./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2377877439 <...> DUID 00:04:f8:b5:8a:47:ae:09:95:3a:43:2d:d7:42:86:31:94:89 forked to background, child pid 4661 [ 28.790251][ T4662] 8021q: adding VLAN 0 to HW filter on device bond0 [ 28.806714][ T4662] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. execve("./syz-executor2377877439", ["./syz-executor2377877439"], 0x7fffa1bfb200 /* 10 vars */) = 0 brk(NULL) = 0x55555729c000 brk(0x55555729cc40) = 0x55555729cc40 arch_prctl(ARCH_SET_FS, 0x55555729c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2377877439", 4096) = 28 brk(0x5555572bdc40) = 0x5555572bdc40 brk(0x5555572be000) = 0x5555572be000 mprotect(0x7f420980b000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555729c5d0) = 4993 ./strace-static-x86_64: Process 4993 attached [pid 4993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4993] setpgid(0, 0) = 0 [pid 4993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4993] write(3, "1000", 4) = 4 [pid 4993] close(3) = 0 [pid 4993] memfd_create("syzkaller", 0) = 3 [pid 4993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4201331000 syzkaller login: [ 56.198980][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor237' [pid 4993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 4993] munmap(0x7f4201331000, 16777216) = 0 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4993] close(3) = 0 [pid 4993] mkdir("./file0", 0777) = 0 [ 56.413728][ T4993] loop0: detected capacity change from 0 to 32768 [ 56.429727][ T4993] gfs2: fsid=gfs2: Trying to join cluster "lock_nolock", "gfs2" [ 56.439245][ T4993] gfs2: fsid=gfs2: Now mounting FS (format 1801)... [ 56.453934][ T4993] gfs2: fsid=gfs2.s: journal 0 mapped with 3 extents in 0ms [pid 4993] mount("/dev/loop0", "./file0", "gfs2", MS_NOATIME|0x200, "\x6c\x6f\x63\x6b\x74\x61\x62\x6c\x65\x3d\xe2\x2c\x6c\x6f\x63\x6b\x74\x61\x62\x6c\x65\x3d\x26\x28\x2c\x6e\x6f\x72\x65\x63\x6f\x76\x65\x72\x79\x2c\x6e\x6f\x72\x67\x72\x70\x6c\x76\x62\x2c\x73\x74\x61\x74\x66\x73\x5f\x71\x75\x61\x6e\x74\x75\x6d\x3d\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x39\x2c\x6e\x6f\x61\x63\x6c\x2c\x64\x61\x74\x61\x3d\x6f\x72\x64\x65\x72\x65\x64\x2c\x6c"... [pid 4992] kill(-4993, SIGKILL) = 0 [pid 4992] kill(4993, SIGKILL) = 0 [pid 4992] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4992] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 4992] getdents64(3, 0x55555729d620 /* 2 entries */, 32768) = 48 [pid 4992] getdents64(3, 0x55555729d620 /* 0 entries */, 32768) = 0 [pid 4992] close(3) = 0 [ 76.516729][ T900] cfg80211: failed to load regulatory.db [ 286.435406][ T28] INFO: task syz-executor237:4993 blocked for more than 143 seconds. [ 286.443585][ T28] Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 286.451489][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.460267][ T28] task:syz-executor237 state:D stack:23120 pid:4993 ppid:4992 flags:0x00004004 [ 286.469533][ T28] Call Trace: [ 286.472817][ T28] [ 286.475831][ T28] __schedule+0x187b/0x4900 [ 286.480507][ T28] ? release_firmware_map_entry+0x190/0x190 [ 286.486447][ T28] ? mark_lock+0x9a/0x340 [ 286.490889][ T28] ? print_irqtrace_events+0x220/0x220 [ 286.496404][ T28] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.501597][ T28] schedule+0xc3/0x180 [ 286.505704][ T28] io_schedule+0x8c/0x100 [ 286.510047][ T28] folio_wait_bit_common+0x86c/0x12b0 [ 286.515677][ T28] ? folio_wait_bit+0x30/0x30 [ 286.520392][ T28] ? _compound_head+0x130/0x130 [ 286.525371][ T28] ? folio_add_lru+0x6f0/0x6f0 [ 286.530154][ T28] ? __filemap_get_folio+0x574/0xa00 [ 286.535496][ T28] gfs2_jhead_process_page+0x192/0x800 [ 286.541057][ T28] ? bio_add_page+0x282/0x550 [ 286.545850][ T28] ? gfs2_end_log_read+0x800/0x800 [ 286.551036][ T28] ? __bio_add_page+0x310/0x310 [ 286.555953][ T28] ? folio_test_hugetlb+0xa0/0x1d0 [ 286.561227][ T28] ? pagecache_get_page+0xeb/0x220 [ 286.566406][ T28] gfs2_find_jhead+0x68c/0xef0 [ 286.571219][ T28] ? gfs2_end_log_write+0x810/0x810 [ 286.576495][ T28] ? gfs2_jdesc_check+0x1f6/0x290 [ 286.581532][ T28] check_journal_clean+0x195/0x360 [ 286.586740][ T28] ? gfs2_assert_i+0x30/0x30 [ 286.591426][ T28] ? do_raw_spin_lock+0x14d/0x3a0 [ 286.596521][ T28] ? init_journal+0x186d/0x23e0 [ 286.601389][ T28] ? gfs2_lookup_by_inum+0xf0/0xf0 [ 286.606623][ T28] ? _raw_spin_unlock+0x28/0x40 [ 286.611482][ T28] ? gfs2_jdesc_find+0xab/0xc0 [ 286.616310][ T28] init_journal+0x186d/0x23e0 [ 286.621008][ T28] ? init_inodes+0xdc/0x310 [ 286.625553][ T28] ? _compound_head+0x130/0x130 [ 286.630416][ T28] ? init_sb+0xc37/0x1330 [ 286.634738][ T28] ? snprintf+0xda/0x120 [ 286.639066][ T28] ? init_inodes+0xdc/0x310 [ 286.643580][ T28] ? vscnprintf+0x80/0x80 [ 286.647951][ T28] init_inodes+0xdc/0x310 [ 286.652291][ T28] gfs2_fill_super+0x1d02/0x2840 [ 286.657309][ T28] ? gfs2_reconfigure+0xd00/0xd00 [ 286.662369][ T28] ? ptr_to_hashval+0x80/0x80 [ 286.667125][ T28] ? init_locking+0xbd/0x210 [ 286.671731][ T28] ? sb_set_blocksize+0x99/0x100 [ 286.676722][ T28] get_tree_bdev+0x405/0x620 [ 286.681324][ T28] ? gfs2_reconfigure+0xd00/0xd00 [ 286.686415][ T28] gfs2_get_tree+0x54/0x210 [ 286.690936][ T28] ? bpf_lsm_capable+0x9/0x10 [ 286.695707][ T28] vfs_get_tree+0x8c/0x270 [ 286.700138][ T28] do_new_mount+0x28f/0xae0 [ 286.704646][ T28] ? path_mount+0x5f2/0xf80 [ 286.709181][ T28] ? do_move_mount_old+0x170/0x170 [ 286.714303][ T28] ? user_path_at_empty+0x12f/0x180 [ 286.719564][ T28] __se_sys_mount+0x2d9/0x3c0 [ 286.724251][ T28] ? __x64_sys_mount+0xc0/0xc0 [ 286.729568][ T28] ? syscall_enter_from_user_mode+0x32/0x230 [ 286.735685][ T28] ? __x64_sys_mount+0x20/0xc0 [ 286.740442][ T28] do_syscall_64+0x41/0xc0 [ 286.744844][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.750868][ T28] RIP: 0033:0x7f420977f9ca [ 286.755364][ T28] RSP: 002b:00007ffc653e9418 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 286.763786][ T28] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f420977f9ca [ 286.771842][ T28] RDX: 000000002001f680 RSI: 000000002001f6c0 RDI: 00007ffc653e9430 [ 286.779870][ T28] RBP: 00007ffc653e9430 R08: 00007ffc653e9470 R09: 0000000000000002 [ 286.787875][ T28] R10: 0000000000000600 R11: 0000000000000282 R12: 0000000000000004 [ 286.795883][ T28] R13: 000055555729c2c0 R14: 0000000000000600 R15: 00007ffc653e9470 [ 286.803849][ T28] [ 286.806937][ T28] [ 286.806937][ T28] Showing all locks held in the system: [ 286.814659][ T28] 1 lock held by rcu_tasks_kthre/13: [ 286.820010][ T28] #0: ffffffff8cf276f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.830515][ T28] 1 lock held by rcu_tasks_trace/14: [ 286.835863][ T28] #0: ffffffff8cf27ab0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.846890][ T28] 1 lock held by khungtaskd/28: [ 286.851728][ T28] #0: ffffffff8cf27520 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.861131][ T28] 2 locks held by getty/4746: [ 286.866260][ T28] #0: ffff88814a907098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.876143][ T28] #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 [ 286.886323][ T28] 1 lock held by syz-executor237/4993: [ 286.891790][ T28] #0: ffff88807d2780e0 (&type->s_umount_key#42/1){+.+.}-{3:3}, at: alloc_super+0x217/0x930 [ 286.901985][ T28] [ 286.904311][ T28] ============================================= [ 286.904311][ T28] [ 286.912763][ T28] NMI backtrace for cpu 0 [ 286.917087][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 286.926957][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 286.936994][ T28] Call Trace: [ 286.940254][ T28] [ 286.943169][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 286.947831][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 286.953270][ T28] ? panic+0x770/0x770 [ 286.957326][ T28] ? __irq_work_queue_local+0x137/0x3e0 [ 286.962864][ T28] nmi_cpu_backtrace+0x498/0x4d0 [ 286.967791][ T28] ? vprintk_emit+0x10d/0x1f0 [ 286.972582][ T28] ? nmi_trigger_cpumask_backtrace+0x300/0x300 [ 286.978757][ T28] ? _printk+0xd5/0x120 [ 286.982921][ T28] ? panic+0x770/0x770 [ 286.986991][ T28] ? __wake_up_klogd+0xcc/0x100 [ 286.991840][ T28] ? panic+0x770/0x770 [ 286.995900][ T28] ? wq_watchdog_touch+0x72/0x110 [ 287.001132][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.007199][ T28] nmi_trigger_cpumask_backtrace+0x187/0x300 [ 287.013177][ T28] watchdog+0xec2/0xf00 [ 287.017351][ T28] kthread+0x2b8/0x350 [ 287.021416][ T28] ? hungtask_pm_notify+0x90/0x90 [ 287.026457][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.031043][ T28] ret_from_fork+0x1f/0x30 [ 287.035488][ T28] [ 287.038662][ T28] Sending NMI from CPU 0 to CPUs 1: [ 287.043892][ C1] NMI backtrace for cpu 1 [ 287.043903][ C1] CPU: 1 PID: 61 Comm: kworker/u4:4 Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 287.043919][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 287.043928][ C1] Workqueue: events_unbound toggle_allocation_gate [ 287.043950][ C1] RIP: 0010:insn_get_opcode+0x1aa/0xa50 [ 287.043969][ C1] Code: 01 48 8b 44 24 38 42 0f b6 04 28 84 c0 0f 85 5f 07 00 00 0f b6 2a 31 ff 89 ee e8 71 6c de f6 85 ed 74 2e e8 d8 69 de f6 eb 34 <4c> 89 e7 e8 ae e5 ff ff 41 89 c7 31 ff 89 c6 e8 72 6d de f6 45 85 [ 287.043979][ C1] RSP: 0018:ffffc90001577720 EFLAGS: 00000246 [ 287.043990][ C1] RAX: 0000000000000000 RBX: 1ffff920002aef3b RCX: ffff888015683b80 [ 287.044000][ C1] RDX: ffff888015683b80 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.044009][ C1] RBP: 0000000000000000 R08: ffffffff8aad14ac R09: 0000000000000000 [ 287.044017][ C1] R10: ffffc900015779c0 R11: dffffc0000000001 R12: ffffc900015779c0 [ 287.044027][ C1] R13: dffffc0000000000 R14: ffffc900015779dc R15: 0000000000000000 [ 287.044037][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 287.044048][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.044057][ C1] CR2: 000055ebd3978fe8 CR3: 000000000cd30000 CR4: 00000000003506e0 [ 287.044068][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.044075][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.044082][ C1] Call Trace: [ 287.044087][ C1] [ 287.044092][ C1] ? nmi_cpu_backtrace+0x3be/0x4d0 [ 287.044108][ C1] ? read_lock_is_recursive+0x20/0x20 [ 287.044132][ C1] ? nmi_trigger_cpumask_backtrace+0x300/0x300 [ 287.044147][ C1] ? unknown_nmi_error+0xc0/0xc0 [ 287.044168][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.044182][ C1] ? nmi_handle+0xf7/0x370 [ 287.044196][ C1] ? insn_get_opcode+0x1aa/0xa50 [ 287.044222][ C1] ? default_do_nmi+0x62/0x150 [ 287.044238][ C1] ? exc_nmi+0x11e/0x1f0 [ 287.044251][ C1] ? end_repeat_nmi+0x16/0x31 [ 287.044324][ C1] ? insn_get_opcode+0x8c/0xa50 [ 287.044340][ C1] ? insn_get_opcode+0x1aa/0xa50 [ 287.044355][ C1] ? insn_get_opcode+0x1aa/0xa50 [ 287.044371][ C1] ? insn_get_opcode+0x1aa/0xa50 [ 287.044386][ C1] [ 287.044390][ C1] [ 287.044401][ C1] insn_get_modrm+0x22e/0x7a0 [ 287.044418][ C1] ? read_lock_is_recursive+0x20/0x20 [ 287.044436][ C1] insn_get_displacement+0x13e/0x980 [ 287.044455][ C1] insn_get_immediate+0x382/0x13d0 [ 287.044471][ C1] ? rcu_is_watching+0x15/0xb0 [ 287.044486][ C1] insn_decode+0x370/0x500 [ 287.044507][ C1] ? kmem_cache_alloc+0x5e/0x2e0 [ 287.044520][ C1] __jump_label_patch+0xe8/0x440 [ 287.044535][ C1] ? kmem_cache_alloc+0x5e/0x2e0 [ 287.044547][ C1] ? arch_jump_label_transform_queue+0xd0/0xd0 [ 287.044562][ C1] ? __mutex_lock_common+0x42d/0x2530 [ 287.044579][ C1] ? kmem_cache_alloc+0x5e/0x2e0 [ 287.044590][ C1] ? kmem_cache_alloc+0x6d/0x2e0 [ 287.044601][ C1] ? kmem_cache_alloc+0x5e/0x2e0 [ 287.044615][ C1] ? mutex_lock_io_nested+0x60/0x60 [ 287.044629][ C1] arch_jump_label_transform_queue+0x4e/0xd0 [ 287.044645][ C1] __jump_label_update+0x177/0x3a0 [ 287.044667][ C1] static_key_disable_cpuslocked+0xce/0x1b0 [ 287.044685][ C1] static_key_disable+0x1a/0x20 [ 287.044701][ C1] toggle_allocation_gate+0x1b8/0x250 [ 287.044715][ C1] ? show_object+0xa0/0xa0 [ 287.044728][ C1] ? print_irqtrace_events+0x220/0x220 [ 287.044743][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 287.044764][ C1] process_one_work+0x8a0/0x10e0 [ 287.044791][ C1] ? worker_detach_from_pool+0x290/0x290 [ 287.044811][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 287.044824][ C1] ? kthread_data+0x52/0xc0 [ 287.044846][ C1] ? wq_worker_running+0x9b/0x1a0 [ 287.044863][ C1] worker_thread+0xa63/0x1210 [ 287.044886][ C1] ? _raw_spin_unlock+0x40/0x40 [ 287.044906][ C1] kthread+0x2b8/0x350 [ 287.044920][ C1] ? pr_cont_work+0x5e0/0x5e0 [ 287.044937][ C1] ? kthread_blkcg+0xd0/0xd0 [ 287.044953][ C1] ret_from_fork+0x1f/0x30 [ 287.044978][ C1] [ 287.044983][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.090 msecs [ 287.045939][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.045951][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc6-syzkaller-00026-gfb054096aea0 #0 [ 287.045968][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 287.045976][ T28] Call Trace: [ 287.045981][ T28] [ 287.045988][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 287.046008][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 287.046025][ T28] ? panic+0x770/0x770 [ 287.046048][ T28] ? vscnprintf+0x5d/0x80 [ 287.046070][ T28] panic+0x30f/0x770 [ 287.046089][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.046108][ T28] ? __memcpy_flushcache+0x2b0/0x2b0 [ 287.046126][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.046146][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.046162][ T28] ? nmi_trigger_cpumask_backtrace+0x2b4/0x300 [ 287.046182][ T28] ? nmi_trigger_cpumask_backtrace+0x2b9/0x300 [ 287.046202][ T28] watchdog+0xf00/0xf00 [ 287.046231][ T28] kthread+0x2b8/0x350 [ 287.046249][ T28] ? hungtask_pm_notify+0x90/0x90 [ 287.046269][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.046289][ T28] ret_from_fork+0x1f/0x30 [ 287.046318][ T28] [ 287.049639][ T28] Kernel Offset: disabled [ 287.578211][ T28] Rebooting in 86400 seconds..