./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor878624052 <...> DUID 00:04:02:40:b4:1b:63:80:2c:d1:41:b7:a3:cb:95:3e:6a:64 forked to background, child pid 4667 [ 21.707309][ T4668] 8021q: adding VLAN 0 to HW filter on device bond0 [ 21.716219][ T4668] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.101' (ECDSA) to the list of known hosts. execve("./syz-executor878624052", ["./syz-executor878624052"], 0x7ffec658d590 /* 10 vars */) = 0 brk(NULL) = 0x55555620c000 brk(0x55555620cc40) = 0x55555620cc40 arch_prctl(ARCH_SET_FS, 0x55555620c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor878624052", 4096) = 27 brk(0x55555622dc40) = 0x55555622dc40 brk(0x55555622e000) = 0x55555622e000 mprotect(0x7f8c9b71c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555620c5d0) = 4999 ./strace-static-x86_64: Process 4999 attached [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5000 ./strace-static-x86_64: Process 5000 attached [pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5000] setpgid(0, 0) = 0 [pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5000] write(3, "1000", 4) = 4 [pid 5000] close(3) = 0 [pid 5000] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 4998] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5001 ./strace-static-x86_64: Process 5001 attached [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... openat resumed>) = 3 [pid 5000] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778./strace-static-x86_64: Process 5002 attached [pid 4998] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5002 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5003 [pid 4998] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5004 ./strace-static-x86_64: Process 5003 attached [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5003] setpgid(0, 0) = 0 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5003] write(3, "1000", 4) = 4 [pid 5003] close(3) = 0 [pid 4998] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5005 [pid 5003] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5003] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778./strace-static-x86_64: Process 5005 attached [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5006 [pid 5005] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5007 ./strace-static-x86_64: Process 5006 attached [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5004 attached , child_tidptr=0x55555620c5d0) = 5008 ./strace-static-x86_64: Process 5009 attached ./strace-static-x86_64: Process 5008 attached ./strace-static-x86_64: Process 5007 attached [pid 5006] <... clone resumed>, child_tidptr=0x55555620c5d0) = 5009 [pid 5007] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5007] <... prctl resumed>) = 0 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5007] setpgid(0, 0 [pid 5009] <... prctl resumed>) = 0 [pid 5007] <... setpgid resumed>) = 0 [pid 5009] setpgid(0, 0 [pid 5007] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5009] <... setpgid resumed>) = 0 [pid 5008] <... prctl resumed>) = 0 [pid 5008] setpgid(0, 0 [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5008] <... setpgid resumed>) = 0 [pid 5007] <... openat resumed>) = 3 [pid 5004] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555620c5d0) = 5010 [pid 5008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5009] <... openat resumed>) = 3 [pid 5007] write(3, "1000", 4./strace-static-x86_64: Process 5010 attached [pid 5009] write(3, "1000", 4 [pid 5008] <... openat resumed>) = 3 [pid 5007] <... write resumed>) = 4 [pid 5009] <... write resumed>) = 4 [pid 5008] write(3, "1000", 4 [pid 5007] close(3 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5007] <... close resumed>) = 0 [pid 5008] <... write resumed>) = 4 [pid 5008] close(3 [pid 5009] close(3 [pid 5008] <... close resumed>) = 0 [pid 5009] <... close resumed>) = 0 [pid 5007] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5009] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5008] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5007] <... openat resumed>) = 3 [pid 5009] <... openat resumed>) = 3 [pid 5008] <... openat resumed>) = 3 [pid 5007] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5009] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5008] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5010] <... prctl resumed>) = 0 [pid 5010] setpgid(0, 0) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5010] write(3, "1000", 4) = 4 [pid 5010] close(3) = 0 [pid 5010] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5010] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 4999] kill(-5000, SIGKILL) = 0 [pid 4999] kill(5000, SIGKILL) = 0 [pid 5002] kill(-5003, SIGKILL) = 0 [pid 5002] kill(5003, SIGKILL) = 0 [pid 5005] kill(-5007, SIGKILL) = 0 [pid 5005] kill(5007, SIGKILL) = 0 [pid 5006] kill(-5009, SIGKILL [pid 5001] kill(-5008, SIGKILL [pid 5006] <... kill resumed>) = 0 [pid 5001] <... kill resumed>) = 0 [pid 5006] kill(5009, SIGKILL [pid 5001] kill(5008, SIGKILL [pid 5006] <... kill resumed>) = 0 [pid 5001] <... kill resumed>) = 0 [pid 5004] kill(-5010, SIGKILL) = 0 [pid 5004] kill(5010, SIGKILL) = 0 [pid 5002] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4999] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5005] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5004] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... openat resumed>) = 3 [pid 5001] fstat(3, [pid 5004] <... openat resumed>) = 3 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5001] getdents64(3, [pid 5005] <... openat resumed>) = 3 [pid 5001] <... getdents64 resumed>0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5005] fstat(3, [pid 5001] getdents64(3, [pid 5006] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... getdents64 resumed>0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5005] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5006] <... openat resumed>) = 3 [pid 5001] close(3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5001] <... close resumed>) = 0 [pid 5005] getdents64(3, [pid 5006] getdents64(3, [pid 5005] <... getdents64 resumed>0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5006] <... getdents64 resumed>0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(3, [pid 5005] getdents64(3, [pid 5006] <... getdents64 resumed>0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5006] close(3 [pid 5005] <... getdents64 resumed>0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5006] <... close resumed>) = 0 [pid 5005] close(3) = 0 [pid 5004] fstat(3, [pid 5002] <... openat resumed>) = 3 [pid 5004] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5004] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 4999] <... openat resumed>) = 3 [pid 5004] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5002] fstat(3, [pid 4999] fstat(3, [pid 5004] close(3) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5002] getdents64(3, [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5002] <... getdents64 resumed>0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5002] close(3 [pid 4999] getdents64(3, [pid 5002] <... close resumed>) = 0 [pid 4999] <... getdents64 resumed>0x55555620d620 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 4999] close(3) = 0 syzkaller login: [ 70.502089][ T895] cfg80211: failed to load regulatory.db [pid 5000] <... fallocate resumed>) = ? [pid 5000] +++ killed by SIGKILL +++ [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5000, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3533 /* 35.33 s */} --- [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5022 attached , child_tidptr=0x55555620c5d0) = 5022 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5022] setpgid(0, 0) = 0 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5022] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 4999] kill(-5022, SIGKILL) = 0 [pid 4999] kill(5022, SIGKILL) = 0 [pid 4999] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 4999] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 4999] close(3) = 0 [pid 5003] <... fallocate resumed>) = ? [pid 5003] +++ killed by SIGKILL +++ [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5003, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3629 /* 36.29 s */} --- [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555620c5d0) = 5028 ./strace-static-x86_64: Process 5028 attached [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5028] setpgid(0, 0) = 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5028] write(3, "1000", 4) = 4 [pid 5028] close(3) = 0 [pid 5028] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5028] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5002] kill(-5028, SIGKILL) = 0 [pid 5002] kill(5028, SIGKILL) = 0 [pid 5002] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5002] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5002] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5002] close(3) = 0 [pid 5007] <... fallocate resumed>) = ? [pid 5007] +++ killed by SIGKILL +++ [pid 5005] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5007, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3517 /* 35.17 s */} --- [pid 5005] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5029 attached , child_tidptr=0x55555620c5d0) = 5029 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5029] setpgid(0, 0) = 0 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5029] write(3, "1000", 4) = 4 [pid 5029] close(3) = 0 [pid 5029] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5029] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5005] kill(-5029, SIGKILL) = 0 [pid 5005] kill(5029, SIGKILL) = 0 [pid 5005] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5005] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5005] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5005] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5005] close(3) = 0 [pid 5009] <... fallocate resumed>) = ? [pid 5009] +++ killed by SIGKILL +++ [pid 5006] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5009, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3596 /* 35.96 s */} --- [pid 5006] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555620c5d0) = 5036 ./strace-static-x86_64: Process 5036 attached [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5036] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5006] kill(-5036, SIGKILL) = 0 [pid 5006] kill(5036, SIGKILL) = 0 [pid 5006] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5006] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5006] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5006] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5006] close(3) = 0 [pid 5008] <... fallocate resumed>) = ? [pid 5008] +++ killed by SIGKILL +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5008, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=3558 /* 35.58 s */} --- [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555620c5d0) = 5037 ./strace-static-x86_64: Process 5037 attached [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5037] setpgid(0, 0) = 0 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5037] write(3, "1000", 4) = 4 [pid 5037] close(3) = 0 [pid 5037] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5037] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5001] kill(-5037, SIGKILL) = 0 [pid 5001] kill(5037, SIGKILL) = 0 [pid 5001] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5001] getdents64(3, 0x55555620d620 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(3, 0x55555620d620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [ 285.535983][ T27] INFO: task syz-executor878:5022 blocked for more than 143 seconds. [ 285.544387][ T27] Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 285.552230][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.560944][ T27] task:syz-executor878 state:D stack:28232 pid:5022 ppid:4999 flags:0x00004004 [ 285.570517][ T27] Call Trace: [ 285.573809][ T27] [ 285.576790][ T27] __schedule+0xc9a/0x5880 [ 285.581469][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 285.587711][ T27] ? print_usage_bug.part.0+0x660/0x660 [ 285.593481][ T27] ? io_schedule_timeout+0x150/0x150 [ 285.599069][ T27] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 285.605187][ T27] schedule+0xde/0x1a0 [ 285.609295][ T27] schedule_preempt_disabled+0x13/0x20 [ 285.615010][ T27] rwsem_down_write_slowpath+0x3e2/0x1220 [ 285.620831][ T27] ? down_timeout+0x90/0x90 [ 285.625363][ T27] ? lock_sync+0x190/0x190 [ 285.633921][ T27] down_write+0x1d2/0x200 [ 285.638549][ T27] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 285.644747][ T27] blkdev_fallocate+0x1e8/0x420 [ 285.649859][ T27] ? blkdev_writepage+0x30/0x30 [ 285.654938][ T27] vfs_fallocate+0x48b/0xe40 [ 285.659760][ T27] __x64_sys_fallocate+0xd3/0x140 [ 285.665024][ T27] do_syscall_64+0x39/0xb0 [ 285.669764][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.675968][ T27] RIP: 0033:0x7f8c9b6afe09 [ 285.680391][ T27] RSP: 002b:00007ffcaa07a1e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 285.689073][ T27] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f8c9b6afe09 [ 285.697350][ T27] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 285.705569][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 285.713608][ T27] R10: 0000010000000002 R11: 0000000000000246 R12: 000000000000a455 [ 285.724156][ T27] R13: 00007ffcaa07a1fc R14: 00007ffcaa07a210 R15: 00007ffcaa07a200 [ 285.732418][ T27] [ 285.735460][ T27] INFO: task syz-executor878:5028 blocked for more than 143 seconds. [ 285.743779][ T27] Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 285.751626][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.760517][ T27] task:syz-executor878 state:D stack:27136 pid:5028 ppid:5002 flags:0x00004004 [ 285.770013][ T27] Call Trace: [ 285.773535][ T27] [ 285.776726][ T27] __schedule+0xc9a/0x5880 [ 285.781388][ T27] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 285.787418][ T27] ? print_usage_bug.part.0+0x660/0x660 [ 285.793178][ T27] ? io_schedule_timeout+0x150/0x150 [ 285.798743][ T27] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 285.804861][ T27] schedule+0xde/0x1a0 [ 285.809206][ T27] schedule_preempt_disabled+0x13/0x20 [ 285.814936][ T27] rwsem_down_write_slowpath+0x3e2/0x1220 [ 285.820934][ T27] ? down_timeout+0x90/0x90 [ 285.825678][ T27] ? lock_sync+0x190/0x190 [ 285.830346][ T27] down_write+0x1d2/0x200 [ 285.834688][ T27] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 285.840942][ T27] blkdev_fallocate+0x1e8/0x420 [ 285.846074][ T27] ? blkdev_writepage+0x30/0x30 [ 285.851171][ T27] vfs_fallocate+0x48b/0xe40 [ 285.856064][ T27] __x64_sys_fallocate+0xd3/0x140 [ 285.861310][ T27] do_syscall_64+0x39/0xb0 [ 285.866025][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 285.872181][ T27] RIP: 0033:0x7f8c9b6afe09 [ 285.876821][ T27] RSP: 002b:00007ffcaa07a1e8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 285.885445][ T27] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f8c9b6afe09 [ 285.893694][ T27] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 285.901893][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 285.910137][ T27] R10: 0000010000000002 R11: 0000000000000246 R12: 000000000000a45c [ 285.918187][ T27] R13: 00007ffcaa07a1fc R14: 00007ffcaa07a210 R15: 00007ffcaa07a200 [ 285.926266][ T27] [ 285.929294][ T27] [ 285.929294][ T27] Showing all locks held in the system: [ 285.937034][ T27] 1 lock held by rcu_tasks_kthre/13: [ 285.942517][ T27] #0: ffffffff8c7984b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.953282][ T27] 1 lock held by rcu_tasks_trace/14: [ 285.958819][ T27] #0: ffffffff8c7981b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 285.970028][ T27] 1 lock held by khungtaskd/27: [ 285.975132][ T27] #0: ffffffff8c7990c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 285.985366][ T27] 2 locks held by klogd/4443: [ 285.990299][ T27] 2 locks held by getty/4760: [ 285.995214][ T27] #0: ffff88802854e098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.005206][ T27] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.015617][ T27] 1 lock held by syz-executor878/5010: [ 286.021394][ T27] 1 lock held by syz-executor878/5022: [ 286.027069][ T27] #0: ffff888148d44ab0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 286.038251][ T27] 1 lock held by syz-executor878/5028: [ 286.043946][ T27] #0: ffff888148d44ab0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 286.054901][ T27] 1 lock held by syz-executor878/5029: [ 286.060633][ T27] #0: ffff888148d44ab0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 286.071616][ T27] 1 lock held by syz-executor878/5036: [ 286.077403][ T27] #0: ffff888148d44ab0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 286.088374][ T27] 1 lock held by syz-executor878/5037: [ 286.094059][ T27] #0: ffff888148d44ab0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x420 [ 286.105670][ T27] [ 286.108735][ T27] ============================================= [ 286.108735][ T27] [ 286.117346][ T27] NMI backtrace for cpu 1 [ 286.121664][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 286.131458][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 286.141490][ T27] Call Trace: [ 286.144746][ T27] [ 286.147654][ T27] dump_stack_lvl+0xd9/0x150 [ 286.152224][ T27] nmi_cpu_backtrace+0x29c/0x350 [ 286.157144][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.162329][ T27] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 286.168300][ T27] watchdog+0xe16/0x1090 [ 286.172528][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.178496][ T27] kthread+0x344/0x440 [ 286.182560][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.188192][ T27] ret_from_fork+0x1f/0x30 [ 286.192608][ T27] [ 286.195752][ T27] Sending NMI from CPU 1 to CPUs 0: [ 286.200987][ C0] NMI backtrace for cpu 0 [ 286.200994][ C0] CPU: 0 PID: 4443 Comm: klogd Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 286.201008][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 286.201015][ C0] RIP: 0010:do_raw_spin_lock+0x67/0x2b0 [ 286.201037][ C0] Code: c7 44 24 18 b0 52 66 81 48 8d 14 03 c7 02 f1 f1 f1 f1 c7 42 04 04 f3 f3 f3 48 89 fa 65 48 8b 0c 25 28 00 00 00 48 89 4c 24 60 <31> c9 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c [ 286.201049][ C0] RSP: 0018:ffffc9000312f580 EFLAGS: 00000016 [ 286.201059][ C0] RAX: dffffc0000000000 RBX: 1ffff92000625eb1 RCX: 85c130bc750cb800 [ 286.201068][ C0] RDX: ffffffff92093d7c RSI: 0000000000000001 RDI: ffffffff92093d7c [ 286.201076][ C0] RBP: ffffffff92093d78 R08: 0000000000000000 R09: ffffffff91529d07 [ 286.201084][ C0] R10: fffffbfff22a53a0 R11: 0000000000094001 R12: 0000000000000212 [ 286.201092][ C0] R13: 0000000000008000 R14: dead000000000100 R15: dffffc0000000000 [ 286.201102][ C0] FS: 00007f5cc131d380(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.201114][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.201123][ C0] CR2: 0000558a82286600 CR3: 000000002aad7000 CR4: 0000000000350ef0 [ 286.201131][ C0] Call Trace: [ 286.201134][ C0] [ 286.201138][ C0] ? nmi_cpu_backtrace+0x1d0/0x350 [ 286.201160][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 286.201173][ C0] ? nmi_handle+0x13d/0x400 [ 286.201194][ C0] ? do_raw_spin_lock+0x67/0x2b0 [ 286.201213][ C0] ? default_do_nmi+0x6b/0x170 [ 286.201228][ C0] ? exc_nmi+0x171/0x1e0 [ 286.201241][ C0] ? end_repeat_nmi+0x16/0x31 [ 286.201256][ C0] ? do_raw_spin_lock+0x67/0x2b0 [ 286.201275][ C0] ? do_raw_spin_lock+0x67/0x2b0 [ 286.201294][ C0] ? do_raw_spin_lock+0x67/0x2b0 [ 286.201313][ C0] [ 286.201316][ C0] [ 286.201319][ C0] ? lock_sync+0x190/0x190 [ 286.201341][ C0] ? spin_bug+0x1c0/0x1c0 [ 286.201358][ C0] ? find_held_lock+0x2d/0x110 [ 286.201374][ C0] ? _raw_spin_lock_irqsave+0x52/0x60 [ 286.201393][ C0] _raw_spin_lock_irqsave+0x45/0x60 [ 286.201412][ C0] ? debug_check_no_obj_freed+0xcb/0x420 [ 286.201430][ C0] debug_check_no_obj_freed+0xcb/0x420 [ 286.201450][ C0] free_unref_page_prepare+0x202/0xcb0 [ 286.201472][ C0] free_unref_page+0x33/0x370 [ 286.201493][ C0] __unfreeze_partials+0x17c/0x1a0 [ 286.201511][ C0] ? put_cpu_partial+0x171/0x210 [ 286.201528][ C0] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.201545][ C0] qlist_free_all+0x6a/0x170 [ 286.201559][ C0] kasan_quarantine_reduce+0x195/0x220 [ 286.201574][ C0] __kasan_slab_alloc+0x63/0x90 [ 286.201594][ C0] kmem_cache_alloc_node+0x185/0x3e0 [ 286.201614][ C0] __alloc_skb+0x288/0x330 [ 286.201629][ C0] ? __napi_build_skb+0x50/0x50 [ 286.201646][ C0] alloc_skb_with_frags+0x9a/0x6c0 [ 286.201665][ C0] ? print_usage_bug.part.0+0x660/0x660 [ 286.201683][ C0] sock_alloc_send_pskb+0x7a7/0x930 [ 286.201706][ C0] ? sk_dst_check+0x460/0x460 [ 286.201725][ C0] ? lock_downgrade+0x690/0x690 [ 286.201742][ C0] ? do_raw_spin_lock+0x124/0x2b0 [ 286.201761][ C0] ? spin_bug+0x1c0/0x1c0 [ 286.201781][ C0] unix_dgram_sendmsg+0x41b/0x1950 [ 286.201799][ C0] ? aa_sk_perm+0x31d/0xb10 [ 286.201813][ C0] ? unix_stream_sendpage+0xcc0/0xcc0 [ 286.201827][ C0] ? aa_af_perm+0x240/0x240 [ 286.201841][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 286.201854][ C0] ? unix_stream_sendpage+0xcc0/0xcc0 [ 286.201869][ C0] sock_sendmsg+0xde/0x190 [ 286.201883][ C0] __sys_sendto+0x23a/0x340 [ 286.201897][ C0] ? __ia32_sys_getpeername+0xb0/0xb0 [ 286.201912][ C0] ? lock_downgrade+0x690/0x690 [ 286.201933][ C0] ? rcu_is_watching+0x12/0xb0 [ 286.201954][ C0] ? __rseq_handle_notify_resume+0x5b3/0xfe0 [ 286.201971][ C0] ? __do_sys_rseq+0x750/0x750 [ 286.201985][ C0] ? unlock_page_memcg+0x2d0/0x2d0 [ 286.202006][ C0] ? security_capable+0x93/0xc0 [ 286.202020][ C0] __x64_sys_sendto+0xe1/0x1b0 [ 286.202035][ C0] ? syscall_enter_from_user_mode+0x26/0x80 [ 286.202052][ C0] do_syscall_64+0x39/0xb0 [ 286.202072][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.202093][ C0] RIP: 0033:0x7f5cc147f9b5 [ 286.202102][ C0] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 286.202113][ C0] RSP: 002b:00007ffe7a5cd008 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 286.202125][ C0] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5cc147f9b5 [ 286.202133][ C0] RDX: 000000000000003d RSI: 000055629f958a40 RDI: 0000000000000003 [ 286.202140][ C0] RBP: 000055629f954910 R08: 0000000000000000 R09: 0000000000000000 [ 286.202148][ C0] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 286.202155][ C0] R13: 00007f5cc160d212 R14: 00007ffe7a5cd108 R15: 0000000000000000 [ 286.202167][ C0] [ 286.202171][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.184 msecs [ 286.203413][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 286.691978][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.4.0-rc6-syzkaller-00037-gb6dad5178cea #0 [ 286.701769][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 286.711807][ T27] Call Trace: [ 286.715075][ T27] [ 286.717993][ T27] dump_stack_lvl+0xd9/0x150 [ 286.722576][ T27] panic+0x686/0x730 [ 286.726482][ T27] ? panic_smp_self_stop+0xa0/0xa0 [ 286.731588][ T27] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.736773][ T27] ? preempt_schedule_thunk+0x1a/0x20 [ 286.742144][ T27] ? watchdog+0xbe8/0x1090 [ 286.746558][ T27] watchdog+0xbf9/0x1090 [ 286.750795][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.756769][ T27] kthread+0x344/0x440 [ 286.760830][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 286.766452][ T27] ret_from_fork+0x1f/0x30 [ 286.770869][ T27] [ 286.774670][ T27] Kernel Offset: disabled [ 286.778980][ T27] Rebooting in 86400 seconds..