./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor274880033 <...> [ 29.326419][ T3187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.339522][ T3187] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller syzkaller login: [ 39.597115][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 39.597132][ T26] audit: type=1400 audit(1657187525.293:73): avc: denied { transition } for pid=3394 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 39.628754][ T26] audit: type=1400 audit(1657187525.303:74): avc: denied { write } for pid=3394 comm="sh" path="pipe:[28064]" dev="pipefs" ino=28064 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.210' (ECDSA) to the list of known hosts. execve("./syz-executor274880033", ["./syz-executor274880033"], 0x7ffdff39bf60 /* 10 vars */) = 0 brk(NULL) = 0x555555b1c000 brk(0x555555b1cc40) = 0x555555b1cc40 arch_prctl(ARCH_SET_FS, 0x555555b1c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor274880033", 4096) = 27 brk(0x555555b3dc40) = 0x555555b3dc40 brk(0x555555b3e000) = 0x555555b3e000 mprotect(0x7fd5993e9000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3608 attached , child_tidptr=0x555555b1c5d0) = 3608 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3608] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3607] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3610 [pid 3608] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3609 ./strace-static-x86_64: Process 3610 attached ./strace-static-x86_64: Process 3609 attached [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3610] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3607] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3611 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1c5d0) = 3612 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3614 attached ./strace-static-x86_64: Process 3613 attached ./strace-static-x86_64: Process 3612 attached ./strace-static-x86_64: Process 3611 attached [pid 3610] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3613 [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3607] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3614 [pid 3607] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3613] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] <... prctl resumed>) = 0 [pid 3607] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3615 [pid 3612] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] setpgid(0, 0./strace-static-x86_64: Process 3615 attached ) = 0 [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3613] <... prctl resumed>) = 0 [pid 3611] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3616 [pid 3613] setpgid(0, 0 [pid 3615] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3617 [pid 3609] <... openat resumed>) = 3 [pid 3613] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 3616 attached [pid 3613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3609] write(3, "1000", 4 [pid 3616] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3613] <... openat resumed>) = 3 [pid 3613] write(3, "1000", 4 [pid 3609] <... write resumed>) = 4 [pid 3613] <... write resumed>) = 4 [pid 3609] close(3 [pid 3613] close(3 [pid 3609] <... close resumed>) = 0 [pid 3613] <... close resumed>) = 0 [pid 3609] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK [pid 3613] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK [pid 3616] <... prctl resumed>) = 0 [pid 3616] setpgid(0, 0) = 0 [pid 3616] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 3609] <... openat resumed>) = 3 [pid 3616] <... openat resumed>) = 3 [pid 3616] write(3, "1000", 4) = 4 [pid 3616] close(3) = 0 [pid 3616] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3616] dup(3) = 4 [pid 3616] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807./strace-static-x86_64: Process 3617 attached [pid 3617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3617] setpgid(0, 0) = 0 [pid 3617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3617] write(3, "1000", 4) = 4 [pid 3617] close(3) = 0 [pid 3617] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3617] dup(3) = 4 [pid 3617] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [ 50.358631][ T26] audit: type=1400 audit(1657187536.053:75): avc: denied { execmem } for pid=3607 comm="syz-executor274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 3614] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3619 attached ./strace-static-x86_64: Process 3618 attached [pid 3613] <... openat resumed>) = 3 [pid 3609] dup(3 [pid 3618] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3614] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3618 [pid 3612] <... clone resumed>, child_tidptr=0x555555b1c5d0) = 3619 [pid 3618] <... prctl resumed>) = 0 [pid 3619] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 3618] setpgid(0, 0 [pid 3613] dup(3 [pid 3618] <... setpgid resumed>) = 0 [pid 3618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3618] write(3, "1000", 4) = 4 [pid 3618] close(3) = 0 [pid 3618] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK [pid 3609] <... dup resumed>) = 4 [pid 3618] <... openat resumed>) = 3 [pid 3609] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3619] <... prctl resumed>) = 0 [pid 3618] dup(3 [pid 3613] <... dup resumed>) = 4 [pid 3619] setpgid(0, 0 [pid 3618] <... dup resumed>) = 4 [pid 3613] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3619] <... setpgid resumed>) = 0 [pid 3618] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3619] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3619] write(3, "1000", 4) = 4 [pid 3619] close(3) = 0 [pid 3619] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3619] dup(3) = 4 [ 50.398482][ T26] audit: type=1400 audit(1657187536.093:76): avc: denied { read write } for pid=3609 comm="syz-executor274" name="nullb0" dev="devtmpfs" ino=677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 50.423323][ T26] audit: type=1400 audit(1657187536.093:77): avc: denied { open } for pid=3609 comm="syz-executor274" path="/dev/nullb0" dev="devtmpfs" ino=677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [pid 3619] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3608] kill(-3609, SIGKILL) = 0 [pid 3615] kill(-3617, SIGKILL [pid 3611] kill(-3616, SIGKILL [pid 3610] kill(-3613, SIGKILL [pid 3608] kill(3609, SIGKILL [pid 3615] <... kill resumed>) = 0 [pid 3611] <... kill resumed>) = 0 [pid 3610] <... kill resumed>) = 0 [pid 3608] <... kill resumed>) = 0 [pid 3615] kill(3617, SIGKILL [pid 3611] kill(3616, SIGKILL [pid 3610] kill(3613, SIGKILL [pid 3615] <... kill resumed>) = 0 [pid 3611] <... kill resumed>) = 0 [pid 3610] <... kill resumed>) = 0 [pid 3614] kill(-3618, SIGKILL) = 0 [pid 3614] kill(3618, SIGKILL) = 0 [pid 3612] kill(-3619, SIGKILL) = 0 [pid 3612] kill(3619, SIGKILL) = 0 [pid 3615] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3611] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3610] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3611] <... openat resumed>) = 3 [pid 3608] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3611] fstat(3, [pid 3608] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3611] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3608] close(3 [pid 3615] <... openat resumed>) = 3 [pid 3608] <... close resumed>) = 0 [pid 3615] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3611] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3615] getdents64(3, [pid 3611] getdents64(3, [pid 3615] <... getdents64 resumed>0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3615] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3615] close(3 [pid 3611] <... getdents64 resumed>0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3614] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3611] close(3 [pid 3615] <... close resumed>) = 0 [pid 3614] <... openat resumed>) = 3 [pid 3612] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 3614] fstat(3, [pid 3611] <... close resumed>) = 0 [pid 3612] <... openat resumed>) = 3 [pid 3614] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3612] fstat(3, [pid 3614] getdents64(3, [pid 3612] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3614] <... getdents64 resumed>0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3614] getdents64(3, [pid 3612] getdents64(3, [pid 3614] <... getdents64 resumed>0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3612] <... getdents64 resumed>0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3614] close(3 [pid 3612] getdents64(3, [pid 3614] <... close resumed>) = 0 [pid 3612] <... getdents64 resumed>0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3612] close(3) = 0 [pid 3610] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3610] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3610] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3610] close(3) = 0 [ 76.290003][ T14] cfg80211: failed to load regulatory.db [pid 3616] <... fallocate resumed>) = ? [pid 3616] +++ killed by SIGKILL +++ [pid 3611] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3616, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5444} --- [pid 3611] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1c5d0) = 3636 ./strace-static-x86_64: Process 3636 attached [pid 3636] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3636] setpgid(0, 0) = 0 [pid 3636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3636] write(3, "1000", 4) = 4 [pid 3636] close(3) = 0 [pid 3636] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3636] dup(3) = 4 [pid 3636] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3611] kill(-3636, SIGKILL) = 0 [pid 3611] kill(3636, SIGKILL) = 0 [pid 3611] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3611] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3611] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3611] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3611] close(3) = 0 [pid 3617] <... fallocate resumed>) = ? [pid 3617] +++ killed by SIGKILL +++ [pid 3615] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3617, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5362} --- [pid 3615] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555b1c5d0) = 3637 ./strace-static-x86_64: Process 3637 attached [pid 3637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3637] setpgid(0, 0) = 0 [pid 3637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3637] write(3, "1000", 4) = 4 [pid 3637] close(3) = 0 [pid 3637] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3637] dup(3) = 4 [pid 3637] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3615] kill(-3637, SIGKILL) = 0 [pid 3615] kill(3637, SIGKILL) = 0 [pid 3615] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3615] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3615] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3615] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3615] close(3) = 0 [pid 3609] <... fallocate resumed>) = ? [pid 3609] +++ killed by SIGKILL +++ [pid 3608] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=3609, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5445} --- [pid 3608] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached , child_tidptr=0x555555b1c5d0) = 3644 [pid 3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3644] setpgid(0, 0) = 0 [pid 3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3644] write(3, "1000", 4) = 4 [pid 3644] close(3) = 0 [pid 3644] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_TRUNC|O_NONBLOCK) = 3 [pid 3644] dup(3) = 4 [pid 3644] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 3608] kill(-3644, SIGKILL) = 0 [pid 3608] kill(3644, SIGKILL) = 0 [pid 3608] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3608] getdents64(3, 0x555555b1d620 /* 2 entries */, 32768) = 48 [pid 3608] getdents64(3, 0x555555b1d620 /* 0 entries */, 32768) = 0 [pid 3608] close(3) = 0 [ 286.181878][ T27] INFO: task syz-executor274:3618 blocked for more than 143 seconds. [ 286.190474][ T27] Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 286.199243][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.218466][ T27] task:syz-executor274 state:D stack:28128 pid: 3618 ppid: 3614 flags:0x00004004 [ 286.228749][ T27] Call Trace: [ 286.233171][ T27] [ 286.236955][ T27] __schedule+0xa00/0x4b50 [ 286.242431][ T27] ? find_held_lock+0x2d/0x110 [ 286.247337][ T27] ? io_schedule_timeout+0x140/0x140 [ 286.253758][ T27] ? mark_held_locks+0x9f/0xe0 [ 286.259546][ T27] schedule+0xd2/0x1f0 [ 286.263720][ T27] rwsem_down_write_slowpath+0x68a/0x11a0 [ 286.269543][ T27] ? __down_timeout+0x10/0x10 [ 286.275231][ T27] ? lock_release+0x780/0x780 [ 286.282442][ T27] down_write+0x135/0x150 [ 286.286816][ T27] ? down_write_killable+0x170/0x170 [ 286.300298][ T27] ? inode_security+0x105/0x130 [ 286.306156][ T27] blkdev_fallocate+0x1e2/0x410 [ 286.312889][ T27] ? blkdev_writepage+0x30/0x30 [ 286.318774][ T27] vfs_fallocate+0x487/0xe00 [ 286.323460][ T27] __x64_sys_fallocate+0xcf/0x140 [ 286.328517][ T27] do_syscall_64+0x35/0xb0 [ 286.333945][ T27] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 286.340823][ T27] RIP: 0033:0x7fd59937ce29 [ 286.350439][ T27] RSP: 002b:00007ffe9efbbb58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.359930][ T27] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fd59937ce29 [ 286.367978][ T27] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.376064][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.384619][ T27] R10: 7fffffffffffffff R11: 0000000000000246 R12: 00007fd599340600 [ 286.393097][ T27] R13: 0000000000000000 R14: 00007ffe9efbbb80 R15: 00007ffe9efbbb70 [ 286.401609][ T27] [ 286.405137][ T27] INFO: task syz-executor274:3619 blocked for more than 143 seconds. [ 286.413912][ T27] Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 286.422094][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.431305][ T27] task:syz-executor274 state:D stack:28208 pid: 3619 ppid: 3612 flags:0x00004004 [ 286.441482][ T27] Call Trace: [ 286.445298][ T27] [ 286.448283][ T27] __schedule+0xa00/0x4b50 [ 286.452752][ T27] ? find_held_lock+0x2d/0x110 [ 286.457547][ T27] ? io_schedule_timeout+0x140/0x140 [ 286.463385][ T27] ? mark_held_locks+0x9f/0xe0 [ 286.468575][ T27] schedule+0xd2/0x1f0 [ 286.473193][ T27] rwsem_down_write_slowpath+0x68a/0x11a0 [ 286.479334][ T27] ? __down_timeout+0x10/0x10 [ 286.484526][ T27] ? lock_release+0x780/0x780 [ 286.489665][ T27] down_write+0x135/0x150 [ 286.494450][ T27] ? down_write_killable+0x170/0x170 [ 286.500298][ T27] ? inode_security+0x105/0x130 [ 286.505235][ T27] blkdev_fallocate+0x1e2/0x410 [ 286.510117][ T27] ? blkdev_writepage+0x30/0x30 [ 286.515562][ T27] vfs_fallocate+0x487/0xe00 [ 286.520594][ T27] __x64_sys_fallocate+0xcf/0x140 [ 286.526153][ T27] do_syscall_64+0x35/0xb0 [ 286.530992][ T27] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 286.537472][ T27] RIP: 0033:0x7fd59937ce29 [ 286.542314][ T27] RSP: 002b:00007ffe9efbbb58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.551262][ T27] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fd59937ce29 [ 286.559690][ T27] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.567710][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.575861][ T27] R10: 7fffffffffffffff R11: 0000000000000246 R12: 00007fd599340600 [ 286.584038][ T27] R13: 0000000000000000 R14: 00007ffe9efbbb80 R15: 00007ffe9efbbb70 [ 286.592071][ T27] [ 286.595526][ T27] INFO: task syz-executor274:3636 blocked for more than 143 seconds. [ 286.604150][ T27] Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 286.612255][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.621648][ T27] task:syz-executor274 state:D stack:27616 pid: 3636 ppid: 3611 flags:0x00004004 [ 286.631446][ T27] Call Trace: [ 286.635266][ T27] [ 286.638605][ T27] __schedule+0xa00/0x4b50 [ 286.643461][ T27] ? find_held_lock+0x2d/0x110 [ 286.648257][ T27] ? rwsem_down_write_slowpath+0x5cc/0x11a0 [ 286.654223][ T27] ? io_schedule_timeout+0x140/0x140 [ 286.659674][ T27] ? mark_held_locks+0x9f/0xe0 [ 286.665013][ T27] schedule+0xd2/0x1f0 [ 286.669533][ T27] rwsem_down_write_slowpath+0x68a/0x11a0 [ 286.675713][ T27] ? __down_timeout+0x10/0x10 [ 286.680902][ T27] ? lock_release+0x780/0x780 [ 286.686113][ T27] down_write+0x135/0x150 [ 286.690857][ T27] ? down_write_killable+0x170/0x170 [ 286.696739][ T27] ? inode_security+0x105/0x130 [ 286.710757][ T27] blkdev_fallocate+0x1e2/0x410 [ 286.715711][ T27] ? blkdev_writepage+0x30/0x30 [ 286.720590][ T27] vfs_fallocate+0x487/0xe00 [ 286.727384][ T27] __x64_sys_fallocate+0xcf/0x140 [ 286.733415][ T27] do_syscall_64+0x35/0xb0 [ 286.738648][ T27] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 286.745584][ T27] RIP: 0033:0x7fd59937ce29 [ 286.750965][ T27] RSP: 002b:00007ffe9efbbb58 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.760268][ T27] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007fd59937ce29 [ 286.769266][ T27] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.784186][ T27] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.802599][ T27] R10: 7fffffffffffffff R11: 0000000000000246 R12: 000000000000c4c6 [ 286.811444][ T27] R13: 00007ffe9efbbb6c R14: 00007ffe9efbbb80 R15: 00007ffe9efbbb70 [ 286.821065][ T27] [ 286.825160][ T27] [ 286.825160][ T27] Showing all locks held in the system: [ 286.833757][ T27] 1 lock held by khungtaskd/27: [ 286.839532][ T27] #0: ffffffff8bd83b60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 [ 286.850473][ T27] 3 locks held by kworker/1:1H/108: [ 286.856816][ T27] 3 locks held by klogd/2965: [ 286.866503][ T27] 2 locks held by getty/3290: [ 286.871212][ T27] #0: ffff88814ab7d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x22/0x80 [ 286.886881][ T27] #1: ffffc90001c382e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xe50/0x13c0 [ 286.898043][ T27] 1 lock held by syz-executor274/3613: [ 286.904547][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.917071][ T27] 1 lock held by syz-executor274/3618: [ 286.925882][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.946892][ T27] 1 lock held by syz-executor274/3619: [ 286.953374][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.964996][ T27] 1 lock held by syz-executor274/3636: [ 286.971393][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 286.983112][ T27] 1 lock held by syz-executor274/3637: [ 286.989433][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 287.001072][ T27] 1 lock held by syz-executor274/3644: [ 287.007575][ T27] #0: ffff88814056a9c0 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e2/0x410 [ 287.028746][ T27] [ 287.034356][ T27] ============================================= [ 287.034356][ T27] [ 287.043803][ T27] NMI backtrace for cpu 0 [ 287.048141][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 287.058142][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 287.068558][ T27] Call Trace: [ 287.071857][ T27] [ 287.074799][ T27] dump_stack_lvl+0xcd/0x134 [ 287.079448][ T27] nmi_cpu_backtrace.cold+0x47/0x144 [ 287.084757][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.089980][ T27] nmi_trigger_cpumask_backtrace+0x1e6/0x230 [ 287.096031][ T27] watchdog+0xc1d/0xf50 [ 287.100209][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.106217][ T27] kthread+0x2e9/0x3a0 [ 287.110311][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.116135][ T27] ret_from_fork+0x1f/0x30 [ 287.120579][ T27] [ 287.123815][ T27] Sending NMI from CPU 0 to CPUs 1: [ 287.129042][ C1] NMI backtrace for cpu 1 [ 287.129052][ C1] CPU: 1 PID: 2965 Comm: klogd Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 287.129072][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 287.129083][ C1] RIP: 0010:lock_release+0x124/0x780 [ 287.129111][ C1] Code: 85 e8 02 00 00 65 4c 8b 34 25 80 6f 02 00 49 8d be 5c 0a 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 <48> 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 a4 05 00 00 45 [ 287.129134][ C1] RSP: 0018:ffffc9000306f6b8 EFLAGS: 00000807 [ 287.129149][ C1] RAX: dffffc0000000000 RBX: ffffffff8dbb264c RCX: 0000000000000001 [ 287.129162][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff88807cd92bdc [ 287.129173][ C1] RBP: 1ffff9200060ded9 R08: 0000000000000000 R09: ffffffff8dbaf297 [ 287.129185][ C1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8880b9b357a0 [ 287.129196][ C1] R13: 0000000000000001 R14: ffff88807cd92180 R15: 0000000000000000 [ 287.129208][ C1] FS: 00007fa832290800(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 [ 287.129227][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.129239][ C1] CR2: 000055a578ea0000 CR3: 000000007cc59000 CR4: 00000000003506e0 [ 287.129251][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.129261][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.129273][ C1] Call Trace: [ 287.129277][ C1] [ 287.129283][ C1] ? free_unref_page+0x32d/0x6a0 [ 287.129301][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 287.129322][ C1] ? page_alloc_cpu_dead+0x120/0x120 [ 287.129345][ C1] free_unref_page+0x344/0x6a0 [ 287.129362][ C1] slabs_destroy+0x89/0xc0 [ 287.129382][ C1] ___cache_free+0x34e/0x670 [ 287.129399][ C1] ? qlist_free_all+0xaf/0x1b0 [ 287.129421][ C1] qlist_free_all+0x4f/0x1b0 [ 287.129442][ C1] kasan_quarantine_reduce+0x180/0x200 [ 287.129465][ C1] __kasan_slab_alloc+0x97/0xb0 [ 287.129485][ C1] kmem_cache_alloc_node+0x2ea/0x590 [ 287.129505][ C1] __alloc_skb+0x215/0x340 [ 287.129532][ C1] alloc_skb_with_frags+0x93/0x730 [ 287.129551][ C1] ? avc_has_perm_noaudit+0x1f0/0x390 [ 287.129571][ C1] ? avc_has_extended_perms+0xee0/0xee0 [ 287.129590][ C1] sock_alloc_send_pskb+0x793/0x920 [ 287.129636][ C1] ? sock_wmalloc+0x120/0x120 [ 287.129655][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 287.129676][ C1] ? do_raw_spin_lock+0x120/0x2a0 [ 287.129693][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 287.129710][ C1] unix_dgram_sendmsg+0x425/0x1ad0 [ 287.129739][ C1] ? tomoyo_socket_sendmsg_permission+0x130/0x3a0 [ 287.129759][ C1] ? tomoyo_socket_bind_permission+0x330/0x330 [ 287.129778][ C1] ? unix_stream_sendpage+0xcc0/0xcc0 [ 287.129799][ C1] ? unix_stream_sendpage+0xcc0/0xcc0 [ 287.129818][ C1] sock_sendmsg+0xcf/0x120 [ 287.129835][ C1] __sys_sendto+0x21a/0x320 [ 287.129852][ C1] ? __ia32_sys_getpeername+0xb0/0xb0 [ 287.129873][ C1] ? __context_tracking_exit+0xb8/0xe0 [ 287.129894][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 287.129915][ C1] ? lock_downgrade+0x6e0/0x6e0 [ 287.129935][ C1] ? restore_fpregs_from_fpstate+0xcc/0x1e0 [ 287.129957][ C1] __x64_sys_sendto+0xdd/0x1b0 [ 287.129975][ C1] ? lockdep_hardirqs_on+0x79/0x100 [ 287.129993][ C1] ? syscall_enter_from_user_mode+0x21/0x70 [ 287.130014][ C1] do_syscall_64+0x35/0xb0 [ 287.130030][ C1] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 287.130053][ C1] RIP: 0033:0x7fa83242c0ac [ 287.130066][ C1] Code: 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 19 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 64 c3 0f 1f 00 55 48 83 ec 20 48 89 54 24 10 [ 287.130083][ C1] RSP: 002b:00007ffdb6f6fbb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 287.130100][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa83242c0ac [ 287.130112][ C1] RDX: 000000000000004e RSI: 00005588c8440100 RDI: 0000000000000003 [ 287.130123][ C1] RBP: 00005588c843a2c0 R08: 0000000000000000 R09: 0000000000000000 [ 287.130139][ C1] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000014 [ 287.130150][ C1] R13: 0000000000000001 R14: 00007fa8325a777d R15: 00007ffdb6f6fcc8 [ 287.130164][ C1] [ 287.130171][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.129 msecs [ 287.131447][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 287.551708][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.19.0-rc5-syzkaller-00105-g9f09069cde34 #0 [ 287.561607][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 287.571833][ T27] Call Trace: [ 287.575102][ T27] [ 287.578069][ T27] dump_stack_lvl+0xcd/0x134 [ 287.582654][ T27] panic+0x2d7/0x636 [ 287.586538][ T27] ? panic_print_sys_info.part.0+0x10b/0x10b [ 287.592594][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.597878][ T27] ? preempt_schedule_thunk+0x16/0x18 [ 287.603241][ T27] ? watchdog.cold+0x130/0x158 [ 287.608021][ T27] watchdog.cold+0x141/0x158 [ 287.612603][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.618658][ T27] kthread+0x2e9/0x3a0 [ 287.622714][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.628336][ T27] ret_from_fork+0x1f/0x30 [ 287.632762][ T27] [ 287.636027][ T27] Kernel Offset: disabled [ 287.640363][ T27] Rebooting in 86400 seconds..