lock+0x2d/0x110 [ 285.969470][ T27] ? rwsem_down_read_slowpath+0x240/0xb10 [ 285.975186][ T27] ? io_schedule_timeout+0x140/0x140 [ 285.980487][ T27] schedule+0xda/0x1b0 [ 285.984547][ T27] rwsem_down_read_slowpath+0x59f/0xb10 [ 285.990111][ T27] ? down_write+0x220/0x220 [ 285.994596][ T27] ? lock_release+0x810/0x810 [ 285.999306][ T27] down_read+0xe2/0x450 [ 286.003443][ T27] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 286.009168][ T27] ? lookup_fast+0x14e/0x520 [ 286.013757][ T27] walk_component+0x332/0x5a0 [ 286.018452][ T27] link_path_walk.part.0+0x74e/0xe20 [ 286.023736][ T27] ? walk_component+0x5a0/0x5a0 [ 286.028587][ T27] ? percpu_counter_add_batch+0xbd/0x180 [ 286.034208][ T27] path_openat+0x262/0x2860 [ 286.038727][ T27] ? path_lookupat+0x840/0x840 [ 286.043477][ T27] do_filp_open+0x1b6/0x400 [ 286.047990][ T27] ? may_open_dev+0xf0/0xf0 [ 286.052473][ T27] ? find_held_lock+0x2d/0x110 [ 286.057248][ T27] ? do_raw_spin_lock+0x120/0x2a0 [ 286.062255][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 286.067194][ T27] ? _raw_spin_unlock+0x24/0x40 [ 286.072029][ T27] ? alloc_fd+0x2d8/0x6d0 [ 286.076348][ T27] do_sys_openat2+0x16d/0x4c0 [ 286.081043][ T27] ? build_open_flags+0x6f0/0x6f0 [ 286.086051][ T27] ? ptrace_notify+0xfa/0x140 [ 286.090729][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.095579][ T27] __x64_sys_openat+0x13f/0x1f0 [ 286.100443][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.105362][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.110562][ T27] ? lockdep_hardirqs_on+0x79/0x100 [ 286.115741][ T27] ? _raw_spin_unlock_irq+0x2a/0x40 [ 286.120949][ T27] ? ptrace_notify+0xfa/0x140 [ 286.125611][ T27] do_syscall_64+0x35/0xb0 [ 286.130034][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.135916][ T27] RIP: 0033:0x7f6453d38338 [ 286.140345][ T27] RSP: 002b:00007ffdcd4b6a80 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 286.148857][ T27] RAX: ffffffffffffffda RBX: 00007ffdcd4b6af0 RCX: 00007f6453d38338 [ 286.156842][ T27] RDX: 0000000000090800 RSI: 00007f6453d8a004 RDI: 00000000ffffff9c [ 286.164794][ T27] RBP: 0000000000000e17 R08: 0000000000090800 R09: 00007f6453d8a004 [ 286.172763][ T27] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffdcd4b6c74 [ 286.180741][ T27] R13: 00007ffdcd4b6c74 R14: 0000000000000000 R15: 0000000000000000 [ 286.188725][ T27] [ 286.191730][ T27] INFO: task syz-executor123:3608 blocked for more than 143 seconds. [ 286.199801][ T27] Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 286.207337][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.215994][ T27] task:syz-executor123 state:D stack:26520 pid:3608 ppid:3606 flags:0x00004004 [ 286.225205][ T27] Call Trace: [ 286.228552][ T27] [ 286.231471][ T27] __schedule+0xae9/0x53f0 [ 286.235894][ T27] ? io_schedule_timeout+0x140/0x140 [ 286.241196][ T27] schedule+0xda/0x1b0 [ 286.245244][ T27] schedule_preempt_disabled+0xf/0x20 [ 286.250613][ T27] __mutex_lock+0xa44/0x1350 [ 286.255187][ T27] ? fuse_lock_inode+0xce/0x100 [ 286.260072][ T27] ? mutex_lock_io_nested+0x1190/0x1190 [ 286.265604][ T27] ? find_held_lock+0x2d/0x110 [ 286.270384][ T27] ? d_alloc_parallel+0x7af/0x1400 [ 286.275476][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.280358][ T27] fuse_lock_inode+0xce/0x100 [ 286.285026][ T27] fuse_lookup.part.0+0x86/0x390 [ 286.289971][ T27] ? fuse_lookup_name+0x630/0x630 [ 286.294993][ T27] ? d_alloc_parallel+0x690/0x1400 [ 286.300133][ T27] ? __d_lookup_rcu+0x4c0/0x4c0 [ 286.304964][ T27] ? lockdep_init_map_type+0x21a/0x7f0 [ 286.310424][ T27] ? lockdep_init_map_type+0x21a/0x7f0 [ 286.315881][ T27] fuse_lookup+0x70/0x90 [ 286.320142][ T27] __lookup_slow+0x24c/0x460 [ 286.324716][ T27] ? __lookup_hash+0x180/0x180 [ 286.329486][ T27] ? smc_nl_add_ueid+0x510/0x560 [ 286.334421][ T27] ? smc_nl_add_ueid+0x510/0x560 [ 286.339378][ T27] ? lookup_fast+0x14e/0x520 [ 286.343966][ T27] walk_component+0x33f/0x5a0 [ 286.348659][ T27] link_path_walk.part.0+0x74e/0xe20 [ 286.353945][ T27] ? walk_component+0x5a0/0x5a0 [ 286.358871][ T27] ? percpu_counter_add_batch+0xbd/0x180 [ 286.364498][ T27] path_openat+0x262/0x2860 [ 286.369007][ T27] ? path_lookupat+0x840/0x840 [ 286.373759][ T27] do_filp_open+0x1b6/0x400 [ 286.378276][ T27] ? may_open_dev+0xf0/0xf0 [ 286.382765][ T27] ? find_held_lock+0x2d/0x110 [ 286.387537][ T27] ? do_raw_spin_lock+0x120/0x2a0 [ 286.392549][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 286.397503][ T27] ? _raw_spin_unlock+0x24/0x40 [ 286.402338][ T27] ? alloc_fd+0x2d8/0x6d0 [ 286.406657][ T27] do_sys_openat2+0x16d/0x4c0 [ 286.411342][ T27] ? build_open_flags+0x6f0/0x6f0 [ 286.416350][ T27] ? ptrace_notify+0xfa/0x140 [ 286.421036][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.425869][ T27] __x64_sys_openat+0x13f/0x1f0 [ 286.430736][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.435679][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 286.440898][ T27] ? lockdep_hardirqs_on+0x79/0x100 [ 286.446091][ T27] ? _raw_spin_unlock_irq+0x2a/0x40 [ 286.451304][ T27] ? ptrace_notify+0xfa/0x140 [ 286.455965][ T27] do_syscall_64+0x35/0xb0 [ 286.460411][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.466306][ T27] RIP: 0033:0x7f6453cf4f34 [ 286.470770][ T27] RSP: 002b:00007f6453ce4e60 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 286.479218][ T27] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f6453cf4f34 [ 286.487206][ T27] RDX: 0000000000004000 RSI: 00007f6453ce4ee0 RDI: 00000000ffffff9c [ 286.495163][ T27] RBP: 00007f6453ce4ee0 R08: 0000000000000000 R09: 0000000000000000 [ 286.503179][ T27] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004000 [ 286.511166][ T27] R13: 0000000000000065 R14: 00007f6453d8c0a8 R15: 00007f6453dbf4c8 [ 286.519166][ T27] [ 286.522170][ T27] INFO: task syz-executor123:3610 blocked for more than 144 seconds. [ 286.530251][ T27] Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 286.537821][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.546468][ T27] task:syz-executor123 state:D stack:28352 pid:3610 ppid:3606 flags:0x00004004 [ 286.555696][ T27] Call Trace: [ 286.559005][ T27] [ 286.561920][ T27] __schedule+0xae9/0x53f0 [ 286.566327][ T27] ? find_held_lock+0x2d/0x110 [ 286.571167][ T27] ? rwsem_down_write_slowpath+0x4d0/0x12d0 [ 286.577104][ T27] ? io_schedule_timeout+0x140/0x140 [ 286.582380][ T27] ? mark_held_locks+0x9f/0xe0 [ 286.587153][ T27] schedule+0xda/0x1b0 [ 286.591308][ T27] rwsem_down_write_slowpath+0x5fc/0x12d0 [ 286.597059][ T27] ? down_timeout+0x90/0x90 [ 286.601551][ T27] ? lock_release+0x810/0x810 [ 286.606405][ T27] down_write_nested+0x1e8/0x220 [ 286.611368][ T27] ? up_read+0x20/0x20 [ 286.615422][ T27] ? down_read+0x198/0x450 [ 286.619864][ T27] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 286.625583][ T27] fuse_reverse_inval_entry+0x51/0x550 [ 286.631060][ T27] fuse_dev_do_write+0x1aab/0x2c00 [ 286.636162][ T27] ? find_held_lock+0x2d/0x110 [ 286.640963][ T27] ? fuse_dev_splice_read+0x700/0x700 [ 286.646320][ T27] ? find_held_lock+0x2d/0x110 [ 286.651091][ T27] ? aa_file_perm+0x595/0x1230 [ 286.655844][ T27] ? aa_path_link+0x2f0/0x2f0 [ 286.660541][ T27] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.666512][ T27] ? __switch_to+0x5cc/0x10e0 [ 286.671198][ T27] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 286.677223][ T27] fuse_dev_write+0x150/0x1e0 [ 286.681904][ T27] ? fuse_dev_splice_write+0xa70/0xa70 [ 286.687373][ T27] ? security_file_permission+0xab/0xd0 [ 286.692905][ T27] ? rw_verify_area+0xb6/0x1b0 [ 286.697698][ T27] vfs_write+0x9e9/0xdd0 [ 286.701929][ T27] ? kernel_write+0x630/0x630 [ 286.706593][ T27] ? __fget_files+0x26a/0x440 [ 286.711287][ T27] ? __fget_light+0xe5/0x270 [ 286.715864][ T27] ksys_write+0x127/0x250 [ 286.720215][ T27] ? __ia32_sys_read+0xb0/0xb0 [ 286.724968][ T27] ? lockdep_hardirqs_on+0x79/0x100 [ 286.730211][ T27] ? _raw_spin_unlock_irq+0x2a/0x40 [ 286.735396][ T27] ? ptrace_notify+0xfa/0x140 [ 286.740118][ T27] do_syscall_64+0x35/0xb0 [ 286.744527][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.750439][ T27] RIP: 0033:0x7f6453d38669 [ 286.754835][ T27] RSP: 002b:00007f6453cc42f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 286.763269][ T27] RAX: ffffffffffffffda RBX: 00007f6453dbf4d0 RCX: 00007f6453d38669 [ 286.771253][ T27] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 286.779314][ T27] RBP: 00007f6453d8c084 R08: 0000000000000000 R09: 0000000000000000 [ 286.787303][ T27] R10: 00007f6453cc4700 R11: 0000000000000246 R12: 0030656c69662f2e [ 286.795257][ T27] R13: 0000000000000003 R14: 00007f6453d8c0a8 R15: 00007f6453dbf4d8 [ 286.803265][ T27] [ 286.806271][ T27] [ 286.806271][ T27] Showing all locks held in the system: [ 286.813982][ T27] 1 lock held by rcu_tasks_kthre/12: [ 286.819267][ T27] #0: ffffffff8bf87e30 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.829714][ T27] 1 lock held by rcu_tasks_trace/13: [ 286.834972][ T27] #0: ffffffff8bf87b30 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 286.845945][ T27] 1 lock held by khungtaskd/27: [ 286.850788][ T27] #0: ffffffff8bf88980 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.860633][ T27] 2 locks held by kworker/u4:2/33: [ 286.865722][ T27] #0: ffff888011869138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 [ 286.876791][ T27] #1: ffffc90000aa7da8 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 [ 286.888909][ T27] 1 lock held by syslogd/2955: [ 286.893648][ T27] #0: ffff8880727a8150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 286.904025][ T27] 2 locks held by udevd/2973: [ 286.908699][ T27] #0: ffff8880727a8150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 286.919077][ T27] #1: ffff8880727a85b8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 [ 286.928226][ T27] 2 locks held by getty/3283: [ 286.932893][ T27] #0: ffff88814ab27098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.942680][ T27] #1: ffffc900031262f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef0/0x13e0 [ 286.952812][ T27] 1 lock held by syz-executor123/3606: [ 286.958289][ T27] #0: ffff8880727a8150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 286.968653][ T27] 2 locks held by syz-executor123/3608: [ 286.974174][ T27] #0: ffff8880727a8150 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 286.984554][ T27] #1: ffff8880727a85b8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xce/0x100 [ 286.993792][ T27] 2 locks held by syz-executor123/3610: [ 286.999346][ T27] #0: ffff888079e36338 (&fc->killsb){.+.+}-{3:3}, at: fuse_dev_do_write+0x2567/0x2c00 [ 287.009013][ T27] #1: ffff8880727a8150 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: fuse_reverse_inval_entry+0x51/0x550 [ 287.020354][ T27] [ 287.022660][ T27] ============================================= [ 287.022660][ T27] [ 287.031072][ T27] NMI backtrace for cpu 0 [ 287.035377][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 287.045168][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.055201][ T27] Call Trace: [ 287.058463][ T27] [ 287.061375][ T27] dump_stack_lvl+0xcd/0x134 [ 287.065956][ T27] nmi_cpu_backtrace.cold+0x24/0x18a [ 287.071228][ T27] nmi_trigger_cpumask_backtrace+0x32f/0x3c0 [ 287.077192][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.082373][ T27] watchdog+0xc71/0xfc0 [ 287.086515][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.092480][ T27] kthread+0x2e4/0x3a0 [ 287.096535][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.102149][ T27] ret_from_fork+0x1f/0x30 [ 287.106573][ T27] [ 287.109691][ T27] Sending NMI from CPU 0 to CPUs 1: [ 287.114896][ C1] NMI backtrace for cpu 1 skipped: idling at acpi_idle_do_entry+0x1fd/0x2a0 [ 287.115948][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 287.115962][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee #0 [ 287.115981][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.115990][ T27] Call Trace: [ 287.115997][ T27] [ 287.116005][ T27] dump_stack_lvl+0xcd/0x134 [ 287.116034][ T27] panic+0x2c8/0x622 [ 287.116049][ T27] ? panic_print_sys_info.part.0+0x110/0x110 [ 287.116077][ T27] ? preempt_schedule_thunk+0x16/0x18 [ 287.116104][ T27] ? watchdog.cold+0x130/0x158 [ 287.116130][ T27] watchdog.cold+0x141/0x158 [ 287.116153][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.116182][ T27] kthread+0x2e4/0x3a0 [ 287.116199][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.116219][ T27] ret_from_fork+0x1f/0x30 [ 287.116249][ T27] [ 287.124500][ T27] Kernel Offset: disabled [ 287.215822][ T27] Rebooting in 86400 seconds..