./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2321696354 <...> DUID 00:04:dd:0f:a4:e5:cb:b8:04:95:2f:30:92:03:b3:b6:0d:bc forked to background, child pid 4644 [ 30.799463][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 30.809951][ T4645] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.51' (ECDSA) to the list of known hosts. execve("./syz-executor2321696354", ["./syz-executor2321696354"], 0x7ffc86b9bc90 /* 10 vars */) = 0 brk(NULL) = 0x555556a7a000 brk(0x555556a7ac40) = 0x555556a7ac40 arch_prctl(ARCH_SET_FS, 0x555556a7a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor2321696354", 4096) = 28 brk(0x555556a9bc40) = 0x555556a9bc40 brk(0x555556a9c000) = 0x555556a9c000 mprotect(0x7fa54076a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a7a5d0) = 5073 ./strace-static-x86_64: Process 5073 attached [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa5382af000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5073] munmap(0x7fa5382af000, 262144) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 syzkaller login: [ 52.319729][ T5073] loop0: detected capacity change from 0 to 512 [ 52.335529][ T5073] EXT4-fs (loop0): orphan cleanup on readonly fs [pid 5073] mount("/dev/loop0", "./file0", "ext4", MS_RDONLY|MS_NOSUID|MS_NODIRATIME|MS_REC|MS_I_VERSION|0x200, ",errors=continue" [pid 5072] kill(-5073, SIGKILL) = 0 [pid 5072] kill(5073, SIGKILL) = 0 [pid 5072] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5072] getdents64(3, 0x555556a7b620 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(3, 0x555556a7b620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [ 76.322271][ T2277] cfg80211: failed to load regulatory.db [ 286.240769][ T28] INFO: task syz-executor232:5073 blocked for more than 143 seconds. [ 286.248937][ T28] Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 [ 286.256636][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.265471][ T28] task:syz-executor232 state:D stack:21024 pid:5073 ppid:5072 flags:0x00004004 [ 286.274742][ T28] Call Trace: [ 286.278027][ T28] [ 286.281024][ T28] __schedule+0x995/0xe20 [ 286.285513][ T28] ? release_firmware_map_entry+0x180/0x180 [ 286.291477][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.296716][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 286.302747][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.307962][ T28] schedule+0xcb/0x190 [ 286.312085][ T28] find_inode_fast+0x35a/0x4c0 [ 286.316925][ T28] ? read_lock_is_recursive+0x10/0x10 [ 286.322458][ T28] ? iget_locked+0x830/0x830 [ 286.327061][ T28] ? bit_waitqueue+0x30/0x30 [ 286.331757][ T28] iget_locked+0xb1/0x830 [ 286.336104][ T28] __ext4_iget+0x22e/0x3ed0 [ 286.340725][ T28] ? __might_sleep+0xc0/0xc0 [ 286.345388][ T28] ? __getblk_gfp+0x50/0x290 [ 286.350002][ T28] ? ext4_get_projid+0x140/0x140 [ 286.355096][ T28] ext4_xattr_inode_iget+0x68/0x4e0 [ 286.360375][ T28] ? __might_sleep+0xc0/0xc0 [ 286.365026][ T28] ext4_xattr_inode_dec_ref_all+0x1a7/0xe50 [ 286.371000][ T28] ? __ext4_journal_get_write_access+0x2d1/0x690 [ 286.377387][ T28] ? ext4_xattr_delete_inode+0xcd0/0xcd0 [ 286.383093][ T28] ? __ext4_journal_ensure_credits+0x460/0x460 [ 286.389279][ T28] ? __ext4_journal_ensure_credits+0x2c/0x460 [ 286.395431][ T28] ext4_xattr_delete_inode+0xb04/0xcd0 [ 286.400961][ T28] ? ext4_blocks_for_truncate+0x270/0x270 [ 286.406682][ T28] ? ext4_expand_extra_isize_ea+0x1cd0/0x1cd0 [ 286.412786][ T28] ? rcu_read_lock_any_held+0xb1/0x130 [ 286.418334][ T28] ? ext4_journal_check_start+0x178/0x240 [ 286.424107][ T28] ? ext4_evict_inode+0x978/0x10b0 [ 286.429231][ T28] ? ext4_inode_is_fast_symlink+0x266/0x3a0 [ 286.435179][ T28] ext4_evict_inode+0xd7c/0x10b0 [ 286.440137][ T28] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 [ 286.446084][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.451340][ T28] ? ext4_inode_is_fast_symlink+0x3a0/0x3a0 [ 286.457236][ T28] evict+0x2a4/0x620 [ 286.461260][ T28] ext4_orphan_cleanup+0xb60/0x1340 [ 286.466528][ T28] ? ext4_orphan_del+0xc20/0xc20 [ 286.471515][ T28] ? __init_swait_queue_head+0xa6/0x140 [ 286.477082][ T28] ? errseq_check_and_advance+0x5e/0x110 [ 286.482834][ T28] ext4_fill_super+0x81cd/0x8700 [ 286.487798][ T28] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 286.494331][ T28] ? snprintf+0xc0/0x110 [ 286.498640][ T28] ? set_blocksize+0x1ec/0x390 [ 286.503807][ T28] ? sb_set_blocksize+0x95/0xf0 [ 286.508682][ T28] get_tree_bdev+0x400/0x620 [ 286.513389][ T28] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 286.520166][ T28] vfs_get_tree+0x88/0x270 [ 286.524802][ T28] do_new_mount+0x289/0xad0 [ 286.529327][ T28] ? do_move_mount_old+0x150/0x150 [ 286.534621][ T28] ? user_path_at_empty+0x149/0x1a0 [ 286.539852][ T28] __se_sys_mount+0x2d3/0x3c0 [ 286.544946][ T28] ? __x64_sys_mount+0xc0/0xc0 [ 286.549730][ T28] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 286.555902][ T28] ? __x64_sys_mount+0x1c/0xc0 [ 286.560863][ T28] do_syscall_64+0x3d/0xb0 [ 286.565298][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.571419][ T28] RIP: 0033:0x7fa5406fd5ea [ 286.575854][ T28] RSP: 002b:00007ffc7232f968 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 286.584570][ T28] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fa5406fd5ea [ 286.592808][ T28] RDX: 0000000020000440 RSI: 0000000020000000 RDI: 00007ffc7232f970 [ 286.600852][ T28] RBP: 00007ffc7232f970 R08: 00007ffc7232f9b0 R09: 0000000000000432 [ 286.608838][ T28] R10: 0000000000804a03 R11: 0000000000000202 R12: 0000000000000004 [ 286.616895][ T28] R13: 0000555556a7a2c0 R14: 00007ffc7232f9b0 R15: 0000000000000000 [ 286.624915][ T28] [ 286.627944][ T28] [ 286.627944][ T28] Showing all locks held in the system: [ 286.635792][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.641151][ T28] #0: ffffffff8d326f50 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.651719][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.657014][ T28] #0: ffffffff8d327750 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.668080][ T28] 1 lock held by khungtaskd/28: [ 286.672976][ T28] #0: ffffffff8d326d80 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.682365][ T28] 2 locks held by getty/4743: [ 286.687063][ T28] #0: ffff88814bdd0098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 286.697290][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650 [ 286.707687][ T28] 2 locks held by syz-executor232/5073: [ 286.713437][ T28] #0: ffff88802a5380e0 (&type->s_umount_key#28/1){+.+.}-{3:3}, at: alloc_super+0x212/0x920 [ 286.723797][ T28] #1: ffff88802a538650 (sb_internal){.+.+}-{0:0}, at: ext4_evict_inode+0x4cd/0x10b0 [ 286.733492][ T28] [ 286.735809][ T28] ============================================= [ 286.735809][ T28] [ 286.744498][ T28] NMI backtrace for cpu 1 [ 286.748815][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 [ 286.758619][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.768659][ T28] Call Trace: [ 286.771929][ T28] [ 286.774847][ T28] dump_stack_lvl+0x1b1/0x290 [ 286.779519][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 286.784967][ T28] ? panic+0x710/0x710 [ 286.789044][ T28] ? tick_nohz_tick_stopped+0x76/0xb0 [ 286.794482][ T28] ? nmi_cpu_backtrace+0x205/0x4f0 [ 286.799589][ T28] nmi_cpu_backtrace+0x46f/0x4f0 [ 286.804515][ T28] ? vprintk_emit+0x109/0x1e0 [ 286.809190][ T28] ? nmi_trigger_cpumask_backtrace+0x420/0x420 [ 286.815328][ T28] ? _printk+0xc0/0x100 [ 286.819468][ T28] ? panic+0x710/0x710 [ 286.823518][ T28] ? __wake_up_klogd+0xcd/0x100 [ 286.828355][ T28] ? panic+0x710/0x710 [ 286.832408][ T28] ? nmi_trigger_cpumask_backtrace+0xc9/0x420 [ 286.838481][ T28] nmi_trigger_cpumask_backtrace+0x1ba/0x420 [ 286.844471][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.850618][ T28] watchdog+0xcd5/0xd20 [ 286.854826][ T28] kthread+0x266/0x300 [ 286.858966][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.863983][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.868562][ T28] ret_from_fork+0x1f/0x30 [ 286.872996][ T28] [ 286.876168][ T28] Sending NMI from CPU 1 to CPUs 0: [ 286.881426][ C0] NMI backtrace for cpu 0 [ 286.881435][ C0] CPU: 0 PID: 4421 Comm: klogd Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 [ 286.881453][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.881461][ C0] RIP: 0010:vsnprintf+0x3cd/0x1cb0 [ 286.881481][ C0] Code: e8 08 92 e0 f6 48 83 fb 28 4c 8b 7c 24 08 0f 87 80 08 00 00 e8 d4 8d e0 f6 48 8b 7c 24 30 48 89 f8 48 c1 e8 03 42 80 3c 28 00 <74> 05 e8 ac 37 36 f7 89 d8 49 03 5e 10 44 8d 78 08 48 8b 44 24 10 [ 286.881493][ C0] RSP: 0018:ffffc90002f6f7a0 EFLAGS: 00000246 [ 286.881504][ C0] RAX: 1ffff920005edf22 RBX: 0000000000000010 RCX: ffff88807d8e1d40 [ 286.881514][ C0] RDX: 0000000000000000 RSI: 0000000000000010 RDI: ffffc90002f6f910 [ 286.881523][ C0] RBP: ffffc90002f6f890 R08: ffffffff8aab4d78 R09: ffffffff8aab4b6e [ 286.881533][ C0] R10: 0000000000000012 R11: ffff88807d8e1d40 R12: ffff0a0000000509 [ 286.881542][ C0] R13: dffffc0000000000 R14: ffffc90002f6f900 R15: ffffc90082f6fae2 [ 286.881551][ C0] FS: 00007f99d0120800(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 286.881563][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.881572][ C0] CR2: 00005630c40b8a40 CR3: 000000002b714000 CR4: 00000000003506f0 [ 286.881584][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.881591][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.881599][ C0] Call Trace: [ 286.881606][ C0] [ 286.881613][ C0] ? __lock_acquire+0x1292/0x1f60 [ 286.881630][ C0] ? ptr_to_hashval+0x70/0x70 [ 286.881643][ C0] ? memcpy+0x3c/0x60 [ 286.881726][ C0] sprintf+0xc7/0x110 [ 286.881741][ C0] ? _prb_read_valid+0xac5/0xae0 [ 286.881759][ C0] ? vsnprintf+0x1bce/0x1cb0 [ 286.881773][ C0] ? vsprintf+0x30/0x30 [ 286.881793][ C0] info_print_prefix+0x153/0x2e0 [ 286.881812][ C0] ? msg_add_dict_text+0x3d0/0x3d0 [ 286.881830][ C0] ? __mutex_lock_common+0x45f/0x26e0 [ 286.881850][ C0] record_print_text+0x12e/0x430 [ 286.881870][ C0] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.881889][ C0] ? kmsg_dump_get_line+0x430/0x430 [ 286.881905][ C0] ? prb_read_valid+0xa5/0xf0 [ 286.881924][ C0] ? prb_final_commit+0x90/0x90 [ 286.881943][ C0] ? finish_wait+0xc5/0x1d0 [ 286.881960][ C0] syslog_print+0x3a0/0x5e0 [ 286.881978][ C0] ? do_syslog+0x8f0/0x8f0 [ 286.881998][ C0] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 286.882045][ C0] ? wake_bit_function+0x240/0x240 [ 286.882060][ C0] ? bpf_lsm_capable+0x5/0x10 [ 286.882093][ C0] ? security_capable+0xb1/0xd0 [ 286.882148][ C0] do_syslog+0x815/0x8f0 [ 286.882170][ C0] ? log_buf_vmcoreinfo_setup+0x4a0/0x4a0 [ 286.882190][ C0] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 286.882207][ C0] ? print_irqtrace_events+0x220/0x220 [ 286.882222][ C0] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 286.882240][ C0] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 286.882253][ C0] ? lockdep_hardirqs_on+0x8d/0x130 [ 286.882267][ C0] __x64_sys_syslog+0x78/0x90 [ 286.882283][ C0] do_syscall_64+0x3d/0xb0 [ 286.882301][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.882319][ C0] RIP: 0033:0x7f99d02bb8b7 [ 286.882331][ C0] Code: 73 01 c3 48 8b 0d c1 05 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 05 0c 00 f7 d8 64 89 01 48 [ 286.882341][ C0] RSP: 002b:00007ffec1edf228 EFLAGS: 00000206 ORIG_RAX: 0000000000000067 [ 286.882355][ C0] RAX: ffffffffffffffda RBX: 00007f99d0448490 RCX: 00007f99d02bb8b7 [ 286.882364][ C0] RDX: 00000000000003ff RSI: 00007f99d0448490 RDI: 0000000000000002 [ 286.882372][ C0] RBP: 0000000000000000 R08: 0000000000000007 R09: 000055d7b192cd50 [ 286.882380][ C0] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f99d0448490 [ 286.882388][ C0] R13: 00007f99d044850e R14: 00007f99d044850e R15: 0000000000000000 [ 286.882404][ C0] [ 286.882493][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.262796][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc2-syzkaller-00024-g512dee0c00ad #0 [ 287.272596][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.282645][ T28] Call Trace: [ 287.285919][ T28] [ 287.288847][ T28] dump_stack_lvl+0x1b1/0x290 [ 287.293530][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 287.298987][ T28] ? panic+0x710/0x710 [ 287.303050][ T28] ? vscnprintf+0x59/0x80 [ 287.307374][ T28] panic+0x2d6/0x710 [ 287.311259][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 287.316887][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.323046][ T28] ? memcpy_page_flushcache+0x100/0x100 [ 287.328587][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.334735][ T28] ? nmi_trigger_cpumask_backtrace+0x34e/0x420 [ 287.340892][ T28] ? nmi_trigger_cpumask_backtrace+0x353/0x420 [ 287.347039][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.353102][ T28] watchdog+0xd15/0xd20 [ 287.357264][ T28] kthread+0x266/0x300 [ 287.361325][ T28] ? hungtask_pm_notify+0x50/0x50 [ 287.366355][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.370937][ T28] ret_from_fork+0x1f/0x30 [ 287.375358][ T28] [ 287.378523][ T28] Kernel Offset: disabled [ 287.382848][ T28] Rebooting in 86400 seconds..