./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3885203996 <...> Warning: Permanently added '10.128.0.16' (ED25519) to the list of known hosts. execve("./syz-executor3885203996", ["./syz-executor3885203996"], 0x7ffc2939da30 /* 10 vars */) = 0 brk(NULL) = 0x5555574d1000 brk(0x5555574d1d00) = 0x5555574d1d00 arch_prctl(ARCH_SET_FS, 0x5555574d1380) = 0 set_tid_address(0x5555574d1650) = 5069 set_robust_list(0x5555574d1660, 24) = 0 rseq(0x5555574d1ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3885203996", 4096) = 28 getrandom("\x5b\x7a\x86\xc2\xa2\xbf\x2c\x15", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555574d1d00 brk(0x5555574f2d00) = 0x5555574f2d00 brk(0x5555574f3000) = 0x5555574f3000 mprotect(0x7f072bf13000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x5555574d1660, 24 [pid 5069] <... clone resumed>, child_tidptr=0x5555574d1650) = 5071 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5071] setpgid(0, 0) = 0 [pid 5071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5071] write(3, "1000", 4) = 4 [pid 5071] close(3) = 0 [pid 5071] memfd_create("syzkaller", 0) = 3 [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0723a5c000 [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5071] munmap(0x7f0723a5c000, 138412032) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [pid 5071] mount("/dev/loop0", "./file1", "jfs", 0, ",usrquota,iocharset=cp860,") = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5071] chdir("./file1") = 0 [pid 5071] ioctl(4, LOOP_CLR_FD) = 0 [pid 5071] close(4) = 0 [ 59.982366][ T5071] loop0: detected capacity change from 0 to 32768 [pid 5071] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777 [pid 5069] kill(-5071, SIGKILL) = 0 [pid 5069] kill(5071, SIGKILL) = 0 [pid 5069] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5069] getdents64(3, 0x5555574d26f0 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(3, 0x5555574d26f0 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [ 76.025822][ T778] cfg80211: failed to load regulatory.db [ 285.937998][ T29] INFO: task kworker/u4:8:1265 blocked for more than 143 seconds. [ 285.945930][ T29] Not tainted 6.7.0-rc2-syzkaller #0 [ 285.951779][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 285.961425][ T29] task:kworker/u4:8 state:D stack:23696 pid:1265 tgid:1265 ppid:2 flags:0x00004000 [ 285.971839][ T29] Workqueue: writeback wb_workfn (flush-7:0) [ 285.977857][ T29] Call Trace: [ 285.981539][ T29] [ 285.984478][ T29] __schedule+0xedb/0x5af0 [ 285.989263][ T29] ? blk_mq_try_issue_list_directly+0x590/0x590 [ 285.995540][ T29] ? io_schedule_timeout+0x150/0x150 [ 286.001196][ T29] ? schedule+0x1fc/0x270 [ 286.005535][ T29] ? reacquire_held_locks+0x4c0/0x4c0 [ 286.011261][ T29] ? __mutex_lock+0x5b4/0x9d0 [ 286.015959][ T29] ? __mutex_trylock_common+0x78/0x250 [ 286.022024][ T29] schedule+0xe9/0x270 [ 286.026105][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.031917][ T29] __mutex_lock+0x5b9/0x9d0 [ 286.036435][ T29] ? jfs_commit_inode+0x22f/0x570 [ 286.041665][ T29] ? mutex_trylock+0x130/0x130 [ 286.046457][ T29] ? txExit+0x40/0x40 [ 286.050886][ T29] ? lock_acquire+0x1ae/0x520 [ 286.055575][ T29] ? find_held_lock+0x2d/0x110 [ 286.060730][ T29] ? jfs_commit_inode+0x22f/0x570 [ 286.065774][ T29] jfs_commit_inode+0x22f/0x570 [ 286.071315][ T29] ? jfs_iget+0x4c0/0x4c0 [ 286.075653][ T29] ? do_raw_spin_lock+0x12e/0x2b0 [ 286.081107][ T29] ? spin_bug+0x1d0/0x1d0 [ 286.085443][ T29] ? reacquire_held_locks+0x4c0/0x4c0 [ 286.091175][ T29] jfs_write_inode+0xfc/0x240 [ 286.095862][ T29] __writeback_single_inode+0xa91/0xe90 [ 286.101808][ T29] ? __mark_inode_dirty+0xd60/0xd60 [ 286.107008][ T29] ? _raw_spin_unlock+0x28/0x40 [ 286.112204][ T29] ? wbc_attach_and_unlock_inode+0x561/0x910 [ 286.118419][ T29] writeback_sb_inodes+0x599/0x1080 [ 286.123635][ T29] ? sync_inode_metadata+0xe0/0xe0 [ 286.129095][ T29] ? find_held_lock+0x59/0x110 [ 286.133878][ T29] ? move_expired_inodes+0x59e/0x850 [ 286.139517][ T29] __writeback_inodes_wb+0xff/0x2d0 [ 286.144745][ T29] ? writeback_sb_inodes+0x1080/0x1080 [ 286.150609][ T29] ? queue_io+0x3ed/0x4e0 [ 286.154945][ T29] wb_writeback+0x7f8/0xaa0 [ 286.159817][ T29] ? __writeback_inodes_wb+0x2d0/0x2d0 [ 286.165289][ T29] ? get_nr_dirty_inodes+0x176/0x1e0 [ 286.170952][ T29] wb_workfn+0x87c/0xfe0 [ 286.175205][ T29] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 286.182017][ T29] ? inode_wait_for_writeback+0x30/0x30 [ 286.187576][ T29] ? lock_sync+0x190/0x190 [ 286.192354][ T29] ? lock_sync+0x190/0x190 [ 286.196793][ T29] process_one_work+0x886/0x15d0 [ 286.202079][ T29] ? lock_sync+0x190/0x190 [ 286.206512][ T29] ? workqueue_congested+0x300/0x300 [ 286.212190][ T29] ? assign_work+0x1a0/0x250 [ 286.216793][ T29] worker_thread+0x8b9/0x1290 [ 286.222070][ T29] ? __kthread_parkme+0x14b/0x220 [ 286.227103][ T29] ? process_one_work+0x15d0/0x15d0 [ 286.232642][ T29] kthread+0x2c6/0x3a0 [ 286.236719][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.242276][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.248141][ T29] ret_from_fork+0x45/0x80 [ 286.252565][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.258593][ T29] ret_from_fork_asm+0x11/0x20 [ 286.263381][ T29] [ 286.266441][ T29] [ 286.266441][ T29] Showing all locks held in the system: [ 286.274830][ T29] 1 lock held by khungtaskd/29: [ 286.279893][ T29] #0: ffffffff8cfabce0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 286.290312][ T29] 4 locks held by kworker/u4:8/1265: [ 286.295593][ T29] #0: ffff888140054d38 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x789/0x15d0 [ 286.306653][ T29] #1: ffffc90004c6fd80 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7eb/0x15d0 [ 286.318749][ T29] #2: ffff8880193140e0 (&type->s_umount_key#45){++++}-{3:3}, at: super_trylock_shared+0x1e/0xf0 [ 286.329565][ T29] #3: ffff8880762c3008 (&jfs_ip->commit_mutex){+.+.}-{3:3}, at: jfs_commit_inode+0x22f/0x570 [ 286.340110][ T29] 2 locks held by getty/4823: [ 286.344788][ T29] #0: ffff88814ba2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 286.354946][ T29] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc6/0x1490 [ 286.365374][ T29] 4 locks held by syz-executor388/5071: [ 286.371139][ T29] [ 286.373465][ T29] ============================================= [ 286.373465][ T29] [ 286.382381][ T29] NMI backtrace for cpu 0 [ 286.386706][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc2-syzkaller #0 [ 286.394764][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 286.404817][ T29] Call Trace: [ 286.408089][ T29] [ 286.411013][ T29] dump_stack_lvl+0xd9/0x1b0 [ 286.415604][ T29] nmi_cpu_backtrace+0x277/0x390 [ 286.420538][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.425736][ T29] nmi_trigger_cpumask_backtrace+0x299/0x300 [ 286.431714][ T29] watchdog+0xf87/0x1210 [ 286.435958][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 286.442018][ T29] ? lockdep_hardirqs_on+0x7d/0x110 [ 286.447220][ T29] ? __kthread_parkme+0x14b/0x220 [ 286.452242][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 286.458221][ T29] kthread+0x2c6/0x3a0 [ 286.462292][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.467482][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.473113][ T29] ret_from_fork+0x45/0x80 [ 286.477524][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.483156][ T29] ret_from_fork_asm+0x11/0x20 [ 286.487928][ T29] [ 286.491045][ T29] Sending NMI from CPU 0 to CPUs 1: [ 286.496249][ C1] NMI backtrace for cpu 1 [ 286.496257][ C1] CPU: 1 PID: 5071 Comm: syz-executor388 Not tainted 6.7.0-rc2-syzkaller #0 [ 286.496270][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 286.496277][ C1] RIP: 0010:dtSplitRoot+0x9b1/0x1760 [ 286.496294][ C1] Code: 8d fe 4d 63 e4 49 81 fc 80 00 00 00 0f 87 e2 09 00 00 4c 89 e7 48 c1 e7 05 48 01 df 48 89 f8 48 c1 e8 03 42 0f b6 04 38 84 c0 <74> 06 0f 8e ab 09 00 00 49 c1 e4 05 bf ff ff ff ff 4e 8d 2c 23 45 [ 286.496313][ C1] RSP: 0018:ffffc9000436f5a0 EFLAGS: 00000246 [ 286.496324][ C1] RAX: 0000000000000000 RBX: ffff88807f9ed000 RCX: ffffffff82fa5e83 [ 286.496332][ C1] RDX: ffff88801aad3b80 RSI: ffffffff82fa5e39 RDI: ffff88807f9ed0c0 [ 286.496340][ C1] RBP: ffff8880762c3270 R08: 0000000000000005 R09: 00000000ffffffff [ 286.496347][ C1] R10: 0000000000000006 R11: 0000000000000000 R12: 0000000000000006 [ 286.496354][ C1] R13: ffff88807f9ed0c0 R14: 0000000000000080 R15: dffffc0000000000 [ 286.496365][ C1] FS: 00005555574d1380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.496378][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.496386][ C1] CR2: 0000557711dcabc0 CR3: 0000000074c49000 CR4: 0000000000350ef0 [ 286.496394][ C1] Call Trace: [ 286.496399][ C1] [ 286.496404][ C1] ? show_regs+0x8f/0xa0 [ 286.496420][ C1] ? nmi_cpu_backtrace+0x1d4/0x390 [ 286.496435][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 286.496454][ C1] ? nmi_handle+0x1a6/0x570 [ 286.496468][ C1] ? x86_pmu_event_mapped+0x1c0/0x1c0 [ 286.496489][ C1] ? dtSplitRoot+0x9b1/0x1760 [ 286.496501][ C1] ? default_do_nmi+0x6a/0x160 [ 286.496518][ C1] ? exc_nmi+0x186/0x200 [ 286.496533][ C1] ? end_repeat_nmi+0xf/0x2a [ 286.496548][ C1] ? dtSplitRoot+0x9d3/0x1760 [ 286.496559][ C1] ? dtSplitRoot+0x989/0x1760 [ 286.496570][ C1] ? dtSplitRoot+0x9b1/0x1760 [ 286.496582][ C1] ? dtSplitRoot+0x9b1/0x1760 [ 286.496595][ C1] ? dtSplitRoot+0x9b1/0x1760 [ 286.496607][ C1] [ 286.496610][ C1] [ 286.496618][ C1] ? dtSplitPage+0x3840/0x3840 [ 286.496629][ C1] ? up_write+0x1b3/0x510 [ 286.496646][ C1] ? dbAlloc+0x43d/0xaa0 [ 286.496659][ C1] dtSplitUp+0x1298/0x5850 [ 286.496674][ C1] ? save_trace+0x4e/0xb30 [ 286.496690][ C1] ? _find_first_zero_bit+0x94/0xb0 [ 286.496710][ C1] ? add_lock_to_list+0x17d/0x380 [ 286.496728][ C1] ? dtSplitRoot+0x1760/0x1760 [ 286.496739][ C1] ? __lock_acquire+0x1f9e/0x3b10 [ 286.496761][ C1] ? lockdep_hardirqs_on_prepare+0x420/0x420 [ 286.496783][ C1] ? lock_acquire+0x1ae/0x520 [ 286.496800][ C1] ? find_held_lock+0x2d/0x110 [ 286.496818][ C1] ? txLock+0x7f5/0x2120 [ 286.496833][ C1] ? spin_bug+0x1d0/0x1d0 [ 286.496846][ C1] dtInsert+0x872/0xb00 [ 286.496859][ C1] ? dtSearch+0x2450/0x2450 [ 286.496870][ C1] ? dtSearch+0x198b/0x2450 [ 286.496882][ C1] ? txEnd+0x5a0/0x5a0 [ 286.496900][ C1] jfs_mkdir+0x665/0xb30 [ 286.496919][ C1] ? jfs_create+0xb40/0xb40 [ 286.496943][ C1] ? bpf_lsm_inode_permission+0x9/0x10 [ 286.496956][ C1] ? security_inode_permission+0xd8/0x100 [ 286.496972][ C1] ? inode_permission+0xdd/0x5e0 [ 286.496986][ C1] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 286.496999][ C1] vfs_mkdir+0x577/0x820 [ 286.497015][ C1] do_mkdirat+0x2fd/0x3a0 [ 286.497032][ C1] ? __ia32_sys_mknod+0xb0/0xb0 [ 286.497049][ C1] ? getname_flags.part.0+0x1e2/0x4e0 [ 286.497065][ C1] __x64_sys_mkdir+0xf2/0x140 [ 286.497082][ C1] do_syscall_64+0x40/0x110 [ 286.497097][ C1] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 286.497117][ C1] RIP: 0033:0x7f072be99a97 [ 286.497127][ C1] Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 286.497138][ C1] RSP: 002b:00007ffed5af27a8 EFLAGS: 00000286 ORIG_RAX: 0000000000000053 [ 286.497149][ C1] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f072be99a97 [ 286.497156][ C1] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000500 [ 286.497164][ C1] RBP: 00007ffed5af2840 R08: 0000000000000000 R09: 0000000000000000 [ 286.497171][ C1] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000020000500 [ 286.497178][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 286.497189][ C1] [ 286.914662][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 286.921509][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.7.0-rc2-syzkaller #0 [ 286.929567][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 286.939612][ T29] Call Trace: [ 286.942883][ T29] [ 286.945804][ T29] dump_stack_lvl+0xd9/0x1b0 [ 286.950399][ T29] panic+0x6dc/0x790 [ 286.954295][ T29] ? panic_smp_self_stop+0xa0/0xa0 [ 286.959408][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 286.964788][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.969991][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 286.975480][ T29] ? watchdog+0xd3e/0x1210 [ 286.979893][ T29] ? watchdog+0xd31/0x1210 [ 286.984308][ T29] watchdog+0xd4f/0x1210 [ 286.988551][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 286.994523][ T29] ? lockdep_hardirqs_on+0x7d/0x110 [ 286.999725][ T29] ? __kthread_parkme+0x14b/0x220 [ 287.004748][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.010725][ T29] kthread+0x2c6/0x3a0 [ 287.014794][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.019990][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.025623][ T29] ret_from_fork+0x45/0x80 [ 287.030039][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.035667][ T29] ret_from_fork_asm+0x11/0x20 [ 287.040525][ T29] [ 287.043843][ T29] Kernel Offset: disabled [ 287.048148][ T29] Rebooting in 86400 seconds..