./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1612066894 <...> Warning: Permanently added '10.128.1.28' (ECDSA) to the list of known hosts. execve("./syz-executor1612066894", ["./syz-executor1612066894"], 0x7ffeceded360 /* 10 vars */) = 0 brk(NULL) = 0x555555a1d000 brk(0x555555a1dc40) = 0x555555a1dc40 arch_prctl(ARCH_SET_FS, 0x555555a1d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1612066894", 4096) = 28 brk(0x555555a3ec40) = 0x555555a3ec40 brk(0x555555a3f000) = 0x555555a3f000 mprotect(0x7fe965de0000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a1d5d0) = 3609 ./strace-static-x86_64: Process 3609 attached [pid 3609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3609] setpgid(0, 0) = 0 [pid 3609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3609] write(3, "1000", 4) = 4 [pid 3609] close(3) = 0 [pid 3609] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 3 [pid 3609] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY) = 4 [pid 3609] socketpair(AF_UNIX, SOCK_STREAM, 0, [5, 6]) = 0 [pid 3609] ioctl(4, NBD_SET_SOCK, 5) = 0 [pid 3609] ioctl(3, NBD_SET_SIZE_BLOCKS, 17) = 0 syzkaller login: [ 38.331649][ T3609] nbd0: detected capacity change from 0 to 34 [pid 3609] ioctl(4, NBD_DO_IT [pid 3608] kill(-3609, SIGKILL) = 0 [pid 3608] kill(3609, SIGKILL [pid 3609] <... ioctl resumed>) = ? [pid 3608] <... kill resumed>) = 0 [ 43.266535][ T3609] block nbd0: shutting down sockets [pid 3608] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 3608] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 3608] getdents64(3, 0x555555a1e620 /* 2 entries */, 32768) = 48 [pid 3608] getdents64(3, 0x555555a1e620 /* 0 entries */, 32768) = 0 [pid 3608] close(3) = 0 [ 68.510558][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 30 seconds [ 76.190706][ T14] cfg80211: failed to load regulatory.db [ 98.395255][ T2974] udevd[2974]: worker [3611] /devices/virtual/block/nbd0 is taking a long time [ 98.590241][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 60 seconds [ 128.670263][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 90 seconds [ 158.750193][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 120 seconds [ 188.830255][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 150 seconds [ 218.910186][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 180 seconds [ 219.320345][ T2974] udevd[2974]: worker [3611] /devices/virtual/block/nbd0 timeout; kill it [ 219.329186][ T2974] udevd[2974]: seq 7481 '/devices/virtual/block/nbd0' killed [ 248.990269][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 210 seconds [ 279.070189][ T9] block nbd0: Possible stuck request ffff88801e878000: control (read@0,4096B). Runtime 240 seconds [ 286.110203][ T28] INFO: task syz-executor161:3609 blocked for more than 143 seconds. [ 286.118373][ T28] Not tainted 6.0.0-rc3-next-20220829-syzkaller #0 [ 286.125454][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.134147][ T28] task:syz-executor161 state:D stack:28128 pid:3609 ppid:3608 flags:0x00004006 [ 286.143443][ T28] Call Trace: [ 286.146735][ T28] [ 286.149662][ T28] __schedule+0xae5/0x52c0 [ 286.154203][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.159161][ T28] ? rcu_read_lock_sched_held+0xd/0x70 [ 286.164652][ T28] ? lock_release+0x560/0x780 [ 286.169334][ T28] ? io_schedule_timeout+0x140/0x140 [ 286.174662][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.179612][ T28] schedule+0xda/0x1b0 [ 286.183715][ T28] schedule_preempt_disabled+0xf/0x20 [ 286.189101][ T28] __mutex_lock+0xa44/0x1350 [ 286.193741][ T28] ? blkdev_put+0xbc/0x770 [ 286.198235][ T28] ? mutex_lock_io_nested+0x1190/0x1190 [ 286.203829][ T28] ? locks_check_ctx_file_list+0x1d/0x110 [ 286.209579][ T28] ? trace_hardirqs_on+0x2d/0x120 [ 286.214632][ T28] ? do_raw_spin_unlock+0x171/0x230 [ 286.219839][ T28] ? _raw_spin_unlock+0x24/0x40 [ 286.224718][ T28] ? locks_remove_file+0x2f7/0x570 [ 286.229838][ T28] blkdev_put+0xbc/0x770 [ 286.234113][ T28] blkdev_close+0x64/0x80 [ 286.238505][ T28] __fput+0x27c/0xa90 [ 286.242513][ T28] ? blkdev_fsync+0xa0/0xa0 [ 286.247026][ T28] task_work_run+0x16b/0x270 [ 286.251656][ T28] ? task_work_cancel+0x30/0x30 [ 286.256518][ T28] ? do_raw_spin_unlock+0x171/0x230 [ 286.261764][ T28] do_exit+0xc3f/0x2b60 [ 286.265934][ T28] ? rcu_read_lock_sched_held+0xd/0x70 [ 286.271569][ T28] ? lock_release+0x560/0x780 [ 286.276273][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.281155][ T28] ? get_signal+0x93b/0x2610 [ 286.285760][ T28] ? mm_update_next_owner+0x7b0/0x7b0 [ 286.291163][ T28] ? do_raw_spin_lock+0x120/0x2a0 [ 286.296197][ T28] ? rwlock_bug.part.0+0x90/0x90 [ 286.301163][ T28] do_group_exit+0xd0/0x2a0 [ 286.305693][ T28] get_signal+0x238c/0x2610 [ 286.310224][ T28] ? map_id_up+0x178/0x2f0 [ 286.314653][ T28] ? exit_signals+0x8b0/0x8b0 [ 286.319321][ T28] ? lock_release+0x560/0x780 [ 286.324027][ T28] ? __task_pid_nr_ns+0x168/0x4b0 [ 286.329069][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.333976][ T28] arch_do_signal_or_restart+0x82/0x2300 [ 286.339625][ T28] ? from_kuid+0xc0/0xc0 [ 286.344014][ T28] ? __task_pid_nr_ns+0x18a/0x4b0 [ 286.349063][ T28] ? get_sigframe_size+0x10/0x10 [ 286.354041][ T28] ? ptrace_notify+0xfa/0x140 [ 286.358756][ T28] ? lock_downgrade+0x6e0/0x6e0 [ 286.363637][ T28] ? send_sig+0xfe/0x160 [ 286.367889][ T28] ? send_sig_info+0x140/0x140 [ 286.372676][ T28] ? trace_hardirqs_on+0x2d/0x120 [ 286.377713][ T28] exit_to_user_mode_prepare+0x15f/0x250 [ 286.383426][ T28] syscall_exit_to_user_mode+0x19/0x50 [ 286.388906][ T28] do_syscall_64+0x42/0xb0 [ 286.393440][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.399352][ T28] RIP: 0033:0x7fe965d736a9 [ 286.403823][ T28] RSP: 002b:00007fff9603c618 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.412265][ T28] RAX: fffffffffffffe00 RBX: 0000000000000000 RCX: 00007fe965d736a9 [ 286.420266][ T28] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000004 [ 286.428243][ T28] RBP: 0000000000000000 R08: 00007fff9603c7b8 R09: 00007fff9603c7b8 [ 286.436241][ T28] R10: 00007fff9603c7b8 R11: 0000000000000246 R12: 00007fe965d32730 [ 286.444240][ T28] R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000 [ 286.452236][ T28] [ 286.455304][ T28] NMI backtrace for cpu 1 [ 286.459644][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc3-next-20220829-syzkaller #0 [ 286.468918][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.478957][ T28] Call Trace: [ 286.482221][ T28] [ 286.485152][ T28] dump_stack_lvl+0xcd/0x134 [ 286.489813][ T28] nmi_cpu_backtrace.cold+0x46/0x14f [ 286.495094][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.500302][ T28] nmi_trigger_cpumask_backtrace+0x206/0x250 [ 286.506294][ T28] watchdog+0xcf7/0xfd0 [ 286.510454][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.516446][ T28] kthread+0x2e4/0x3a0 [ 286.520518][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.526155][ T28] ret_from_fork+0x1f/0x30 [ 286.530592][ T28] [ 286.533702][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.538969][ C0] NMI backtrace for cpu 0 [ 286.538980][ C0] CPU: 0 PID: 56 Comm: kworker/u4:4 Not tainted 6.0.0-rc3-next-20220829-syzkaller #0 [ 286.539000][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.539011][ C0] Workqueue: events_unbound toggle_allocation_gate [ 286.539034][ C0] RIP: 0010:insn_get_prefixes.part.0+0x8f6/0x1200 [ 286.539072][ C0] Code: df 48 89 fa 48 c1 ea 03 0f b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 34 08 00 00 48 8b 04 24 48 8d 78 04 c6 40 14 01 <48> b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 0f b6 04 02 48 [ 286.539088][ C0] RSP: 0018:ffffc90001577910 EFLAGS: 00000246 [ 286.539102][ C0] RAX: ffffc90001577a78 RBX: 0000000000000000 RCX: 0000000000000000 [ 286.539113][ C0] RDX: 0000000000000004 RSI: ffffffff842a086b RDI: ffffc90001577a7c [ 286.539126][ C0] RBP: ffffc90001577acb R08: 0000000000000005 R09: 0000000000000002 [ 286.539136][ C0] R10: 00000000fffffff3 R11: 0000000000000001 R12: 000000000000000f [ 286.539147][ C0] R13: 00000000fffffff3 R14: 000000000000000f R15: 000000000000001f [ 286.539158][ C0] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 286.539175][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.539187][ C0] CR2: 00007fffc892e438 CR3: 000000000bc8e000 CR4: 00000000003506f0 [ 286.539199][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.539209][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.539220][ C0] Call Trace: [ 286.539225][ C0] [ 286.539234][ C0] insn_get_modrm+0x646/0x7c0 [ 286.539254][ C0] insn_get_sib+0x29c/0x330 [ 286.539271][ C0] insn_get_displacement+0x346/0x6c0 [ 286.539290][ C0] insn_decode+0x35b/0x3b0 [ 286.539306][ C0] ? kmem_cache_alloc+0x120/0x3d0 [ 286.539329][ C0] text_poke_loc_init+0xa6/0x450 [ 286.539347][ C0] ? arch_jump_label_transform_queue+0x58/0x100 [ 286.539374][ C0] ? text_poke_memcpy+0x10/0x10 [ 286.539397][ C0] ? kmem_cache_alloc+0x120/0x3d0 [ 286.539417][ C0] ? __jump_label_patch+0x173/0x330 [ 286.539443][ C0] arch_jump_label_transform_queue+0x94/0x100 [ 286.539471][ C0] __jump_label_update+0x12e/0x410 [ 286.539496][ C0] jump_label_update+0x32f/0x410 [ 286.539520][ C0] static_key_disable_cpuslocked+0x152/0x1b0 [ 286.539543][ C0] static_key_disable+0x16/0x20 [ 286.539565][ C0] toggle_allocation_gate+0x183/0x390 [ 286.539584][ C0] ? lock_release+0x780/0x780 [ 286.539603][ C0] ? wake_up_kfence_timer+0x20/0x20 [ 286.539621][ C0] ? trace_hardirqs_on+0x2d/0x120 [ 286.539639][ C0] ? finish_task_switch.isra.0+0x2b5/0xc80 [ 286.539660][ C0] ? read_word_at_a_time+0xe/0x20 [ 286.539680][ C0] ? strscpy+0xa1/0x2a0 [ 286.539698][ C0] process_one_work+0x991/0x1610 [ 286.539727][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.539752][ C0] ? rwlock_bug.part.0+0x90/0x90 [ 286.539776][ C0] worker_thread+0x665/0x1080 [ 286.539802][ C0] ? __kthread_parkme+0x15f/0x220 [ 286.539822][ C0] ? process_one_work+0x1610/0x1610 [ 286.539846][ C0] kthread+0x2e4/0x3a0 [ 286.539865][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 286.539887][ C0] ret_from_fork+0x1f/0x30 [ 286.539916][ C0] [ 286.539964][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 286.853847][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.0.0-rc3-next-20220829-syzkaller #0 [ 286.863125][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 286.873172][ T28] Call Trace: [ 286.876447][ T28] [ 286.879373][ T28] dump_stack_lvl+0xcd/0x134 [ 286.883973][ T28] panic+0x2c8/0x627 [ 286.887894][ T28] ? panic_print_sys_info.part.0+0x110/0x110 [ 286.893875][ T28] ? irq_work_claim+0x76/0x90 [ 286.898552][ T28] ? lapic_can_unplug_cpu+0x80/0x80 [ 286.903752][ T28] ? irq_work_queue+0x29/0x80 [ 286.908427][ T28] ? watchdog.cold+0x135/0x426 [ 286.913204][ T28] watchdog.cold+0x146/0x426 [ 286.917796][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.923784][ T28] kthread+0x2e4/0x3a0 [ 286.927852][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.933487][ T28] ret_from_fork+0x1f/0x30 [ 286.937914][ T28] [ 286.940985][ T28] Kernel Offset: disabled [ 286.945305][ T28] Rebooting in 86400 seconds..