./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2438149409 <...> [ 54.816611][ T26] audit: type=1400 audit(1670038265.381:69): avc: denied { read write } for pid=3313 comm="getty" name="utmp" dev="tmpfs" ino=2 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.840502][ T26] audit: type=1400 audit(1670038265.381:70): avc: denied { open } for pid=3313 comm="getty" path="/run/utmp" dev="tmpfs" ino=2 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.862627][ T26] audit: type=1400 audit(1670038265.381:71): avc: denied { lock } for pid=3313 comm="getty" path="/run/utmp" dev="tmpfs" ino=2 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 54.884613][ T26] audit: type=1400 audit(1670038265.381:72): avc: denied { read } for pid=3313 comm="getty" name="log" dev="sda1" ino=1125 scontext=system_u:system_r:getty_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 syzkaller syzkaller login: [ 69.603745][ T26] audit: type=1400 audit(1670038280.171:73): avc: denied { transition } for pid=3584 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 69.647196][ T26] audit: type=1400 audit(1670038280.211:74): avc: denied { write } for pid=3584 comm="sh" path="pipe:[28219]" dev="pipefs" ino=28219 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.74' (ECDSA) to the list of known hosts. execve("./syz-executor2438149409", ["./syz-executor2438149409"], 0x7ffc32b9cec0 /* 10 vars */) = 0 brk(NULL) = 0x5555574cc000 brk(0x5555574ccc40) = 0x5555574ccc40 arch_prctl(ARCH_SET_FS, 0x5555574cc300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555574cc5d0) = 3634 set_robust_list(0x5555574cc5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8180d7d7d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8180d7dea0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8180d7d870, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8180d7dea0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2438149409", 4096) = 28 brk(0x5555574edc40) = 0x5555574edc40 brk(0x5555574ee000) = 0x5555574ee000 mprotect(0x7f8180e41000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555574cc5d0) = 3635 ./strace-static-x86_64: Process 3635 attached [pid 3635] set_robust_list(0x5555574cc5e0, 24) = 0 [pid 3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 3635] setpgid(0, 0) = 0 [pid 3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 3635] write(3, "1000", 4) = 4 [pid 3635] close(3) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8180d4d000 [pid 3635] mprotect(0x7f8180d4e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3635] clone(child_stack=0x7f8180d6d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3636], tls=0x7f8180d6d700, child_tidptr=0x7f8180d6d9d0) = 3636 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3636 attached [pid 3636] set_robust_list(0x7f8180d6d9e0, 24) = 0 [pid 3636] mkdirat(AT_FDCWD, "./file0", 000) = 0 [pid 3636] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3636] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... openat resumed>) = 3 [pid 3636] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3636] futex(0x7f8180e474c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 0 [ 81.631740][ T26] audit: type=1400 audit(1670038292.201:75): avc: denied { execmem } for pid=3634 comm="syz-executor243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [pid 3636] mount(NULL, "./file0", "fuse", 0, "fd=0x0000000000000003,rootmode=00000000000000000040000,user_id=00000000000000000000,group_id=0000000"...) = 0 [pid 3636] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [pid 3636] pivot_root("./file0", "./file0") = 0 [pid 3636] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [pid 3636] read(3, "\x68\x00\x00\x00\x1a\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x25\x00\x00\x00\x00\x00\x02\x00\xfb\xff\xff\x73\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 8224) = 104 [pid 3636] futex(0x7f8180e474cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8180e474cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3636] <... futex resumed>) = 1 [ 81.666291][ T26] audit: type=1400 audit(1670038292.231:76): avc: denied { read write } for pid=3635 comm="syz-executor243" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 81.706272][ T26] audit: type=1400 audit(1670038292.231:77): avc: denied { open } for pid=3635 comm="syz-executor243" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [pid 3636] openat(AT_FDCWD, "/dev/fuse", O_RDWR|O_CREAT, 000 [pid 3635] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 3635] futex(0x7f8180e474dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8180d2c000 [pid 3635] mprotect(0x7f8180d2d000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 3635] clone(child_stack=0x7f8180d4c3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3638], tls=0x7f8180d4c700, child_tidptr=0x7f8180d4c9d0) = 3638 [pid 3635] futex(0x7f8180e474d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 3635] futex(0x7f8180e474dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 3638 attached [pid 3638] set_robust_list(0x7f8180d4c9e0, 24) = 0 [pid 3638] write(3, "\x50\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x15\x30\x02\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80 [pid 3638] futex(0x7f8180e474dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3638] futex(0x7f8180e474d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 3635] <... futex resumed>) = 0 [pid 3635] futex(0x7f8180e474d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 3638] <... futex resumed>) = 0 [pid 3635] <... futex resumed>) = 1 [pid 3638] read(3, [pid 3635] futex(0x7f8180e474dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 3638] <... read resumed>"\x2c\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\x0b\x00\x00\x00\x00\x00\x00\x72\x75\x6e\x00", 8192) = 44 [pid 3638] futex(0x7f8180e474dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 3635] <... futex resumed>) = 0 [pid 3638] write(3, "\x2c\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\xf4\x31\x03\x00\x00\x00\x00\x00\x00\x00\x28\x39\x5c\x00", 44 [pid 3635] futex(0x7f8180e474d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.730330][ T26] audit: type=1400 audit(1670038292.231:78): avc: denied { mounton } for pid=3635 comm="syz-executor243" path="/root/file0" dev="sda1" ino=1138 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 81.753429][ T26] audit: type=1400 audit(1670038292.231:79): avc: denied { mount } for pid=3635 comm="syz-executor243" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [pid 3635] futex(0x7f8180e474dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 3635] futex(0x7f8180e474dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 3635] exit_group(0) = ? [ 83.545480][ T26] audit: type=1400 audit(1670038294.111:80): avc: denied { search } for pid=2978 comm="syslogd" name="/" dev="fuse" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 86.539149][ T25] cfg80211: failed to load regulatory.db [pid 3634] kill(-3635, SIGKILL) = 0 [pid 3634] kill(3635, SIGKILL) = 0 [ 286.217212][ T27] INFO: task syslogd:2978 blocked for more than 143 seconds. [ 286.224858][ T27] Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 286.232625][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.241390][ T27] task:syslogd state:D stack:25584 pid:2978 ppid:1 flags:0x00000000 [ 286.250791][ T27] Call Trace: [ 286.254173][ T27] [ 286.257159][ T27] __schedule+0xae9/0x53f0 [ 286.261655][ T27] ? find_held_lock+0x2d/0x110 [ 286.267320][ T27] ? io_schedule_timeout+0x150/0x150 [ 286.272793][ T27] schedule+0xde/0x1b0 [ 286.276921][ T27] rwsem_down_read_slowpath+0x5a7/0xb20 [ 286.282775][ T27] ? down_write+0x220/0x220 [ 286.287396][ T27] ? lock_release+0x810/0x810 [ 286.292131][ T27] down_read+0xe6/0x450 [ 286.296416][ T27] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 286.302228][ T27] ? lookup_fast+0x14e/0x520 [ 286.307030][ T27] walk_component+0x332/0x5a0 [ 286.311765][ T27] link_path_walk.part.0+0x74e/0xe20 [ 286.317408][ T27] ? walk_component+0x5a0/0x5a0 [ 286.322398][ T27] ? percpu_counter_add_batch+0xc1/0x180 [ 286.328338][ T27] path_openat+0x262/0x2860 [ 286.332929][ T27] ? path_lookupat+0x840/0x840 [ 286.337862][ T27] do_filp_open+0x1ba/0x410 [ 286.342427][ T27] ? may_open_dev+0xf0/0xf0 [ 286.347066][ T27] ? find_held_lock+0x2d/0x110 [ 286.351910][ T27] ? do_raw_spin_lock+0x124/0x2b0 [ 286.357038][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 286.362012][ T27] ? _raw_spin_unlock+0x28/0x40 [ 286.366906][ T27] ? alloc_fd+0x2d8/0x6d0 [ 286.371348][ T27] do_sys_openat2+0x16d/0x4c0 [ 286.376242][ T27] ? build_open_flags+0x6f0/0x6f0 [ 286.381369][ T27] ? blkcg_maybe_throttle_current+0x31f/0xc80 [ 286.387599][ T27] __x64_sys_openat+0x143/0x1f0 [ 286.392481][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.397494][ T27] ? syscall_enter_from_user_mode+0x26/0xb0 [ 286.403431][ T27] do_syscall_64+0x39/0xb0 [ 286.407944][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.413876][ T27] RIP: 0033:0x7fd5c0d30697 [ 286.418335][ T27] RSP: 002b:00007ffd96d21490 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.426767][ T27] RAX: ffffffffffffffda RBX: 000055c5330062c0 RCX: 00007fd5c0d30697 [ 286.434836][ T27] RDX: 0000000000000d41 RSI: 00007fd5c0ebe99a RDI: 00000000ffffff9c [ 286.442863][ T27] RBP: 00007fd5c0ebe99a R08: 00007fd5c0dc0040 R09: 00007fd5c0dc00c0 [ 286.451004][ T27] R10: 00000000000001b6 R11: 0000000000000246 R12: 0000000000000d41 [ 286.459043][ T27] R13: 000055c533006400 R14: 0000000000000003 R15: 000055c533006410 [ 286.467161][ T27] [ 286.470206][ T27] INFO: task syz-executor243:3634 blocked for more than 143 seconds. [ 286.478319][ T27] Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 286.485885][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.494605][ T27] task:syz-executor243 state:D stack:26728 pid:3634 ppid:3631 flags:0x00004000 [ 286.503916][ T27] Call Trace: [ 286.507294][ T27] [ 286.510243][ T27] __schedule+0xae9/0x53f0 [ 286.514683][ T27] ? find_held_lock+0x2d/0x110 [ 286.519550][ T27] ? io_schedule_timeout+0x150/0x150 [ 286.525228][ T27] schedule+0xde/0x1b0 [ 286.529531][ T27] rwsem_down_read_slowpath+0x5a7/0xb20 [ 286.535879][ T27] ? down_write+0x220/0x220 [ 286.540477][ T27] ? lock_release+0x810/0x810 [ 286.545318][ T27] down_read+0xe6/0x450 [ 286.549560][ T27] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 286.555306][ T27] ? lookup_fast+0x14e/0x520 [ 286.559946][ T27] walk_component+0x332/0x5a0 [ 286.564666][ T27] link_path_walk.part.0+0x74e/0xe20 [ 286.570051][ T27] ? walk_component+0x5a0/0x5a0 [ 286.575028][ T27] ? percpu_counter_add_batch+0xc1/0x180 [ 286.580829][ T27] path_openat+0x262/0x2860 [ 286.585503][ T27] ? path_lookupat+0x840/0x840 [ 286.590387][ T27] do_filp_open+0x1ba/0x410 [ 286.596161][ T27] ? may_open_dev+0xf0/0xf0 [ 286.600754][ T27] ? find_held_lock+0x2d/0x110 [ 286.605557][ T27] ? do_raw_spin_lock+0x124/0x2b0 [ 286.610683][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 286.615654][ T27] ? _raw_spin_unlock+0x28/0x40 [ 286.620652][ T27] ? alloc_fd+0x2d8/0x6d0 [ 286.625032][ T27] do_sys_openat2+0x16d/0x4c0 [ 286.629850][ T27] ? build_open_flags+0x6f0/0x6f0 [ 286.634920][ T27] ? ptrace_notify+0xfe/0x140 [ 286.639692][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.644664][ T27] __x64_sys_openat+0x143/0x1f0 [ 286.649594][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.654560][ T27] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.659902][ T27] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.665208][ T27] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.670910][ T27] ? ptrace_notify+0xfe/0x140 [ 286.675621][ T27] do_syscall_64+0x39/0xb0 [ 286.680171][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.686207][ T27] RIP: 0033:0x7f8180dbbd78 [ 286.690946][ T27] RSP: 002b:00007ffd24db6db0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101 [ 286.699572][ T27] RAX: ffffffffffffffda RBX: 00007ffd24db6e20 RCX: 00007f8180dbbd78 [ 286.707621][ T27] RDX: 0000000000090800 RSI: 00007f8180e12004 RDI: 00000000ffffff9c [ 286.715630][ T27] RBP: 0000000000000e33 R08: 0000000000090800 R09: 00007f8180e12004 [ 286.723712][ T27] R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffd24db6fa4 [ 286.731755][ T27] R13: 00007ffd24db6fa4 R14: 0000000000000000 R15: 0000000000000000 [ 286.739774][ T27] [ 286.742814][ T27] INFO: task syz-executor243:3636 blocked for more than 143 seconds. [ 286.750936][ T27] Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 286.758620][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.767337][ T27] task:syz-executor243 state:D stack:26600 pid:3636 ppid:3634 flags:0x00004004 [ 286.776583][ T27] Call Trace: [ 286.779941][ T27] [ 286.782891][ T27] __schedule+0xae9/0x53f0 [ 286.787472][ T27] ? io_schedule_timeout+0x150/0x150 [ 286.792783][ T27] schedule+0xde/0x1b0 [ 286.796880][ T27] schedule_preempt_disabled+0x13/0x20 [ 286.802414][ T27] __mutex_lock+0xa48/0x1360 [ 286.807072][ T27] ? fuse_lock_inode+0xd2/0x110 [ 286.811994][ T27] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 286.817665][ T27] ? find_held_lock+0x2d/0x110 [ 286.822509][ T27] ? d_alloc_parallel+0x7b3/0x1410 [ 286.827792][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.832706][ T27] fuse_lock_inode+0xd2/0x110 [ 286.838535][ T27] fuse_lookup.part.0+0x86/0x390 [ 286.843691][ T27] ? fuse_lookup_name+0x630/0x630 [ 286.848843][ T27] ? d_alloc_parallel+0x694/0x1410 [ 286.854004][ T27] ? __d_lookup_rcu+0x4c0/0x4c0 [ 286.859043][ T27] ? lockdep_init_map_type+0x21e/0x800 [ 286.864755][ T27] ? lockdep_init_map_type+0x21e/0x800 [ 286.870503][ T27] fuse_lookup+0x74/0x90 [ 286.874816][ T27] __lookup_slow+0x24c/0x460 [ 286.879474][ T27] ? __lookup_hash+0x180/0x180 [ 286.884271][ T27] ? irq_entries_start+0x70/0xcc0 [ 286.889378][ T27] ? irq_entries_start+0x70/0xcc0 [ 286.894436][ T27] ? lookup_fast+0x14e/0x520 [ 286.899093][ T27] walk_component+0x33f/0x5a0 [ 286.903795][ T27] link_path_walk.part.0+0x74e/0xe20 [ 286.909156][ T27] ? walk_component+0x5a0/0x5a0 [ 286.914031][ T27] ? percpu_counter_add_batch+0xc1/0x180 [ 286.919807][ T27] path_openat+0x262/0x2860 [ 286.924785][ T27] ? path_lookupat+0x840/0x840 [ 286.929612][ T27] do_filp_open+0x1ba/0x410 [ 286.934248][ T27] ? may_open_dev+0xf0/0xf0 [ 286.938929][ T27] ? find_held_lock+0x2d/0x110 [ 286.943770][ T27] ? do_raw_spin_lock+0x124/0x2b0 [ 286.948915][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 286.953900][ T27] ? _raw_spin_unlock+0x28/0x40 [ 286.958815][ T27] ? alloc_fd+0x2d8/0x6d0 [ 286.963185][ T27] do_sys_openat2+0x16d/0x4c0 [ 286.967965][ T27] ? build_open_flags+0x6f0/0x6f0 [ 286.973039][ T27] ? ptrace_notify+0xfe/0x140 [ 286.977827][ T27] ? lock_downgrade+0x6e0/0x6e0 [ 286.982742][ T27] __x64_sys_openat+0x143/0x1f0 [ 286.987753][ T27] ? __ia32_sys_open+0x1c0/0x1c0 [ 286.992743][ T27] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.998029][ T27] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.003252][ T27] ? _raw_spin_unlock_irq+0x2e/0x50 [ 287.008581][ T27] ? ptrace_notify+0xfe/0x140 [ 287.013417][ T27] do_syscall_64+0x39/0xb0 [ 287.017916][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.023868][ T27] RIP: 0033:0x7f8180dbc0a9 [ 287.028394][ T27] RSP: 002b:00007f8180d6d2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 287.036887][ T27] RAX: ffffffffffffffda RBX: 00007f8180e474c0 RCX: 00007f8180dbc0a9 [ 287.044988][ T27] RDX: 0000000000000042 RSI: 0000000020002080 RDI: ffffffffffffff9c [ 287.053273][ T27] RBP: 00007f8180e14084 R08: 0000000000000065 R09: 0000000000000000 [ 287.061336][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000065 [ 287.069374][ T27] R13: 00007f8180e140a8 R14: 31f4000000000002 R15: 00007f8180e474c8 [ 287.077401][ T27] [ 287.080445][ T27] INFO: task syz-executor243:3638 blocked for more than 144 seconds. [ 287.088907][ T27] Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 287.096548][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 287.105251][ T27] task:syz-executor243 state:D stack:28832 pid:3638 ppid:3634 flags:0x00004004 [ 287.114564][ T27] Call Trace: [ 287.117892][ T27] [ 287.120861][ T27] __schedule+0xae9/0x53f0 [ 287.125303][ T27] ? find_held_lock+0x2d/0x110 [ 287.130146][ T27] ? io_schedule_timeout+0x150/0x150 [ 287.135449][ T27] ? mark_held_locks+0x9f/0xe0 [ 287.140533][ T27] schedule+0xde/0x1b0 [ 287.144628][ T27] rwsem_down_write_slowpath+0x600/0x12e0 [ 287.150549][ T27] ? down_timeout+0x90/0x90 [ 287.155149][ T27] ? lock_release+0x810/0x810 [ 287.160245][ T27] down_write_nested+0x1ec/0x220 [ 287.165234][ T27] ? up_read+0x20/0x20 [ 287.169393][ T27] ? down_read+0x19c/0x450 [ 287.173897][ T27] ? rwsem_down_read_slowpath+0xb20/0xb20 [ 287.179703][ T27] fuse_reverse_inval_entry+0x55/0x550 [ 287.185206][ T27] fuse_dev_do_write+0x25a6/0x2c50 [ 287.190475][ T27] ? find_held_lock+0x2d/0x110 [ 287.195272][ T27] ? lock_chain_count+0x20/0x20 [ 287.200357][ T27] ? fuse_dev_splice_read+0x700/0x700 [ 287.205757][ T27] ? find_held_lock+0x2d/0x110 [ 287.210601][ T27] fuse_dev_write+0x154/0x1e0 [ 287.215307][ T27] ? fuse_dev_splice_write+0xa70/0xa70 [ 287.220823][ T27] ? inode_security+0x105/0x130 [ 287.225758][ T27] ? security_file_permission+0xaf/0xd0 [ 287.231402][ T27] ? rw_verify_area+0xba/0x1b0 [ 287.236206][ T27] vfs_write+0x9ed/0xdd0 [ 287.240670][ T27] ? kernel_write+0x630/0x630 [ 287.245416][ T27] ? __fget_files+0x26a/0x440 [ 287.250301][ T27] ? __fget_light+0xe5/0x270 [ 287.254934][ T27] ksys_write+0x12b/0x250 [ 287.259385][ T27] ? __ia32_sys_read+0xb0/0xb0 [ 287.264301][ T27] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.269676][ T27] ? _raw_spin_unlock_irq+0x2e/0x50 [ 287.275123][ T27] ? ptrace_notify+0xfe/0x140 [ 287.279869][ T27] do_syscall_64+0x39/0xb0 [ 287.284317][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.290284][ T27] RIP: 0033:0x7f8180dbc0a9 [ 287.294712][ T27] RSP: 002b:00007f8180d4c2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 287.303185][ T27] RAX: ffffffffffffffda RBX: 00007f8180e474d0 RCX: 00007f8180dbc0a9 [ 287.311232][ T27] RDX: 000000000000002c RSI: 00000000200000c0 RDI: 0000000000000003 [ 287.319449][ T27] RBP: 00007f8180e14084 R08: 0000000000000000 R09: 0000000000000000 [ 287.327556][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 287.335624][ T27] R13: 00007f8180e140a8 R14: 31f4000000000002 R15: 00007f8180e474d8 [ 287.343965][ T27] [ 287.347117][ T27] [ 287.347117][ T27] Showing all locks held in the system: [ 287.354866][ T27] 1 lock held by rcu_tasks_kthre/11: [ 287.360374][ T27] #0: ffffffff8c58c270 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.370984][ T27] 1 lock held by rcu_tasks_trace/12: [ 287.376292][ T27] #0: ffffffff8c58bf70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70 [ 287.387419][ T27] 1 lock held by khungtaskd/27: [ 287.392298][ T27] #0: ffffffff8c58cdc0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264 [ 287.402376][ T27] 2 locks held by kworker/u4:4/101: [ 287.407663][ T27] #0: ffff888012070138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x86d/0x1710 [ 287.419017][ T27] #1: ffffc9000205fda8 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8a1/0x1710 [ 287.431313][ T27] 1 lock held by syslogd/2978: [ 287.436090][ T27] #0: ffff88806dd72850 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.446724][ T27] 2 locks held by udevd/2996: [ 287.451451][ T27] #0: ffff88806dd72850 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.462038][ T27] #1: ffff88806dd72cb8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xd2/0x110 [ 287.471297][ T27] 2 locks held by getty/3313: [ 287.475989][ T27] #0: ffff8880225d8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 287.486281][ T27] #1: ffffc900020382f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 287.496559][ T27] 1 lock held by syz-executor243/3634: [ 287.502061][ T27] #0: ffff88806dd72850 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.512693][ T27] 2 locks held by syz-executor243/3636: [ 287.518414][ T27] #0: ffff88806dd72850 (&type->i_mutex_dir_key#6){++++}-{3:3}, at: walk_component+0x332/0x5a0 [ 287.529304][ T27] #1: ffff88806dd72cb8 (&fi->mutex){+.+.}-{3:3}, at: fuse_lock_inode+0xd2/0x110 [ 287.538691][ T27] 2 locks held by syz-executor243/3638: [ 287.544271][ T27] #0: ffff8880297f9338 (&fc->killsb){.+.+}-{3:3}, at: fuse_dev_do_write+0xe75/0x2c50 [ 287.554173][ T27] #1: ffff88806dd72850 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: fuse_reverse_inval_entry+0x55/0x550 [ 287.565704][ T27] [ 287.568166][ T27] ============================================= [ 287.568166][ T27] [ 287.576710][ T27] NMI backtrace for cpu 1 [ 287.581049][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 287.590867][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.600953][ T27] Call Trace: [ 287.604248][ T27] [ 287.607191][ T27] dump_stack_lvl+0xd1/0x138 [ 287.611815][ T27] nmi_cpu_backtrace.cold+0x24/0x18a [ 287.617151][ T27] nmi_trigger_cpumask_backtrace+0x333/0x3c0 [ 287.623180][ T27] ? lapic_can_unplug_cpu+0x80/0x80 [ 287.628410][ T27] watchdog+0xc75/0xfc0 [ 287.632590][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.638681][ T27] kthread+0x2e8/0x3a0 [ 287.642797][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.648578][ T27] ret_from_fork+0x1f/0x30 [ 287.653021][ T27] [ 287.656145][ T27] Sending NMI from CPU 1 to CPUs 0: [ 287.661500][ C0] NMI backtrace for cpu 0 skipped: idling at acpi_idle_do_entry+0x1fd/0x2a0 [ 287.662821][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 287.662838][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.1.0-rc7-syzkaller-00123-ga4412fdd49dc #0 [ 287.662873][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.662891][ T27] Call Trace: [ 287.662900][ T27] [ 287.662909][ T27] dump_stack_lvl+0xd1/0x138 [ 287.662958][ T27] panic+0x2cc/0x626 [ 287.662988][ T27] ? panic_print_sys_info.part.0+0x110/0x110 [ 287.663025][ T27] ? preempt_schedule_thunk+0x1a/0x1c [ 287.663077][ T27] ? watchdog.cold+0x130/0x158 [ 287.663153][ T27] watchdog.cold+0x141/0x158 [ 287.663201][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.663246][ T27] kthread+0x2e8/0x3a0 [ 287.663294][ T27] ? kthread_complete_and_exit+0x40/0x40 [ 287.663346][ T27] ret_from_fork+0x1f/0x30 [ 287.663393][ T27] [ 287.670611][ T27] Kernel Offset: disabled [ 287.762134][ T27] Rebooting in 86400 seconds..