./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3306322850 <...> Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. execve("./syz-executor3306322850", ["./syz-executor3306322850"], 0x7ffe47502640 /* 10 vars */) = 0 brk(NULL) = 0x555556f89000 brk(0x555556f89c40) = 0x555556f89c40 arch_prctl(ARCH_SET_FS, 0x555556f89300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3306322850", 4096) = 28 brk(0x555556faac40) = 0x555556faac40 brk(0x555556fab000) = 0x555556fab000 mprotect(0x7f6d29ae4000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5025 attached , child_tidptr=0x555556f895d0) = 5025 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f895d0) = 5026 ./strace-static-x86_64: Process 5026 attached [pid 5024] <... clone resumed>, child_tidptr=0x555556f895d0) = 5027 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5027 attached ) = 0 [pid 5024] <... clone resumed>, child_tidptr=0x555556f895d0) = 5028 [pid 5026] setpgid(0, 0 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... setpgid resumed>) = 0 [pid 5026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5029 attached ./strace-static-x86_64: Process 5028 attached [pid 5027] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... openat resumed>) = 3 [pid 5024] <... clone resumed>, child_tidptr=0x555556f895d0) = 5029 [pid 5029] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] write(3, "1000", 4 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... write resumed>) = 4 [pid 5026] close(3 [pid 5024] <... clone resumed>, child_tidptr=0x555556f895d0) = 5031 [pid 5024] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5026] <... close resumed>) = 0 [pid 5026] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5029] <... clone resumed>, child_tidptr=0x555556f895d0) = 5030 [pid 5026] <... openat resumed>) = 3 [pid 5026] dup(3) = 4 [pid 5024] <... clone resumed>, child_tidptr=0x555556f895d0) = 5032 [pid 5026] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656./strace-static-x86_64: Process 5031 attached ./strace-static-x86_64: Process 5032 attached [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] <... clone resumed>, child_tidptr=0x555556f895d0) = 5033 [pid 5027] <... clone resumed>, child_tidptr=0x555556f895d0) = 5034 [pid 5032] <... clone resumed>, child_tidptr=0x555556f895d0) = 5036 [pid 5031] <... clone resumed>, child_tidptr=0x555556f895d0) = 5035 ./strace-static-x86_64: Process 5036 attached ./strace-static-x86_64: Process 5034 attached [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5033 attached [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5034] <... prctl resumed>) = 0 [pid 5034] setpgid(0, 0) = 0 [pid 5033] <... prctl resumed>) = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5036] setpgid(0, 0 [pid 5033] setpgid(0, 0) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5030 attached [pid 5036] <... setpgid resumed>) = 0 [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... openat resumed>) = 3 [pid 5034] <... openat resumed>) = 3 [pid 5036] write(3, "1000", 4) = 4 [pid 5036] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5036] dup(3) = 4 [pid 5036] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656./strace-static-x86_64: Process 5035 attached [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5034] write(3, "1000", 4 [pid 5033] <... openat resumed>) = 3 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5034] <... write resumed>) = 4 [pid 5033] write(3, "1000", 4 [pid 5030] <... prctl resumed>) = 0 [pid 5034] close(3 [pid 5033] <... write resumed>) = 4 [pid 5030] setpgid(0, 0 [pid 5033] close(3 [pid 5034] <... close resumed>) = 0 [pid 5030] <... setpgid resumed>) = 0 [pid 5033] <... close resumed>) = 0 [pid 5035] <... prctl resumed>) = 0 [pid 5035] setpgid(0, 0 [pid 5033] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5035] <... setpgid resumed>) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5034] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5033] <... openat resumed>) = 3 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5035] <... openat resumed>) = 3 [pid 5034] <... openat resumed>) = 3 [pid 5033] dup(3 [pid 5035] write(3, "1000", 4 [pid 5034] dup(3 [pid 5033] <... dup resumed>) = 4 [pid 5030] <... openat resumed>) = 3 [pid 5035] <... write resumed>) = 4 [pid 5034] <... dup resumed>) = 4 [pid 5033] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5035] close(3 [pid 5034] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5030] write(3, "1000", 4 [pid 5035] <... close resumed>) = 0 [pid 5030] <... write resumed>) = 4 [pid 5035] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5030] close(3 [pid 5035] <... openat resumed>) = 3 [pid 5035] dup(3) = 4 [pid 5030] <... close resumed>) = 0 [pid 5035] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5030] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5030] dup(3) = 4 [pid 5030] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5025] kill(-5026, SIGKILL) = 0 [pid 5025] kill(5026, SIGKILL) = 0 [pid 5029] kill(-5030, SIGKILL) = 0 [pid 5029] kill(5030, SIGKILL) = 0 [pid 5032] kill(-5036, SIGKILL) = 0 [pid 5032] kill(5036, SIGKILL) = 0 [pid 5028] kill(-5033, SIGKILL) = 0 [pid 5031] kill(-5035, SIGKILL [pid 5028] kill(5033, SIGKILL [pid 5031] <... kill resumed>) = 0 [pid 5028] <... kill resumed>) = 0 [pid 5031] kill(5035, SIGKILL) = 0 [pid 5027] kill(-5034, SIGKILL) = 0 [pid 5027] kill(5034, SIGKILL) = 0 [pid 5025] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5025] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5032] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5032] <... openat resumed>) = 3 [pid 5032] fstat(3, [pid 5029] <... openat resumed>) = 3 [pid 5032] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5029] fstat(3, [pid 5032] getdents64(3, [pid 5029] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5032] <... getdents64 resumed>0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5031] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5032] getdents64(3, [pid 5029] getdents64(3, [pid 5032] <... getdents64 resumed>0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5031] <... openat resumed>) = 3 [pid 5029] <... getdents64 resumed>0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5032] close(3 [pid 5031] fstat(3, [pid 5029] getdents64(3, [pid 5032] <... close resumed>) = 0 [pid 5031] <... fstat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5029] <... getdents64 resumed>0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5031] getdents64(3, [pid 5029] close(3 [pid 5031] <... getdents64 resumed>0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5029] <... close resumed>) = 0 [pid 5031] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5031] close(3) = 0 [pid 5028] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5028] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(3, [pid 5027] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... getdents64 resumed>0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5027] <... openat resumed>) = 3 [pid 5028] close(3) = 0 [pid 5027] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5027] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5027] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5027] close(3) = 0 [ 76.600587][ T2400] cfg80211: failed to load regulatory.db [pid 5026] <... fallocate resumed>) = ? [pid 5026] +++ killed by SIGKILL +++ [pid 5025] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5026, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5483 /* 54.83 s */} --- [pid 5025] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f895d0) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5053] dup(3) = 4 [pid 5053] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5025] kill(-5053, SIGKILL) = 0 [pid 5025] kill(5053, SIGKILL) = 0 [pid 5025] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5025] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5025] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5025] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5025] close(3) = 0 [pid 5036] <... fallocate resumed>) = ? [pid 5036] +++ killed by SIGKILL +++ [pid 5032] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5036, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5371 /* 53.71 s */} --- [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f895d0) = 5054 ./strace-static-x86_64: Process 5054 attached [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5054] dup(3) = 4 [pid 5054] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5032] kill(-5054, SIGKILL) = 0 [pid 5032] kill(5054, SIGKILL) = 0 [pid 5032] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5032] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5032] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5032] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5032] close(3) = 0 [pid 5033] <... fallocate resumed>) = ? [pid 5033] +++ killed by SIGKILL +++ [pid 5028] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5033, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5530 /* 55.30 s */} --- [pid 5028] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f895d0) = 5061 ./strace-static-x86_64: Process 5061 attached [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5061] dup(3) = 4 [pid 5061] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 2251799830470656 [pid 5028] kill(-5061, SIGKILL) = 0 [pid 5028] kill(5061, SIGKILL) = 0 [pid 5028] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5028] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5028] getdents64(3, 0x555556f8a620 /* 2 entries */, 32768) = 48 [pid 5028] getdents64(3, 0x555556f8a620 /* 0 entries */, 32768) = 0 [pid 5028] close(3) = 0 [ 286.515205][ T28] INFO: task syz-executor330:5030 blocked for more than 143 seconds. [ 286.523535][ T28] Not tainted 6.4.0-next-20230630-syzkaller #0 [ 286.537606][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.547335][ T28] task:syz-executor330 state:D stack:28032 pid:5030 ppid:5029 flags:0x00004004 [ 286.556644][ T28] Call Trace: [ 286.559940][ T28] [ 286.562903][ T28] __schedule+0xc9a/0x5880 [ 286.575169][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.581635][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 286.587670][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.593394][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 286.599835][ T28] schedule+0xde/0x1a0 [ 286.604323][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.610284][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 286.616516][ T28] ? down_timeout+0x90/0x90 [ 286.621438][ T28] ? lock_sync+0x190/0x190 [ 286.625968][ T28] down_write+0x1d2/0x200 [ 286.630329][ T28] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 286.636453][ T28] blkdev_fallocate+0x1e8/0x3e0 [ 286.641751][ T28] ? file_to_blk_mode+0x130/0x130 [ 286.647239][ T28] vfs_fallocate+0x491/0xe90 [ 286.656489][ T28] __x64_sys_fallocate+0xd3/0x140 [ 286.661939][ T28] do_syscall_64+0x39/0xb0 [ 286.666850][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.673220][ T28] RIP: 0033:0x7f6d29a77e29 [ 286.677755][ T28] RSP: 002b:00007ffc173d5818 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.686604][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f6d29a77e29 [ 286.694977][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.704698][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.712732][ T28] R10: 0008000001002000 R11: 0000000000000246 R12: 00007f6d29a3b600 [ 286.724946][ T28] R13: 0000000000000000 R14: 00007ffc173d5840 R15: 00007ffc173d5830 [ 286.734099][ T28] [ 286.738143][ T28] INFO: task syz-executor330:5035 blocked for more than 143 seconds. [ 286.746697][ T28] Not tainted 6.4.0-next-20230630-syzkaller #0 [ 286.753704][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.762508][ T28] task:syz-executor330 state:D stack:27584 pid:5035 ppid:5031 flags:0x00004004 [ 286.772816][ T28] Call Trace: [ 286.776202][ T28] [ 286.784425][ T28] __schedule+0xc9a/0x5880 [ 286.790498][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.797545][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 286.803224][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.809630][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 286.816642][ T28] schedule+0xde/0x1a0 [ 286.822538][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.828095][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 286.833866][ T28] ? down_timeout+0x90/0x90 [ 286.839455][ T28] ? lock_sync+0x190/0x190 [ 286.846370][ T28] down_write+0x1d2/0x200 [ 286.850748][ T28] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 286.858230][ T28] blkdev_fallocate+0x1e8/0x3e0 [ 286.863143][ T28] ? file_to_blk_mode+0x130/0x130 [ 286.869241][ T28] vfs_fallocate+0x491/0xe90 [ 286.874819][ T28] __x64_sys_fallocate+0xd3/0x140 [ 286.880906][ T28] do_syscall_64+0x39/0xb0 [ 286.886569][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.893397][ T28] RIP: 0033:0x7f6d29a77e29 [ 286.897993][ T28] RSP: 002b:00007ffc173d5818 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.906809][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f6d29a77e29 [ 286.915175][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.923265][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 286.935158][ T28] R10: 0008000001002000 R11: 0000000000000246 R12: 00007f6d29a3b600 [ 286.943474][ T28] R13: 0000000000000000 R14: 00007ffc173d5840 R15: 00007ffc173d5830 [ 286.951861][ T28] [ 286.954962][ T28] INFO: task syz-executor330:5053 blocked for more than 143 seconds. [ 286.963478][ T28] Not tainted 6.4.0-next-20230630-syzkaller #0 [ 286.970618][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.979677][ T28] task:syz-executor330 state:D stack:27232 pid:5053 ppid:5025 flags:0x00004004 [ 287.005330][ T28] Call Trace: [ 287.010585][ T28] [ 287.013585][ T28] __schedule+0xc9a/0x5880 [ 287.019426][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.032951][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 287.039642][ T28] ? io_schedule_timeout+0x150/0x150 [ 287.045929][ T28] ? rwsem_down_write_slowpath+0x3b8/0x1220 [ 287.051892][ T28] schedule+0xde/0x1a0 [ 287.057085][ T28] schedule_preempt_disabled+0x13/0x20 [ 287.063510][ T28] rwsem_down_write_slowpath+0x3e2/0x1220 [ 287.069411][ T28] ? down_timeout+0x90/0x90 [ 287.074350][ T28] ? lock_sync+0x190/0x190 [ 287.082194][ T28] down_write+0x1d2/0x200 [ 287.088331][ T28] ? rwsem_down_write_slowpath+0x1220/0x1220 [ 287.094388][ T28] blkdev_fallocate+0x1e8/0x3e0 [ 287.100358][ T28] ? file_to_blk_mode+0x130/0x130 [ 287.105587][ T28] vfs_fallocate+0x491/0xe90 [ 287.110301][ T28] __x64_sys_fallocate+0xd3/0x140 [ 287.115593][ T28] do_syscall_64+0x39/0xb0 [ 287.120059][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.132459][ T28] RIP: 0033:0x7f6d29a77e29 [ 287.137175][ T28] RSP: 002b:00007ffc173d5818 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.146749][ T28] RAX: ffffffffffffffda RBX: 00000000000f4240 RCX: 00007f6d29a77e29 [ 287.155501][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 287.163842][ T28] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 [ 287.172904][ T28] R10: 0008000001002000 R11: 0000000000000246 R12: 000000000000e36e [ 287.181972][ T28] R13: 00007ffc173d582c R14: 00007ffc173d5840 R15: 00007ffc173d5830 [ 287.190089][ T28] [ 287.197805][ T28] [ 287.197805][ T28] Showing all locks held in the system: [ 287.205965][ T28] 1 lock held by rcu_tasks_kthre/13: [ 287.211663][ T28] #0: ffffffff8c9a2170 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 287.222538][ T28] 1 lock held by rcu_tasks_trace/14: [ 287.228354][ T28] #0: ffffffff8c9a1e70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80 [ 287.239762][ T28] 1 lock held by khungtaskd/28: [ 287.245043][ T28] #0: ffffffff8c9a2d80 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 287.255429][ T28] 2 locks held by getty/4777: [ 287.260443][ T28] #0: ffff88814ac0a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80 [ 287.270384][ T28] #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xf08/0x13f0 [ 287.280568][ T28] 1 lock held by syz-executor330/5030: [ 287.286455][ T28] #0: ffff888148cace48 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x3e0 [ 287.297508][ T28] 1 lock held by syz-executor330/5034: [ 287.303304][ T28] 1 lock held by syz-executor330/5035: [ 287.309836][ T28] #0: ffff888148cace48 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x3e0 [ 287.321609][ T28] 1 lock held by syz-executor330/5053: [ 287.328186][ T28] #0: ffff888148cace48 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x3e0 [ 287.340806][ T28] 1 lock held by syz-executor330/5054: [ 287.347094][ T28] #0: ffff888148cace48 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x3e0 [ 287.358862][ T28] 1 lock held by syz-executor330/5061: [ 287.365042][ T28] #0: ffff888148cace48 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e8/0x3e0 [ 287.376103][ T28] [ 287.378737][ T28] ============================================= [ 287.378737][ T28] [ 287.387524][ T28] NMI backtrace for cpu 0 [ 287.391860][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-next-20230630-syzkaller #0 [ 287.400868][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 287.410915][ T28] Call Trace: [ 287.414183][ T28] [ 287.417105][ T28] dump_stack_lvl+0xd9/0x150 [ 287.421756][ T28] nmi_cpu_backtrace+0x29c/0x350 [ 287.426690][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.431891][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300 [ 287.437888][ T28] watchdog+0xe16/0x1090 [ 287.442144][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.448125][ T28] kthread+0x344/0x440 [ 287.452199][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.457843][ T28] ret_from_fork+0x1f/0x30 [ 287.462318][ T28] [ 287.465419][ T28] Sending NMI from CPU 0 to CPUs 1: [ 287.470659][ C1] NMI backtrace for cpu 1 [ 287.470668][ C1] CPU: 1 PID: 76 Comm: kworker/u4:4 Not tainted 6.4.0-next-20230630-syzkaller #0 [ 287.470688][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 287.470699][ C1] Workqueue: events_unbound toggle_allocation_gate [ 287.470746][ C1] RIP: 0010:__lock_acquire+0x987/0x5e20 [ 287.470773][ C1] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 f2 4a 00 00 44 8b 4c 24 10 49 8b 9c 24 b8 0a 00 00 45 85 c9 0f 84 33 06 00 00 45 31 ff <48> b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 0f [ 287.470790][ C1] RSP: 0018:ffffc900015b7868 EFLAGS: 00000046 [ 287.470804][ C1] RAX: dffffc0000000000 RBX: 09d2557549e10215 RCX: ffffffff81661a54 [ 287.470817][ C1] RDX: 1ffff110033d78c7 RSI: 0000000000000008 RDI: ffffffff91867e80 [ 287.470829][ C1] RBP: ffff888019ebc6c0 R08: 0000000000000000 R09: 0000000000000003 [ 287.470840][ C1] R10: ffffffff91867e87 R11: 0000000000000001 R12: ffff888019ebbb80 [ 287.470852][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.470863][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 287.470882][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.470895][ C1] CR2: 00007fb08651c580 CR3: 000000000c775000 CR4: 00000000003506e0 [ 287.470906][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.470917][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.470928][ C1] Call Trace: [ 287.470933][ C1] [ 287.470938][ C1] ? nmi_cpu_backtrace+0x1d0/0x350 [ 287.470959][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.470984][ C1] ? nmi_handle+0x13d/0x400 [ 287.471012][ C1] ? irqentry_nmi_enter+0x80/0x90 [ 287.471037][ C1] ? __lock_acquire+0x987/0x5e20 [ 287.471059][ C1] ? default_do_nmi+0x6b/0x170 [ 287.471081][ C1] ? exc_nmi+0x171/0x1e0 [ 287.471101][ C1] ? end_repeat_nmi+0x16/0x31 [ 287.471165][ C1] ? __lock_acquire+0xf44/0x5e20 [ 287.471188][ C1] ? __lock_acquire+0x987/0x5e20 [ 287.471211][ C1] ? __lock_acquire+0x987/0x5e20 [ 287.471234][ C1] ? __lock_acquire+0x987/0x5e20 [ 287.471256][ C1] [ 287.471261][ C1] [ 287.471270][ C1] ? mark_held_locks+0x9f/0xe0 [ 287.471291][ C1] ? on_each_cpu_cond_mask+0x5a/0xa0 [ 287.471322][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 287.471346][ C1] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.471369][ C1] ? smp_call_function_many_cond+0x41f/0x1720 [ 287.471396][ C1] lock_acquire+0x1b1/0x520 [ 287.471423][ C1] ? static_key_disable_cpuslocked+0x10c/0x1b0 [ 287.471473][ C1] ? lock_sync+0x190/0x190 [ 287.471501][ C1] __mutex_lock+0x12f/0x1350 [ 287.471523][ C1] ? static_key_disable_cpuslocked+0x10c/0x1b0 [ 287.471549][ C1] ? static_key_disable_cpuslocked+0x10c/0x1b0 [ 287.471575][ C1] ? mutex_lock_io_nested+0x11a0/0x11a0 [ 287.471599][ C1] ? lock_sync+0x190/0x190 [ 287.471627][ C1] static_key_disable_cpuslocked+0x10c/0x1b0 [ 287.471651][ C1] static_key_disable+0x1a/0x20 [ 287.471673][ C1] toggle_allocation_gate+0x143/0x230 [ 287.471693][ C1] ? wake_up_kfence_timer+0x30/0x30 [ 287.471715][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.471793][ C1] process_one_work+0xa34/0x16f0 [ 287.471818][ C1] ? lock_sync+0x190/0x190 [ 287.471840][ C1] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 287.471864][ C1] ? spin_bug+0x1c0/0x1c0 [ 287.471887][ C1] ? _raw_spin_lock_irq+0x45/0x50 [ 287.471915][ C1] worker_thread+0x67d/0x10c0 [ 287.471942][ C1] ? process_one_work+0x16f0/0x16f0 [ 287.471964][ C1] kthread+0x344/0x440 [ 287.471982][ C1] ? kthread_complete_and_exit+0x40/0x40 [ 287.472003][ C1] ret_from_fork+0x1f/0x30 [ 287.472033][ C1] [ 287.472039][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.380 msecs [ 287.473011][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.845816][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-next-20230630-syzkaller #0 [ 287.854757][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023 [ 287.864811][ T28] Call Trace: [ 287.868089][ T28] [ 287.871020][ T28] dump_stack_lvl+0xd9/0x150 [ 287.875622][ T28] panic+0x686/0x730 [ 287.879527][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 287.884650][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.889861][ T28] ? preempt_schedule_thunk+0x1a/0x30 [ 287.895255][ T28] ? watchdog+0xbe8/0x1090 [ 287.899693][ T28] watchdog+0xbf9/0x1090 [ 287.903953][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80 [ 287.909949][ T28] kthread+0x344/0x440 [ 287.914022][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.919662][ T28] ret_from_fork+0x1f/0x30 [ 287.924102][ T28] [ 287.927449][ T28] Kernel Offset: disabled [ 287.931766][ T28] Rebooting in 86400 seconds..