./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor830838900 <...> DUID 00:04:06:88:74:a7:04:75:62:cb:55:93:34:09:94:90:e1:fe forked to background, child pid 4658 [ 50.414951][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.439491][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.41' (ECDSA) to the list of known hosts. execve("./syz-executor830838900", ["./syz-executor830838900"], 0x7fffca1dd140 /* 10 vars */) = 0 brk(NULL) = 0x555556e1a000 brk(0x555556e1ac40) = 0x555556e1ac40 arch_prctl(ARCH_SET_FS, 0x555556e1a300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556e1a5d0) = 5085 set_robust_list(0x555556e1a5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f8772e52e80, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f8772e53550}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f8772e52f20, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8772e53550}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor830838900", 4096) = 27 brk(0x555556e3bc40) = 0x555556e3bc40 brk(0x555556e3c000) = 0x555556e3c000 mprotect(0x7f8772f15000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("/syzcgroup", 0777) = 0 mkdir("/syzcgroup/unified", 0777) = 0 mount("none", "/syzcgroup/unified", "cgroup2", 0, NULL) = 0 chmod("/syzcgroup/unified", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/unified/cgroup.subtree_control", O_WRONLY) = 3 write(3, "+cpu", 4) = 4 write(3, "+memory", 7) = 7 write(3, "+io", 3) = 3 write(3, "+pids", 5) = 5 close(3) = 0 mkdir("/syzcgroup/net", 0777) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "devices") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "blkio") = 0 syzkaller login: [ 78.193148][ T5085] cgroup: Unknown subsys name 'net' umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "freezer") = 0 umount2("/syzcgroup/net", 0) = 0 mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/net", "cgroup", 0, "net_prio,devices,blkio,freezer") = 0 chmod("/syzcgroup/net", 0777) = 0 mkdir("/syzcgroup/cpu", 0777) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuacct") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "hugetlb") = 0 umount2("/syzcgroup/cpu", 0) = 0 mount("none", "/syzcgroup/cpu", "cgroup", 0, "rlimit") = -1 EINVAL (Invalid argument) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) [ 78.379915][ T5085] cgroup: Unknown subsys name 'rlimit' mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = ? ERESTARTNOINTR (To be restarted) mount("none", "/syzcgroup/cpu", "cgroup", 0, "cpuset,cpuacct,hugetlb") = 0 chmod("/syzcgroup/cpu", 0777) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cgroup.clone_children", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 openat(AT_FDCWD, "/syzcgroup/cpu/cpuset.memory_pressure_enabled", O_WRONLY|O_CLOEXEC) = 3 write(3, "1", 1) = 1 close(3) = 0 getpid() = 5085 mkdir("./syzkaller.lVsFVJ", 0700) = 0 chmod("./syzkaller.lVsFVJ", 0777) = 0 chdir("./syzkaller.lVsFVJ") = 0 unshare(CLONE_NEWPID) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5086 attached , child_tidptr=0x555556e1a5d0) = 5086 [pid 5086] set_robust_list(0x555556e1a5e0, 24) = 0 [pid 5086] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy) [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setsid() = 1 [pid 5086] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0 [pid 5086] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0 [pid 5086] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0 [pid 5086] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0 [pid 5086] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0 [pid 5086] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0 [pid 5086] unshare(CLONE_NEWNS) = 0 [pid 5086] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0 [pid 5086] unshare(CLONE_NEWIPC) = 0 [pid 5086] unshare(CLONE_NEWCGROUP) = 0 [pid 5086] unshare(CLONE_NEWUTS) = 0 [pid 5086] unshare(CLONE_SYSVSEM) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "16777216", 8) = 8 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "536870912", 9) = 9 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1024", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "8192", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1024", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1024", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1024 1048576 500 1024", 21) = 21 [pid 5086] close(3) = 0 [pid 5086] getpid() = 1 [pid 5086] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1< [pid 5089] set_robust_list(0x7f8772e429e0, 24) = 0 [pid 5089] futex(0x7f8772f1b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... clone resumed>, parent_tid=[3], tls=0x7f8772e42700, child_tidptr=0x7f8772e429d0) = 3 [pid 5088] futex(0x7f8772f1b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 1 [pid 5089] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 5088] futex(0x7f8772f1b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... openat resumed>) = 3 [pid 5089] futex(0x7f8772f1b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] openat(AT_FDCWD, "/dev/nbd0", O_RDONLY [pid 5088] futex(0x7f8772f1b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... openat resumed>) = 4 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f8772f1b4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f8772f1b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] socketpair(AF_UNIX, SOCK_STREAM, 0, [pid 5088] futex(0x7f8772f1b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... socketpair resumed>[5, 6]) = 0 [pid 5089] futex(0x7f8772f1b4cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5089] <... futex resumed>) = 0 [pid 5088] futex(0x7f8772f1b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] futex(0x7f8772f1b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] futex(0x7f8772f1b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] ioctl(4, NBD_SET_SOCK, 5 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f8772f1b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... ioctl resumed>) = 0 [pid 5089] futex(0x7f8772f1b4cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5089] futex(0x7f8772f1b4c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] futex(0x7f8772f1b4c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5088] <... futex resumed>) = 0 [pid 5089] ioctl(3, NBD_DO_IT [pid 5088] futex(0x7f8772f1b4cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f8772f1b4dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8772e01000 [pid 5088] mprotect(0x7f8772e02000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] clone(child_stack=0x7f8772e213f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5091 attached , parent_tid=[4], tls=0x7f8772e21700, child_tidptr=0x7f8772e219d0) = 4 [pid 5088] futex(0x7f8772f1b4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5091] set_robust_list(0x7f8772e219e0, 24 [pid 5088] futex(0x7f8772f1b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] ioctl(4, NBD_SET_SIZE_BLOCKS, 1) = 0 [pid 5091] futex(0x7f8772f1b4dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f8772f1b4d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f8772f1b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.733900][ T5091] nbd0: detected capacity change from 0 to 2 [pid 5091] ioctl(4, NBD_SET_SOCK, 5 [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f8772f1b4dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] close(5) = 0 [pid 5088] close(6) = 0 [pid 5088] close(7) = -1 EBADF (Bad file descriptor) [pid 5088] close(8) = -1 EBADF (Bad file descriptor) [pid 5088] close(9) = -1 EBADF (Bad file descriptor) [pid 5088] close(10) = -1 EBADF (Bad file descriptor) [pid 5088] close(11) = -1 EBADF (Bad file descriptor) [pid 5088] close(12) = -1 EBADF (Bad file descriptor) [pid 5088] close(13) = -1 EBADF (Bad file descriptor) [pid 5088] close(14) = -1 EBADF (Bad file descriptor) [pid 5088] close(15) = -1 EBADF (Bad file descriptor) [pid 5088] close(16) = -1 EBADF (Bad file descriptor) [pid 5088] close(17) = -1 EBADF (Bad file descriptor) [pid 5088] close(18) = -1 EBADF (Bad file descriptor) [pid 5088] close(19) = -1 EBADF (Bad file descriptor) [pid 5088] close(20) = -1 EBADF (Bad file descriptor) [pid 5088] close(21) = -1 EBADF (Bad file descriptor) [pid 5088] close(22) = -1 EBADF (Bad file descriptor) [pid 5088] close(23) = -1 EBADF (Bad file descriptor) [pid 5088] close(24) = -1 EBADF (Bad file descriptor) [pid 5088] close(25) = -1 EBADF (Bad file descriptor) [pid 5088] close(26) = -1 EBADF (Bad file descriptor) [pid 5088] close(27) = -1 EBADF (Bad file descriptor) [pid 5088] close(28) = -1 EBADF (Bad file descriptor) [pid 5088] close(29) = -1 EBADF (Bad file descriptor) [pid 5088] exit_group(0) = ? [ 78.930727][ T4399] block nbd0: Receive control failed (result -104) [pid 5086] kill(-2, SIGKILL) = 0 [pid 5086] kill(2, SIGKILL) = 0 [pid 5086] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5086] getdents64(3, 0x555556e1b620 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(3, 0x555556e1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [ 91.688665][ T1455] cfg80211: failed to load regulatory.db [ 108.967290][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 30 seconds [ 139.047146][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 60 seconds [ 141.710271][ T4446] udevd[4446]: worker [5090] /devices/virtual/block/nbd0 is taking a long time [ 169.126580][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 90 seconds [ 199.208843][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 120 seconds [ 229.286712][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 150 seconds [ 258.875514][ T4446] udevd[4446]: worker [5090] /devices/virtual/block/nbd0 timeout; kill it [ 258.884368][ T4446] udevd[4446]: seq 7530 '/devices/virtual/block/nbd0' killed [ 259.366632][ T52] block nbd0: Possible stuck request ffff88801ef90000: control (read@0,1024B). Runtime 180 seconds [ 286.246387][ T28] INFO: task syz-executor830:5089 blocked for more than 143 seconds. [ 286.254719][ T28] Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 [ 286.261841][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.270593][ T28] task:syz-executor830 state:D stack:27440 pid:5089 ppid:5086 flags:0x00004004 [ 286.279882][ T28] Call Trace: [ 286.283205][ T28] [ 286.286220][ T28] __schedule+0x1d23/0x5650 [ 286.290870][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.296996][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.302321][ T28] ? __mutex_lock+0xa36/0x1350 [ 286.307176][ T28] schedule+0xde/0x1a0 [ 286.311282][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.316811][ T28] __mutex_lock+0xa3b/0x1350 [ 286.321443][ T28] ? nbd_ioctl+0x315/0xcf0 [ 286.325909][ T28] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 286.331558][ T28] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 286.337467][ T28] nbd_ioctl+0x315/0xcf0 [ 286.341741][ T28] ? nbd_start_device+0xda0/0xda0 [ 286.346839][ T28] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 286.352722][ T28] ? lock_acquire+0x32/0xc0 [ 286.357303][ T28] ? receive_fd+0x110/0x110 [ 286.361887][ T28] ? nbd_start_device+0xda0/0xda0 [ 286.367000][ T28] blkdev_ioctl+0x372/0x800 [ 286.371612][ T28] ? blkdev_common_ioctl+0x1a90/0x1a90 [ 286.377144][ T28] ? bpf_lsm_file_ioctl+0x9/0x10 [ 286.382194][ T28] ? blkdev_common_ioctl+0x1a90/0x1a90 [ 286.387750][ T28] __x64_sys_ioctl+0x197/0x210 [ 286.392620][ T28] do_syscall_64+0x39/0xb0 [ 286.397203][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.403212][ T28] RIP: 0033:0x7f8772e95f99 [ 286.407831][ T28] RSP: 002b:00007f8772e42308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.416328][ T28] RAX: ffffffffffffffda RBX: 00007f8772f1b4c8 RCX: 00007f8772e95f99 [ 286.424325][ T28] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 286.432375][ T28] RBP: 00007f8772f1b4c0 R08: 0000000000000000 R09: 0000000000000000 [ 286.440428][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8772f1b4cc [ 286.448463][ T28] R13: 00007f8772ee82b4 R14: 64626e2f7665642f R15: 0000000000022000 [ 286.456536][ T28] [ 286.459581][ T28] INFO: task syz-executor830:5091 blocked for more than 143 seconds. [ 286.467736][ T28] Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 [ 286.474790][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.483527][ T28] task:syz-executor830 state:D stack:28592 pid:5091 ppid:5086 flags:0x00004004 [ 286.492816][ T28] Call Trace: [ 286.496118][ T28] [ 286.499121][ T28] __schedule+0x1d23/0x5650 [ 286.503659][ T28] ? find_held_lock+0x2d/0x110 [ 286.508508][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.513862][ T28] ? lock_downgrade+0x690/0x690 [ 286.518822][ T28] ? mark_held_locks+0x9f/0xe0 [ 286.523646][ T28] ? _raw_spin_unlock_irqrestore+0x54/0x70 [ 286.529585][ T28] schedule+0xde/0x1a0 [ 286.533691][ T28] blk_mq_freeze_queue_wait+0x116/0x160 [ 286.539365][ T28] ? blk_mq_queue_inflight+0xa0/0xa0 [ 286.544798][ T28] ? blk_mq_run_hw_queue+0x510/0x510 [ 286.550180][ T28] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 286.556068][ T28] nbd_add_socket+0x168/0x960 [ 286.560837][ T28] ? apparmor_capable+0x1dc/0x460 [ 286.566012][ T28] ? nbd_genl_status+0x540/0x540 [ 286.571111][ T28] ? bpf_lsm_capable+0x9/0x10 [ 286.575833][ T28] ? security_capable+0x93/0xc0 [ 286.580805][ T28] nbd_ioctl+0x820/0xcf0 [ 286.585111][ T28] ? blkdev_bszset+0x1f0/0x1f0 [ 286.589948][ T28] ? nbd_start_device+0xda0/0xda0 [ 286.595048][ T28] ? trace_lock_acquire+0x12d/0x180 [ 286.600335][ T28] ? lock_acquire+0x32/0xc0 [ 286.604886][ T28] ? receive_fd+0x110/0x110 [ 286.609480][ T28] ? nbd_start_device+0xda0/0xda0 [ 286.614657][ T28] blkdev_ioctl+0x372/0x800 [ 286.619249][ T28] ? blkdev_common_ioctl+0x1a90/0x1a90 [ 286.624781][ T28] ? bpf_lsm_file_ioctl+0x9/0x10 [ 286.629813][ T28] ? blkdev_common_ioctl+0x1a90/0x1a90 [ 286.635327][ T28] __x64_sys_ioctl+0x197/0x210 [ 286.640183][ T28] do_syscall_64+0x39/0xb0 [ 286.644654][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.650655][ T28] RIP: 0033:0x7f8772e95f99 [ 286.655125][ T28] RSP: 002b:00007f8772e21308 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.663658][ T28] RAX: ffffffffffffffda RBX: 00007f8772f1b4d8 RCX: 00007f8772e95f99 [ 286.671699][ T28] RDX: 0000000000000005 RSI: 000000000000ab00 RDI: 0000000000000004 [ 286.679759][ T28] RBP: 00007f8772f1b4d0 R08: 0000000000000000 R09: 0000000000000000 [ 286.687792][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8772f1b4dc [ 286.695786][ T28] R13: 00007f8772ee82b4 R14: 64626e2f7665642f R15: 0000000000022000 [ 286.703837][ T28] [ 286.706913][ T28] [ 286.706913][ T28] Showing all locks held in the system: [ 286.714642][ T28] 1 lock held by rcu_tasks_kthre/13: [ 286.719978][ T28] #0: ffffffff8c796630 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 286.730687][ T28] 1 lock held by rcu_tasks_trace/14: [ 286.735981][ T28] #0: ffffffff8c796330 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 286.747038][ T28] 1 lock held by khungtaskd/28: [ 286.751910][ T28] #0: ffffffff8c797240 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x390 [ 286.761895][ T28] 2 locks held by getty/4764: [ 286.766641][ T28] #0: ffff8880282f4098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 286.776584][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0 [ 286.786830][ T28] 1 lock held by syz-executor830/5089: [ 286.792309][ T28] #0: ffff88801ee1f198 (&nbd->config_lock){+.+.}-{3:3}, at: nbd_ioctl+0x315/0xcf0 [ 286.801712][ T28] 1 lock held by syz-executor830/5091: [ 286.807229][ T28] #0: ffff88801ee1f198 (&nbd->config_lock){+.+.}-{3:3}, at: nbd_ioctl+0x156/0xcf0 [ 286.816643][ T28] 1 lock held by udevd/5090: [ 286.821259][ T28] #0: ffff888146ec44c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev.part.0+0x9b/0xb80 [ 286.831952][ T28] [ 286.834296][ T28] ============================================= [ 286.834296][ T28] [ 286.842765][ T28] NMI backtrace for cpu 0 [ 286.847110][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 [ 286.856418][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 286.866479][ T28] Call Trace: [ 286.869759][ T28] [ 286.872696][ T28] dump_stack_lvl+0xd9/0x150 [ 286.877373][ T28] nmi_cpu_backtrace+0x29c/0x350 [ 286.882334][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.887569][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 286.893590][ T28] watchdog+0xe16/0x1090 [ 286.897869][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 286.903888][ T28] kthread+0x33e/0x440 [ 286.908036][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 286.913701][ T28] ret_from_fork+0x1f/0x30 [ 286.918168][ T28] [ 286.921283][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.926571][ C1] NMI backtrace for cpu 1 [ 286.926582][ C1] CPU: 1 PID: 10 Comm: kworker/u4:0 Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 [ 286.926609][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 286.926624][ C1] Workqueue: events_unbound toggle_allocation_gate [ 286.926703][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x0/0x20 [ 286.926741][ C1] Code: d6 fe ff ff 66 0f 1f 44 00 00 f3 0f 1e fa 48 8b 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 b8 fe ff ff 0f 1f 84 00 00 00 00 00 0f 1e fa 48 8b 0c 24 89 f2 89 fe bf 05 00 00 00 e9 9a fe ff ff [ 286.926764][ C1] RSP: 0018:ffffc900000f79f8 EFLAGS: 00000293 [ 286.926782][ C1] RAX: 0000000000000000 RBX: ffffc900000f7a60 RCX: 0000000000000000 [ 286.926798][ C1] RDX: ffff888016799d40 RSI: 0000000000000002 RDI: 0000000000000002 [ 286.926814][ C1] RBP: 0000000000000002 R08: 0000000000000000 R09: ffffffff8e78a2d7 [ 286.926830][ C1] R10: fffffbfff1cf145a R11: 0000000000000000 R12: ffffffff81d55299 [ 286.926846][ C1] R13: 000000000000000f R14: 0000000000000000 R15: 0000000000000000 [ 286.926861][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.926886][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.926903][ C1] CR2: 00005638834a6680 CR3: 000000000c571000 CR4: 00000000003506e0 [ 286.926918][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.926933][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.926949][ C1] Call Trace: [ 286.926955][ C1] [ 286.926961][ C1] insn_decode+0x26/0x3b0 [ 286.926993][ C1] ? kmem_cache_alloc_node+0xc9/0x3e0 [ 286.927042][ C1] arch_jump_entry_size+0xa4/0x110 [ 286.927139][ C1] ? mask_and_ack_8259A+0x150/0x150 [ 286.927165][ C1] ? arch_jump_label_transform_queue+0x5c/0x100 [ 286.927199][ C1] ? __mutex_lock+0x231/0x1350 [ 286.927232][ C1] ? kmem_cache_alloc_node+0x24b/0x3e0 [ 286.927261][ C1] __jump_label_patch+0x80/0x340 [ 286.927290][ C1] arch_jump_label_transform_queue+0x67/0x100 [ 286.927320][ C1] __jump_label_update+0x12e/0x410 [ 286.927388][ C1] jump_label_update+0x32f/0x410 [ 286.927428][ C1] static_key_disable_cpuslocked+0x156/0x1b0 [ 286.927469][ C1] static_key_disable+0x1a/0x20 [ 286.927507][ C1] toggle_allocation_gate+0x143/0x230 [ 286.927532][ C1] ? wake_up_kfence_timer+0x30/0x30 [ 286.927557][ C1] ? trace_lock_acquire+0x12d/0x180 [ 286.927584][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.927619][ C1] ? process_one_work+0x8b7/0x15e0 [ 286.927650][ C1] ? lock_acquire+0x32/0xc0 [ 286.927679][ C1] ? process_one_work+0x8b7/0x15e0 [ 286.927714][ C1] process_one_work+0x99a/0x15e0 [ 286.927753][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 286.927785][ C1] ? rcu_is_watching+0x12/0xb0 [ 286.927824][ C1] ? spin_bug+0x1c0/0x1c0 [ 286.927856][ C1] ? lock_acquire+0x32/0xc0 [ 286.927885][ C1] ? worker_thread+0x16d/0x10c0 [ 286.927920][ C1] worker_thread+0x67d/0x10c0 [ 286.927958][ C1] ? process_one_work+0x15e0/0x15e0 [ 286.927992][ C1] kthread+0x33e/0x440 [ 286.928018][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 286.928049][ C1] ret_from_fork+0x1f/0x30 [ 286.928092][ C1] [ 286.928100][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.528 msecs [ 286.928569][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.254001][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-rc4-next-20230331-syzkaller #0 [ 287.263307][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 287.273393][ T28] Call Trace: [ 287.276686][ T28] [ 287.279646][ T28] dump_stack_lvl+0xd9/0x150 [ 287.284401][ T28] panic+0x688/0x730 [ 287.288408][ T28] ? panic_smp_self_stop+0x90/0x90 [ 287.293554][ T28] ? irq_work_claim+0x76/0x90 [ 287.298303][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.303523][ T28] ? irq_work_queue+0x2d/0x80 [ 287.308251][ T28] ? watchdog+0xbe8/0x1090 [ 287.312697][ T28] watchdog+0xbf9/0x1090 [ 287.317069][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.323085][ T28] kthread+0x33e/0x440 [ 287.327185][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.332859][ T28] ret_from_fork+0x1f/0x30 [ 287.337324][ T28] [ 287.340675][ T28] Kernel Offset: disabled [ 287.345025][ T28] Rebooting in 86400 seconds..