./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3293373732 <...> Warning: Permanently added '10.128.1.102' (ED25519) to the list of known hosts. execve("./syz-executor3293373732", ["./syz-executor3293373732"], 0x7ffe391414f0 /* 10 vars */) = 0 brk(NULL) = 0x55555686c000 brk(0x55555686cd00) = 0x55555686cd00 arch_prctl(ARCH_SET_FS, 0x55555686c380) = 0 set_tid_address(0x55555686c650) = 5057 set_robust_list(0x55555686c660, 24) = 0 rseq(0x55555686cca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3293373732", 4096) = 28 getrandom("\xef\xac\x32\xce\xaa\xdb\x02\x38", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555686cd00 brk(0x55555688dd00) = 0x55555688dd00 brk(0x55555688e000) = 0x55555688e000 mprotect(0x7f882b70d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555686c650) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5057] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5058] set_robust_list(0x55555686c660, 24) = 0 ./strace-static-x86_64: Process 5059 attached [pid 5058] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5059] set_robust_list(0x55555686c660, 24./strace-static-x86_64: Process 5060 attached [pid 5057] <... clone resumed>, child_tidptr=0x55555686c650) = 5059 [pid 5058] <... clone resumed>, child_tidptr=0x55555686c650) = 5060 [pid 5057] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5060] set_robust_list(0x55555686c660, 24 [pid 5059] <... set_robust_list resumed>) = 0 [pid 5060] <... set_robust_list resumed>) = 0 [pid 5059] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5062 attached [pid 5057] <... clone resumed>, child_tidptr=0x55555686c650) = 5061 [pid 5061] set_robust_list(0x55555686c660, 24 [pid 5060] setpgid(0, 0 [pid 5059] <... clone resumed>, child_tidptr=0x55555686c650) = 5062 [pid 5057] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] set_robust_list(0x55555686c660, 24 [pid 5061] <... set_robust_list resumed>) = 0 [pid 5060] <... setpgid resumed>) = 0 [pid 5062] <... set_robust_list resumed>) = 0 [pid 5061] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 5063 attached ) = 0 [pid 5062] setpgid(0, 0) = 0 [pid 5062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5057] <... clone resumed>, child_tidptr=0x55555686c650) = 5063 [pid 5063] set_robust_list(0x55555686c660, 24 [pid 5062] <... openat resumed>) = 3 [pid 5060] <... openat resumed>) = 3 [pid 5057] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... set_robust_list resumed>) = 0 [pid 5062] write(3, "1000", 4 [pid 5060] write(3, "1000", 4./strace-static-x86_64: Process 5064 attached [pid 5062] <... write resumed>) = 4 [pid 5064] set_robust_list(0x55555686c660, 24 [pid 5062] close(3 [pid 5061] <... clone resumed>, child_tidptr=0x55555686c650) = 5064 [pid 5064] <... set_robust_list resumed>) = 0 [pid 5062] <... close resumed>) = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5062] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT [pid 5060] <... write resumed>) = 4 [pid 5064] <... prctl resumed>) = 0 [pid 5062] <... openat resumed>) = 3 [pid 5060] close(3 [pid 5064] setpgid(0, 0) = 0 [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5062] dup(3 [pid 5064] <... openat resumed>) = 3 [pid 5062] <... dup resumed>) = 4 [pid 5060] <... close resumed>) = 0 [pid 5057] <... clone resumed>, child_tidptr=0x55555686c650) = 5065 [pid 5062] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5060] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT./strace-static-x86_64: Process 5066 attached ./strace-static-x86_64: Process 5065 attached [pid 5064] write(3, "1000", 4 [pid 5060] <... openat resumed>) = 3 [pid 5066] set_robust_list(0x55555686c660, 24 [pid 5065] set_robust_list(0x55555686c660, 24 [pid 5064] <... write resumed>) = 4 [pid 5063] <... clone resumed>, child_tidptr=0x55555686c650) = 5066 [pid 5060] dup(3 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5064] close(3 [pid 5060] <... dup resumed>) = 4 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5065] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... close resumed>) = 0 [pid 5060] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5064] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT [pid 5066] <... prctl resumed>) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5067 attached [pid 5066] <... openat resumed>) = 3 [pid 5064] dup(3) = 4 [pid 5065] <... clone resumed>, child_tidptr=0x55555686c650) = 5067 [pid 5064] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5067] set_robust_list(0x55555686c660, 24) = 0 [pid 5066] write(3, "1000", 4 [pid 5067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5066] <... write resumed>) = 4 [pid 5067] <... prctl resumed>) = 0 [pid 5066] close(3 [pid 5067] setpgid(0, 0 [pid 5066] <... close resumed>) = 0 [pid 5067] <... setpgid resumed>) = 0 [pid 5066] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT [pid 5067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... openat resumed>) = 3 [pid 5066] dup(3) = 4 [pid 5066] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5067] <... openat resumed>) = 3 [pid 5067] write(3, "1000", 4) = 4 [pid 5067] close(3) = 0 [pid 5067] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT) = 3 [pid 5067] dup(3) = 4 [pid 5067] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5058] kill(-5060, SIGKILL) = 0 [pid 5058] kill(5060, SIGKILL) = 0 [pid 5059] kill(-5062, SIGKILL) = 0 [pid 5059] kill(5062, SIGKILL) = 0 [pid 5061] kill(-5064, SIGKILL) = 0 [pid 5061] kill(5064, SIGKILL) = 0 [pid 5063] kill(-5066, SIGKILL) = 0 [pid 5063] kill(5066, SIGKILL) = 0 [pid 5065] kill(-5067, SIGKILL) = 0 [pid 5065] kill(5067, SIGKILL) = 0 [pid 5058] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5061] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5059] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... openat resumed>) = 3 [pid 5065] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, [pid 5063] <... openat resumed>) = 3 [pid 5061] <... openat resumed>) = 3 [pid 5059] <... openat resumed>) = 3 [pid 5058] <... openat resumed>) = 3 [pid 5065] <... getdents64 resumed>0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5063] newfstatat(3, "", [pid 5061] newfstatat(3, "", [pid 5059] newfstatat(3, "", [pid 5058] newfstatat(3, "", [pid 5063] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5061] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5058] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5065] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5065] close(3 [pid 5058] getdents64(3, [pid 5059] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5058] <... getdents64 resumed>0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5065] <... close resumed>) = 0 [pid 5058] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5058] close(3 [pid 5059] getdents64(3, [pid 5063] getdents64(3, [pid 5061] getdents64(3, [pid 5058] <... close resumed>) = 0 [pid 5059] <... getdents64 resumed>0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5063] <... getdents64 resumed>0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5063] getdents64(3, [pid 5061] <... getdents64 resumed>0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5059] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5059] close(3) = 0 [pid 5063] <... getdents64 resumed>0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5061] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5063] close(3 [pid 5061] close(3 [pid 5063] <... close resumed>) = 0 [pid 5061] <... close resumed>) = 0 [ 87.071052][ T23] cfg80211: failed to load regulatory.db [pid 5062] <... fallocate resumed>) = ? [pid 5062] +++ killed by SIGKILL +++ [pid 5059] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5062, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7881 /* 78.81 s */} --- [pid 5059] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5085 attached , child_tidptr=0x55555686c650) = 5085 [pid 5085] set_robust_list(0x55555686c660, 24) = 0 [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5085] setpgid(0, 0) = 0 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5085] write(3, "1000", 4) = 4 [pid 5085] close(3) = 0 [pid 5085] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT) = 3 [pid 5085] dup(3) = 4 [pid 5085] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5059] kill(-5085, SIGKILL) = 0 [pid 5059] kill(5085, SIGKILL) = 0 [pid 5059] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5059] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5059] getdents64(3, 0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5059] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5059] close(3) = 0 [pid 5060] <... fallocate resumed>) = ? [pid 5060] +++ killed by SIGKILL +++ [pid 5058] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5060, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7938 /* 79.38 s */} --- [pid 5058] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached [pid 5092] set_robust_list(0x55555686c660, 24 [pid 5058] <... clone resumed>, child_tidptr=0x55555686c650) = 5092 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] setpgid(0, 0) = 0 [pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5092] write(3, "1000", 4) = 4 [pid 5092] close(3) = 0 [pid 5092] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_DIRECT) = 3 [pid 5092] dup(3) = 4 [pid 5092] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 17592202829824 [pid 5058] kill(-5092, SIGKILL) = 0 [pid 5058] kill(5092, SIGKILL) = 0 [ 286.698650][ T29] INFO: task syz-executor329:5066 blocked for more than 143 seconds. [ 286.706971][ T29] Not tainted 6.8.0-rc1-syzkaller-00286-g168174d78157 #0 [ 286.719635][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.728355][ T29] task:syz-executor329 state:D stack:24784 pid:5066 tgid:5066 ppid:5063 flags:0x00004006 [ 286.739650][ T29] Call Trace: [ 286.743467][ T29] [ 286.746877][ T29] __schedule+0x177f/0x4960 [ 286.751990][ T29] ? release_firmware_map_entry+0x190/0x190 [ 286.758471][ T29] ? __lock_acquire+0x1fd0/0x1fd0 [ 286.763995][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 286.770581][ T29] ? print_irqtrace_events+0x220/0x220 [ 286.776097][ T29] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.781296][ T29] ? schedule+0x8e/0x260 [ 286.785605][ T29] schedule+0x149/0x260 [ 286.790038][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.795579][ T29] rwsem_down_write_slowpath+0xeea/0x13b0 [ 286.801392][ T29] ? rwsem_down_write_slowpath+0xa05/0x13b0 [ 286.807369][ T29] ? down_write_killable_nested+0x80/0x80 [ 286.813704][ T29] ? read_lock_is_recursive+0x20/0x20 [ 286.819624][ T29] __down_write_common+0x1aa/0x200 [ 286.825203][ T29] ? clear_nonspinnable+0x60/0x60 [ 286.830814][ T29] blkdev_fallocate+0x22a/0x570 [ 286.835744][ T29] vfs_fallocate+0x55c/0x6c0 [ 286.840439][ T29] __x64_sys_fallocate+0xbd/0x100 [ 286.845517][ T29] do_syscall_64+0xf5/0x230 [ 286.851060][ T29] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 286.857438][ T29] RIP: 0033:0x7f882b69ab29 [ 286.862370][ T29] RSP: 002b:00007ffc39536cc8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.871345][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882b69ab29 [ 286.879411][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.887436][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.895655][ T29] R10: 0000100001002000 R11: 0000000000000246 R12: 0000000000000001 [ 286.903714][ T29] R13: 00007ffc39536ee8 R14: 00007ffc39536cf0 R15: 00007ffc39536ce0 [ 286.912296][ T29] [ 286.915851][ T29] INFO: task syz-executor329:5067 blocked for more than 143 seconds. [ 286.924634][ T29] Not tainted 6.8.0-rc1-syzkaller-00286-g168174d78157 #0 [ 286.932750][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.941982][ T29] task:syz-executor329 state:D stack:26864 pid:5067 tgid:5067 ppid:5065 flags:0x00004006 [ 286.952674][ T29] Call Trace: [ 286.956004][ T29] [ 286.959542][ T29] __schedule+0x177f/0x4960 [ 286.964653][ T29] ? release_firmware_map_entry+0x190/0x190 [ 286.971193][ T29] ? __lock_acquire+0x1fd0/0x1fd0 [ 286.976277][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 286.982424][ T29] ? print_irqtrace_events+0x220/0x220 [ 286.988022][ T29] ? _raw_spin_lock_irq+0xdf/0x120 [ 286.993489][ T29] ? schedule+0x8e/0x260 [ 286.997789][ T29] schedule+0x149/0x260 [ 287.002125][ T29] schedule_preempt_disabled+0x13/0x20 [ 287.007651][ T29] rwsem_down_write_slowpath+0xeea/0x13b0 [ 287.013883][ T29] ? rwsem_down_write_slowpath+0xa05/0x13b0 [ 287.020376][ T29] ? down_write_killable_nested+0x80/0x80 [ 287.026598][ T29] ? read_lock_is_recursive+0x20/0x20 [ 287.032064][ T29] __down_write_common+0x1aa/0x200 [ 287.037305][ T29] ? clear_nonspinnable+0x60/0x60 [ 287.042910][ T29] blkdev_fallocate+0x22a/0x570 [ 287.048268][ T29] vfs_fallocate+0x55c/0x6c0 [ 287.053409][ T29] __x64_sys_fallocate+0xbd/0x100 [ 287.058587][ T29] do_syscall_64+0xf5/0x230 [ 287.063535][ T29] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.070284][ T29] RIP: 0033:0x7f882b69ab29 [ 287.075152][ T29] RSP: 002b:00007ffc39536cc8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.083754][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f882b69ab29 [ 287.091793][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [pid 5058] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 287.099884][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.107892][ T29] R10: 0000100001002000 R11: 0000000000000246 R12: 0000000000000001 [ 287.116374][ T29] R13: 00007ffc39536ee8 R14: 00007ffc39536cf0 R15: 00007ffc39536ce0 [ 287.127433][ T29] [ 287.130635][ T29] [ 287.130635][ T29] Showing all locks held in the system: [pid 5058] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [ 287.148621][ T29] 1 lock held by khungtaskd/29: [ 287.153752][ T29] #0: ffffffff8d92ef20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 287.188830][ T29] 2 locks held by kworker/u4:2/41: [pid 5058] getdents64(3, 0x55555686d6f0 /* 2 entries */, 32768) = 48 [pid 5058] getdents64(3, 0x55555686d6f0 /* 0 entries */, 32768) = 0 [pid 5058] close(3) = 0 [ 287.199648][ T29] #0: ffff8880b983c918 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 287.217565][ T29] #1: ffff8880b9828988 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770 [ 287.242134][ T29] 3 locks held by kworker/1:1H/56: [ 287.249747][ T29] 1 lock held by klogd/4492: [ 287.255688][ T29] 2 locks held by getty/4804: [ 287.260457][ T29] #0: ffff88802e2d20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 287.271736][ T29] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 [ 287.285506][ T29] 1 lock held by syz-executor329/5064: [ 287.304039][ T29] #0: ffff88801b4ab740 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.315375][ T29] 1 lock held by syz-executor329/5066: [ 287.321345][ T29] #0: ffff88801b4ab740 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.332794][ T29] 1 lock held by syz-executor329/5067: [ 287.338869][ T29] #0: ffff88801b4ab740 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.350422][ T29] 1 lock held by syz-executor329/5085: [ 287.356485][ T29] #0: ffff88801b4ab740 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.367900][ T29] 1 lock held by syz-executor329/5092: [ 287.373942][ T29] #0: ffff88801b4ab740 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x22a/0x570 [ 287.385362][ T29] [ 287.387726][ T29] ============================================= [ 287.387726][ T29] [ 287.398748][ T29] NMI backtrace for cpu 0 [ 287.403122][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc1-syzkaller-00286-g168174d78157 #0 [ 287.412972][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 287.423074][ T29] Call Trace: [ 287.426389][ T29] [ 287.429358][ T29] dump_stack_lvl+0x1e7/0x2d0 [ 287.434175][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 287.439620][ T29] ? tcp_gro_dev_warn+0x260/0x260 [ 287.444688][ T29] ? panic+0x850/0x850 [ 287.448826][ T29] ? vprintk_emit+0x607/0x720 [ 287.453543][ T29] ? printk_sprint+0x480/0x480 [ 287.458359][ T29] nmi_cpu_backtrace+0x498/0x4d0 [ 287.463348][ T29] ? nmi_trigger_cpumask_backtrace+0x310/0x310 [ 287.469547][ T29] ? _printk+0xd5/0x120 [ 287.473732][ T29] ? panic+0x850/0x850 [ 287.477918][ T29] ? __wake_up_klogd+0xcc/0x100 [ 287.482823][ T29] ? panic+0x850/0x850 [ 287.486930][ T29] ? __rcu_read_unlock+0x98/0x100 [ 287.491990][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.498101][ T29] nmi_trigger_cpumask_backtrace+0x198/0x310 [ 287.504161][ T29] watchdog+0xfaf/0xff0 [ 287.508353][ T29] ? watchdog+0x1e9/0xff0 [ 287.512747][ T29] kthread+0x2d3/0x370 [ 287.516858][ T29] ? hungtask_pm_notify+0x90/0x90 [ 287.521912][ T29] ? kthread_blkcg+0xd0/0xd0 [ 287.526539][ T29] ret_from_fork+0x48/0x80 [ 287.530989][ T29] ? kthread_blkcg+0xd0/0xd0 [ 287.535627][ T29] ret_from_fork_asm+0x11/0x20 [ 287.540448][ T29] [ 287.543895][ T29] Sending NMI from CPU 0 to CPUs 1: [ 287.549423][ C1] NMI backtrace for cpu 1 [ 287.549434][ C1] CPU: 1 PID: 4492 Comm: klogd Not tainted 6.8.0-rc1-syzkaller-00286-g168174d78157 #0 [ 287.549451][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 287.549461][ C1] RIP: 0010:lockdep_hardirqs_on_prepare+0x37c/0x780 [ 287.549489][ C1] Code: 64 24 10 49 8d 9c 24 c0 0a 00 00 49 81 c4 e0 0a 00 00 45 31 ed 49 83 fd 31 0f 83 a1 00 00 00 4c 89 e0 48 c1 e8 03 0f b6 04 10 <84> c0 75 50 8b 43 20 a9 00 00 04 00 74 28 31 d2 a9 00 00 03 00 0f [ 287.549502][ C1] RSP: 0018:ffffc9000318f500 EFLAGS: 00000806 [ 287.549517][ C1] RAX: 0000000000000000 RBX: ffff88807b938ac0 RCX: ffffffff816dfaea [ 287.549529][ C1] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff90df9408 [ 287.549540][ C1] RBP: ffffc9000318f5a8 R08: ffffffff90df940f R09: 1ffffffff21bf281 [ 287.549553][ C1] R10: dffffc0000000000 R11: fffffbfff21bf282 R12: ffff88807b938ae0 [ 287.549565][ C1] R13: 0000000000000000 R14: ffff88807b938ab8 R15: 1ffff1100f727157 [ 287.549576][ C1] FS: 00007fa290fc7380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 287.549590][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.549602][ C1] CR2: 00007f882b7110d0 CR3: 000000007d26a000 CR4: 00000000003506f0 [ 287.549615][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.549625][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.549640][ C1] Call Trace: [ 287.549646][ C1] [ 287.549652][ C1] ? nmi_cpu_backtrace+0x3be/0x4d0 [ 287.549678][ C1] ? read_lock_is_recursive+0x20/0x20 [ 287.549700][ C1] ? nmi_trigger_cpumask_backtrace+0x310/0x310 [ 287.549735][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.549758][ C1] ? nmi_handle+0x14c/0x570 [ 287.549779][ C1] ? nmi_handle+0x2a/0x570 [ 287.549800][ C1] ? lockdep_hardirqs_on_prepare+0x37c/0x780 [ 287.549821][ C1] ? default_do_nmi+0x63/0x150 [ 287.549846][ C1] ? exc_nmi+0x121/0x210 [ 287.549870][ C1] ? end_repeat_nmi+0xf/0x2a [ 287.549893][ C1] ? mark_lock+0x9a/0x350 [ 287.549914][ C1] ? lockdep_hardirqs_on_prepare+0x37c/0x780 [ 287.549935][ C1] ? lockdep_hardirqs_on_prepare+0x37c/0x780 [ 287.549956][ C1] ? lockdep_hardirqs_on_prepare+0x37c/0x780 [ 287.549977][ C1] [ 287.549982][ C1] [ 287.549989][ C1] ? print_irqtrace_events+0x220/0x220 [ 287.550011][ C1] ? rcu_is_watching+0x15/0xb0 [ 287.550038][ C1] trace_hardirqs_on+0x28/0x40 [ 287.550056][ C1] _raw_write_unlock_irqrestore+0x8f/0x140 [ 287.550079][ C1] ? _raw_write_unlock+0x40/0x40 [ 287.550101][ C1] ? depot_fetch_stack+0x1f/0xa0 [ 287.550123][ C1] kasan_release_object_meta+0x90/0xa0 [ 287.550153][ C1] qlist_free_all+0x59/0xd0 [ 287.550171][ C1] kasan_quarantine_reduce+0x14b/0x160 [ 287.550190][ C1] __kasan_kmalloc+0x23/0xb0 [ 287.550214][ C1] __kmalloc_node_track_caller+0x249/0x4e0 [ 287.550230][ C1] ? __alloc_skb+0x1b1/0x420 [ 287.550250][ C1] ? __alloc_skb+0x1b1/0x420 [ 287.550266][ C1] kmalloc_reserve+0xf3/0x260 [ 287.550285][ C1] __alloc_skb+0x1b1/0x420 [ 287.550302][ C1] ? validate_chain+0x11c/0x5ab0 [ 287.550325][ C1] ? napi_build_skb+0x270/0x270 [ 287.550346][ C1] alloc_skb_with_frags+0xc3/0x780 [ 287.550376][ C1] sock_alloc_send_pskb+0x919/0xa50 [ 287.550411][ C1] ? sock_kzfree_s+0x60/0x60 [ 287.550437][ C1] ? do_raw_spin_unlock+0x13b/0x8b0 [ 287.550465][ C1] unix_dgram_sendmsg+0x696/0x2200 [ 287.550494][ C1] ? tomoyo_socket_sendmsg_permission+0x287/0x410 [ 287.550528][ C1] ? unix_dgram_poll+0x6c0/0x6c0 [ 287.550558][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 287.550577][ C1] ? security_socket_sendmsg+0x81/0xa0 [ 287.550594][ C1] ? unix_dgram_poll+0x6c0/0x6c0 [ 287.550620][ C1] __sys_sendto+0x440/0x600 [ 287.550645][ C1] ? __ia32_sys_getpeername+0x90/0x90 [ 287.550675][ C1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 287.550697][ C1] ? print_irqtrace_events+0x220/0x220 [ 287.550720][ C1] __x64_sys_sendto+0xde/0xf0 [ 287.550739][ C1] do_syscall_64+0xf5/0x230 [ 287.550763][ C1] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 287.550782][ C1] RIP: 0033:0x7fa2911299b5 [ 287.550795][ C1] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 287.550808][ C1] RSP: 002b:00007ffdf037ae98 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 287.550824][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa2911299b5 [ 287.550835][ C1] RDX: 0000000000000073 RSI: 00005614f7109cc0 RDI: 0000000000000003 [ 287.550845][ C1] RBP: 00005614f7105910 R08: 0000000000000000 R09: 0000000000000000 [ 287.550855][ C1] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 287.550865][ C1] R13: 00007fa2912b7212 R14: 00007ffdf037af98 R15: 0000000000000000 [ 287.550884][ C1] [ 287.550890][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.467 msecs [ 288.043141][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 288.050043][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc1-syzkaller-00286-g168174d78157 #0 [ 288.059885][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 288.069970][ T29] Call Trace: [ 288.073265][ T29] [ 288.076200][ T29] dump_stack_lvl+0x1e7/0x2d0 [ 288.080917][ T29] ? tcp_gro_dev_warn+0x260/0x260 [ 288.085986][ T29] ? panic+0x850/0x850 [ 288.090085][ T29] ? vscnprintf+0x5d/0x80 [ 288.094437][ T29] panic+0x349/0x850 [ 288.098340][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x310 [ 288.104518][ T29] ? __memcpy_flushcache+0x2b0/0x2b0 [ 288.109825][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 288.115920][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 288.121317][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x310 [ 288.127503][ T29] ? nmi_trigger_cpumask_backtrace+0x2c7/0x310 [ 288.133681][ T29] ? nmi_trigger_cpumask_backtrace+0x2cc/0x310 [ 288.139862][ T29] watchdog+0xfee/0xff0 [ 288.144112][ T29] ? watchdog+0x1e9/0xff0 [ 288.148457][ T29] kthread+0x2d3/0x370 [ 288.152549][ T29] ? hungtask_pm_notify+0x90/0x90 [ 288.157583][ T29] ? kthread_blkcg+0xd0/0xd0 [ 288.162186][ T29] ret_from_fork+0x48/0x80 [ 288.166615][ T29] ? kthread_blkcg+0xd0/0xd0 [ 288.171230][ T29] ret_from_fork_asm+0x11/0x20 [ 288.176034][ T29] [ 288.179357][ T29] Kernel Offset: disabled [ 288.183683][ T29] Rebooting in 86400 seconds..