./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor521870780 <...> DUID 00:04:03:2c:e5:fc:a2:19:b8:8b:c5:bf:62:63:19:3a:75:c6 forked to background, child pid 4671 [ 48.221522][ T4672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.235146][ T4672] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.168' (ECDSA) to the list of known hosts. execve("./syz-executor521870780", ["./syz-executor521870780"], 0x7ffc2a410ef0 /* 10 vars */) = 0 brk(NULL) = 0x555557513000 brk(0x555557513c40) = 0x555557513c40 arch_prctl(ARCH_SET_FS, 0x555557513300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor521870780", 4096) = 27 brk(0x555557534c40) = 0x555557534c40 brk(0x555557535000) = 0x555557535000 mprotect(0x7f87d1105000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5007 attached , child_tidptr=0x5555575135d0) = 5007 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5008 attached [pid 5006] <... clone resumed>, child_tidptr=0x5555575135d0) = 5008 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5006] <... clone resumed>, child_tidptr=0x5555575135d0) = 5009 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5007] <... clone resumed>, child_tidptr=0x5555575135d0) = 5010 [pid 5006] <... clone resumed>, child_tidptr=0x5555575135d0) = 5011 [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5011 attached , child_tidptr=0x5555575135d0) = 5012 ./strace-static-x86_64: Process 5013 attached [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5012 attached ./strace-static-x86_64: Process 5010 attached ./strace-static-x86_64: Process 5009 attached [pid 5008] <... clone resumed>, child_tidptr=0x5555575135d0) = 5013 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5006] <... clone resumed>, child_tidptr=0x5555575135d0) = 5014 [pid 5013] <... prctl resumed>) = 0 [pid 5009] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5013] setpgid(0, 0) = 0 [pid 5011] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5009] <... clone resumed>, child_tidptr=0x5555575135d0) = 5015 [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5013] write(3, "1000", 4 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5013] <... write resumed>) = 4 [pid 5010] <... prctl resumed>) = 0 [pid 5013] close(3 [pid 5010] setpgid(0, 0./strace-static-x86_64: Process 5015 attached ./strace-static-x86_64: Process 5014 attached [pid 5013] <... close resumed>) = 0 [pid 5012] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] <... setpgid resumed>) = 0 [pid 5013] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5013] <... openat resumed>) = 3 [pid 5013] dup(3 [pid 5010] <... openat resumed>) = 3 [pid 5010] write(3, "1000", 4 [pid 5013] <... dup resumed>) = 4 [pid 5013] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5010] <... write resumed>) = 4 ./strace-static-x86_64: Process 5016 attached [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5010] close(3 [pid 5015] <... prctl resumed>) = 0 [pid 5012] <... clone resumed>, child_tidptr=0x5555575135d0) = 5017 [pid 5011] <... clone resumed>, child_tidptr=0x5555575135d0) = 5016 [pid 5010] <... close resumed>) = 0 ./strace-static-x86_64: Process 5018 attached ./strace-static-x86_64: Process 5017 attached [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] setpgid(0, 0 [pid 5014] <... clone resumed>, child_tidptr=0x5555575135d0) = 5018 [pid 5010] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5016] <... prctl resumed>) = 0 [pid 5017] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5015] <... setpgid resumed>) = 0 [pid 5010] <... openat resumed>) = 3 [pid 5018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5016] setpgid(0, 0 [pid 5017] <... prctl resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5010] dup(3 [pid 5018] <... prctl resumed>) = 0 [pid 5016] <... setpgid resumed>) = 0 [pid 5017] setpgid(0, 0 [pid 5015] <... openat resumed>) = 3 [pid 5010] <... dup resumed>) = 4 [pid 5018] setpgid(0, 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5017] <... setpgid resumed>) = 0 [pid 5015] write(3, "1000", 4 [pid 5010] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5018] <... setpgid resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] <... write resumed>) = 4 [pid 5018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5016] write(3, "1000", 4 [pid 5017] <... openat resumed>) = 3 [pid 5015] close(3 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... write resumed>) = 4 [pid 5017] write(3, "1000", 4 [pid 5015] <... close resumed>) = 0 [pid 5018] write(3, "1000", 4 [pid 5016] close(3 [pid 5017] <... write resumed>) = 4 [pid 5015] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5018] <... write resumed>) = 4 [pid 5016] <... close resumed>) = 0 [pid 5017] close(3 [pid 5015] <... openat resumed>) = 3 [pid 5018] close(3 [pid 5016] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5017] <... close resumed>) = 0 [pid 5015] dup(3 [pid 5018] <... close resumed>) = 0 [pid 5016] <... openat resumed>) = 3 [pid 5017] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5015] <... dup resumed>) = 4 [pid 5018] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5016] dup(3 [pid 5017] <... openat resumed>) = 3 [pid 5015] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5018] <... openat resumed>) = 3 [pid 5016] <... dup resumed>) = 4 [pid 5017] dup(3 [pid 5018] dup(3 [pid 5016] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5017] <... dup resumed>) = 4 [pid 5018] <... dup resumed>) = 4 [pid 5017] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5018] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5007] kill(-5010, SIGKILL) = 0 [pid 5007] kill(5010, SIGKILL) = 0 [pid 5009] kill(-5015, SIGKILL) = 0 [pid 5009] kill(5015, SIGKILL [pid 5008] kill(-5013, SIGKILL [pid 5009] <... kill resumed>) = 0 [pid 5008] <... kill resumed>) = 0 [pid 5008] kill(5013, SIGKILL) = 0 [pid 5012] kill(-5017, SIGKILL) = 0 [pid 5012] kill(5017, SIGKILL) = 0 [pid 5011] kill(-5016, SIGKILL) = 0 [pid 5011] kill(5016, SIGKILL [pid 5014] kill(-5018, SIGKILL [pid 5011] <... kill resumed>) = 0 [pid 5014] <... kill resumed>) = 0 [pid 5014] kill(5018, SIGKILL) = 0 [pid 5008] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, [pid 5007] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5008] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5007] <... openat resumed>) = 3 [pid 5009] <... openat resumed>) = 3 [pid 5007] fstat(3, [pid 5009] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5008] getdents64(3, [pid 5007] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5009] getdents64(3, [pid 5008] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5012] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5009] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(3, [pid 5007] getdents64(3, [pid 5012] <... openat resumed>) = 3 [pid 5009] getdents64(3, [pid 5008] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5007] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5012] fstat(3, [pid 5009] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5008] close(3 [pid 5007] getdents64(3, [pid 5012] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5009] close(3 [pid 5007] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5008] <... close resumed>) = 0 [pid 5012] getdents64(3, [pid 5007] close(3 [pid 5012] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5009] <... close resumed>) = 0 [pid 5007] <... close resumed>) = 0 [pid 5012] getdents64(3, [pid 5011] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5012] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5012] close(3 [pid 5011] <... openat resumed>) = 3 [pid 5012] <... close resumed>) = 0 [pid 5011] fstat(3, [pid 5014] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5011] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5011] getdents64(3, [pid 5014] fstat(3, [pid 5011] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5014] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5011] getdents64(3, [pid 5014] getdents64(3, [pid 5011] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5014] <... getdents64 resumed>0x555557514620 /* 2 entries */, 32768) = 48 [pid 5014] getdents64(3, [pid 5011] close(3 [pid 5014] <... getdents64 resumed>0x555557514620 /* 0 entries */, 32768) = 0 [pid 5014] close(3 [pid 5011] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 syzkaller login: [ 91.765422][ T1141] cfg80211: failed to load regulatory.db [pid 5013] <... fallocate resumed>) = ? [pid 5013] +++ killed by SIGKILL +++ [pid 5008] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5013, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7653 /* 76.53 s */} --- [pid 5008] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5036 attached [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5008] <... clone resumed>, child_tidptr=0x5555575135d0) = 5036 [pid 5036] <... prctl resumed>) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5036] dup(3) = 4 [pid 5036] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5008] kill(-5036, SIGKILL) = 0 [pid 5008] kill(5036, SIGKILL) = 0 [pid 5008] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5008] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5008] getdents64(3, 0x555557514620 /* 2 entries */, 32768) = 48 [pid 5008] getdents64(3, 0x555557514620 /* 0 entries */, 32768) = 0 [pid 5008] close(3) = 0 [pid 5010] <... fallocate resumed>) = ? [pid 5010] +++ killed by SIGKILL +++ [pid 5007] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5010, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7783 /* 77.83 s */} --- [pid 5007] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555575135d0) = 5043 ./strace-static-x86_64: Process 5043 attached [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5043] setpgid(0, 0) = 0 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5043] write(3, "1000", 4) = 4 [pid 5043] close(3) = 0 [pid 5043] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5043] dup(3) = 4 [pid 5043] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 281474993496064 [pid 5007] kill(-5043, SIGKILL) = 0 [pid 5007] kill(5043, SIGKILL) = 0 [pid 5007] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5007] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5007] getdents64(3, 0x555557514620 /* 2 entries */, 32768) = 48 [pid 5007] getdents64(3, 0x555557514620 /* 0 entries */, 32768) = 0 [pid 5007] close(3) = 0 [ 286.303460][ T28] INFO: task syz-executor521:5017 blocked for more than 143 seconds. [ 286.312141][ T28] Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 286.320512][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.332045][ T28] task:syz-executor521 state:D stack:28240 pid:5017 ppid:5012 flags:0x00004004 [ 286.342267][ T28] Call Trace: [ 286.345678][ T28] [ 286.348659][ T28] __schedule+0x1d15/0x5790 [ 286.360326][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.367359][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.374469][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 286.381810][ T28] schedule+0xde/0x1a0 [ 286.386025][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.393003][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 286.399160][ T28] ? down_killable+0xa0/0xa0 [ 286.405268][ T28] ? lock_sync+0x190/0x190 [ 286.415760][ T28] ? rcu_is_watching+0x12/0xb0 [ 286.420636][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.434367][ T28] ? lock_acquire+0x32/0xc0 [ 286.438981][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.445343][ T28] down_write+0x1d2/0x200 [ 286.451091][ T28] ? down_write_killable_nested+0x250/0x250 [ 286.458347][ T28] blkdev_fallocate+0x1e8/0x420 [ 286.464386][ T28] ? blkdev_writepage+0x30/0x30 [ 286.470441][ T28] vfs_fallocate+0x48b/0xe40 [ 286.476421][ T28] __x64_sys_fallocate+0xd3/0x140 [ 286.482635][ T28] do_syscall_64+0x39/0xb0 [ 286.489576][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.500960][ T28] RIP: 0033:0x7f87d1098e29 [ 286.505514][ T28] RSP: 002b:00007fff15a774e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.514262][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f87d1098e29 [ 286.522284][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.531937][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.542568][ T28] R10: 0001000001002000 R11: 0000000000000246 R12: 00007f87d105c600 [ 286.551814][ T28] R13: 0000000000000000 R14: 00007fff15a77510 R15: 00007fff15a77500 [ 286.563308][ T28] [ 286.566469][ T28] INFO: task syz-executor521:5016 blocked for more than 143 seconds. [ 286.574729][ T28] Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 286.581793][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.591026][ T28] task:syz-executor521 state:D stack:28240 pid:5016 ppid:5011 flags:0x00004004 [ 286.601205][ T28] Call Trace: [ 286.605089][ T28] [ 286.608498][ T28] __schedule+0x1d15/0x5790 [ 286.613529][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.620022][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.625957][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 286.632385][ T28] schedule+0xde/0x1a0 [ 286.636561][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.642449][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 286.648343][ T28] ? down_killable+0xa0/0xa0 [ 286.653426][ T28] ? lock_sync+0x190/0x190 [ 286.658365][ T28] ? rcu_is_watching+0x12/0xb0 [ 286.663727][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.669253][ T28] ? lock_acquire+0x32/0xc0 [ 286.674366][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.680017][ T28] down_write+0x1d2/0x200 [ 286.684987][ T28] ? down_write_killable_nested+0x250/0x250 [ 286.691419][ T28] blkdev_fallocate+0x1e8/0x420 [ 286.696395][ T28] ? blkdev_writepage+0x30/0x30 [ 286.701315][ T28] vfs_fallocate+0x48b/0xe40 [ 286.706293][ T28] __x64_sys_fallocate+0xd3/0x140 [ 286.711405][ T28] do_syscall_64+0x39/0xb0 [ 286.716405][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.722799][ T28] RIP: 0033:0x7f87d1098e29 [ 286.727784][ T28] RSP: 002b:00007fff15a774e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.736777][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f87d1098e29 [ 286.745301][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.753760][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.762222][ T28] R10: 0001000001002000 R11: 0000000000000246 R12: 00007f87d105c600 [ 286.770757][ T28] R13: 0000000000000000 R14: 00007fff15a77510 R15: 00007fff15a77500 [ 286.778921][ T28] [ 286.782081][ T28] INFO: task syz-executor521:5018 blocked for more than 143 seconds. [ 286.790671][ T28] Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 286.798336][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.807664][ T28] task:syz-executor521 state:D stack:28240 pid:5018 ppid:5014 flags:0x00004004 [ 286.817326][ T28] Call Trace: [ 286.821031][ T28] [ 286.824514][ T28] __schedule+0x1d15/0x5790 [ 286.829452][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.836009][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.841367][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 286.847522][ T28] schedule+0xde/0x1a0 [ 286.852179][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.858234][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 286.864499][ T28] ? down_killable+0xa0/0xa0 [ 286.869552][ T28] ? lock_sync+0x190/0x190 [ 286.874514][ T28] ? rcu_is_watching+0x12/0xb0 [ 286.879703][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.885275][ T28] ? lock_acquire+0x32/0xc0 [ 286.890270][ T28] ? blkdev_fallocate+0x1e8/0x420 [ 286.895436][ T28] down_write+0x1d2/0x200 [ 286.899832][ T28] ? down_write_killable_nested+0x250/0x250 [ 286.906300][ T28] blkdev_fallocate+0x1e8/0x420 [ 286.911581][ T28] ? blkdev_writepage+0x30/0x30 [ 286.917001][ T28] vfs_fallocate+0x48b/0xe40 [ 286.922074][ T28] __x64_sys_fallocate+0xd3/0x140 [ 286.927625][ T28] do_syscall_64+0x39/0xb0 [ 286.932483][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.938914][ T28] RIP: 0033:0x7f87d1098e29 [ 286.943865][ T28] RSP: 002b:00007fff15a774e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.952345][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f87d1098e29 [ 286.960821][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.969368][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.977874][ T28] R10: 0001000001002000 R11: 0000000000000246 R12: 00007f87d105c600 [ 286.986345][ T28] R13: 0000000000000000 R14: 00007fff15a77510 R15: 00007fff15a77500 [ 286.994925][ T28] [ 286.998462][ T28] [ 286.998462][ T28] Showing all locks held in the system: [ 287.007178][ T28] 1 lock held by rcu_tasks_kthre/13: [ 287.012891][ T28] #0: ffffffff8c798530 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 287.023552][ T28] 1 lock held by rcu_tasks_trace/14: [ 287.029247][ T28] #0: ffffffff8c798230 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 287.041007][ T28] 1 lock held by khungtaskd/28: [ 287.046351][ T28] #0: ffffffff8c799140 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x390 [ 287.056812][ T28] 2 locks held by getty/4759: [ 287.062030][ T28] #0: ffff8880285cc098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 287.072401][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 287.083093][ T28] 1 lock held by syz-executor521/5015: [ 287.089080][ T28] 1 lock held by syz-executor521/5017: [ 287.094621][ T28] #0: ffff88801de688b0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 287.105419][ T28] 1 lock held by syz-executor521/5016: [ 287.111299][ T28] #0: ffff88801de688b0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 287.122587][ T28] 1 lock held by syz-executor521/5018: [ 287.128522][ T28] #0: ffff88801de688b0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 287.139685][ T28] 1 lock held by syz-executor521/5036: [ 287.145637][ T28] #0: ffff88801de688b0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 287.156856][ T28] 1 lock held by syz-executor521/5043: [ 287.162732][ T28] #0: ffff88801de688b0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 287.173970][ T28] [ 287.176330][ T28] ============================================= [ 287.176330][ T28] [ 287.184983][ T28] NMI backtrace for cpu 1 [ 287.189330][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 287.198622][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 287.208684][ T28] Call Trace: [ 287.211968][ T28] [ 287.214905][ T28] dump_stack_lvl+0xd9/0x150 [ 287.219624][ T28] nmi_cpu_backtrace+0x29c/0x350 [ 287.224607][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.229829][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 287.235841][ T28] watchdog+0xe16/0x1090 [ 287.240123][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.246131][ T28] kthread+0x344/0x440 [ 287.250261][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.255931][ T28] ret_from_fork+0x1f/0x30 [ 287.260416][ T28] [ 287.263565][ T28] Sending NMI from CPU 1 to CPUs 0: [ 287.268809][ C0] NMI backtrace for cpu 0 [ 287.268820][ C0] CPU: 0 PID: 3769 Comm: kworker/u4:6 Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 287.268846][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 287.268872][ C0] Workqueue: events_unbound toggle_allocation_gate [ 287.268923][ C0] RIP: 0010:insn_get_opcode.part.0+0x511/0x990 [ 287.268972][ C0] Code: 85 61 02 00 00 e8 4f 0b 7e f7 4c 89 e8 48 c1 e8 03 0f b6 14 28 4c 89 e8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 f6 03 00 00 <8b> 53 4c 44 89 e6 41 0f b6 fe e8 c0 7f ff ff 41 89 c4 4c 89 e8 48 [ 287.268992][ C0] RSP: 0018:ffffc9000442f910 EFLAGS: 00000246 [ 287.269008][ C0] RAX: 0000000000000007 RBX: ffffc9000442fa88 RCX: 0000000000000000 [ 287.269022][ C0] RDX: 0000000000000000 RSI: ffffffff8a061861 RDI: 0000000000000001 [ 287.269036][ C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000 [ 287.269049][ C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 287.269079][ C0] R13: ffffc9000442fad4 R14: 000000000000001f R15: 0000000000000000 [ 287.269094][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.269118][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.269133][ C0] CR2: 0000000020001008 CR3: 000000000c571000 CR4: 00000000003506f0 [ 287.269148][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.269162][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.269176][ C0] Call Trace: [ 287.269182][ C0] [ 287.269195][ C0] insn_get_modrm+0x359/0x7d0 [ 287.269219][ C0] insn_get_sib+0x2a0/0x330 [ 287.269241][ C0] insn_get_displacement+0x34a/0x6c0 [ 287.269264][ C0] insn_decode+0x35f/0x3b0 [ 287.269285][ C0] ? kmem_cache_alloc_bulk+0x1b8/0x860 [ 287.269308][ C0] text_poke_loc_init+0xbc/0x4d0 [ 287.269351][ C0] ? arch_jump_label_transform_queue+0x5c/0x100 [ 287.269386][ C0] ? text_poke_memset+0x60/0x60 [ 287.269430][ C0] ? kmem_cache_alloc_bulk+0x1b8/0x860 [ 287.269452][ C0] ? __jump_label_patch+0x173/0x340 [ 287.269484][ C0] arch_jump_label_transform_queue+0x98/0x100 [ 287.269520][ C0] __jump_label_update+0x12e/0x410 [ 287.269561][ C0] jump_label_update+0x32f/0x410 [ 287.269595][ C0] static_key_disable_cpuslocked+0x156/0x1b0 [ 287.269649][ C0] static_key_disable+0x1a/0x20 [ 287.269681][ C0] toggle_allocation_gate+0x143/0x230 [ 287.269717][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 287.269751][ C0] ? trace_lock_acquire+0x12d/0x180 [ 287.269789][ C0] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.269830][ C0] ? process_one_work+0x8b7/0x15e0 [ 287.269869][ C0] ? lock_acquire+0x32/0xc0 [ 287.269904][ C0] ? process_one_work+0x8b7/0x15e0 [ 287.269944][ C0] process_one_work+0x99a/0x15e0 [ 287.269987][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 287.270024][ C0] ? rcu_is_watching+0x12/0xb0 [ 287.270051][ C0] ? spin_bug+0x1c0/0x1c0 [ 287.270090][ C0] ? lock_acquire+0x32/0xc0 [ 287.270125][ C0] ? worker_thread+0x16d/0x10c0 [ 287.270165][ C0] worker_thread+0x67d/0x10c0 [ 287.270210][ C0] ? process_one_work+0x15e0/0x15e0 [ 287.270253][ C0] kthread+0x344/0x440 [ 287.270283][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.270319][ C0] ret_from_fork+0x1f/0x30 [ 287.270368][ C0] [ 287.270375][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.565 msecs [ 287.271213][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.606357][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-next-20230515-syzkaller #0 [ 287.615670][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 287.625760][ T28] Call Trace: [ 287.629081][ T28] [ 287.632044][ T28] dump_stack_lvl+0xd9/0x150 [ 287.636691][ T28] panic+0x686/0x730 [ 287.640651][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 287.645825][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.651075][ T28] ? preempt_schedule_thunk+0x1a/0x20 [ 287.656502][ T28] ? watchdog+0xbe8/0x1090 [ 287.660987][ T28] watchdog+0xbf9/0x1090 [ 287.665280][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.671316][ T28] kthread+0x344/0x440 [ 287.675441][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.681129][ T28] ret_from_fork+0x1f/0x30 [ 287.685615][ T28] [ 287.688905][ T28] Kernel Offset: disabled [ 287.693258][ T28] Rebooting in 86400 seconds..