./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor126228303 <...> DUID 00:04:e3:a1:4c:5b:a4:47:39:93:9a:5d:f6:69:14:97:a9:57 forked to background, child pid 4695 [ 50.026424][ T4696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.040201][ T4696] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.154' (ED25519) to the list of known hosts. execve("./syz-executor126228303", ["./syz-executor126228303"], 0x7ffd49b023c0 /* 10 vars */) = 0 brk(NULL) = 0x555556d4b000 brk(0x555556d4bd00) = 0x555556d4bd00 arch_prctl(ARCH_SET_FS, 0x555556d4b380) = 0 set_tid_address(0x555556d4b650) = 5031 set_robust_list(0x555556d4b660, 24) = 0 rseq(0x555556d4bca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor126228303", 4096) = 27 getrandom("\xb4\x55\xa8\x51\xfe\x49\x68\x65", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556d4bd00 brk(0x555556d6cd00) = 0x555556d6cd00 brk(0x555556d6d000) = 0x555556d6d000 mprotect(0x7f06c6760000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d4b650) = 5032 ./strace-static-x86_64: Process 5032 attached [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5032] set_robust_list(0x555556d4b660, 24) = 0 [pid 5031] <... clone resumed>, child_tidptr=0x555556d4b650) = 5033 [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5033 attached [pid 5031] <... clone resumed>, child_tidptr=0x555556d4b650) = 5034 [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5032] <... clone resumed>, child_tidptr=0x555556d4b650) = 5035 ./strace-static-x86_64: Process 5035 attached ./strace-static-x86_64: Process 5034 attached [pid 5033] set_robust_list(0x555556d4b660, 24) = 0 [pid 5031] <... clone resumed>, child_tidptr=0x555556d4b650) = 5036 [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5033] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5031] <... clone resumed>, child_tidptr=0x555556d4b650) = 5037 [pid 5031] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5033] <... clone resumed>, child_tidptr=0x555556d4b650) = 5038 [pid 5031] <... clone resumed>, child_tidptr=0x555556d4b650) = 5039 ./strace-static-x86_64: Process 5038 attached [pid 5038] set_robust_list(0x555556d4b660, 24) = 0 [pid 5038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5038] setpgid(0, 0) = 0 [pid 5038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 5037 attached ./strace-static-x86_64: Process 5039 attached [pid 5037] set_robust_list(0x555556d4b660, 24./strace-static-x86_64: Process 5036 attached [pid 5039] set_robust_list(0x555556d4b660, 24 [pid 5038] <... openat resumed>) = 3 [pid 5035] set_robust_list(0x555556d4b660, 24 [pid 5034] set_robust_list(0x555556d4b660, 24 [pid 5037] <... set_robust_list resumed>) = 0 [pid 5039] <... set_robust_list resumed>) = 0 [pid 5034] <... set_robust_list resumed>) = 0 [pid 5037] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5039] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5035] <... set_robust_list resumed>) = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5034] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5036] set_robust_list(0x555556d4b660, 24) = 0 [pid 5035] <... prctl resumed>) = 0 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5035] setpgid(0, 0 [pid 5038] write(3, "1000", 4) = 4 [pid 5035] <... setpgid resumed>) = 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556d4b650) = 5040 [pid 5038] close(3 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5038] <... close resumed>) = 0 [pid 5038] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE./strace-static-x86_64: Process 5040 attached ) = 3 [pid 5035] <... openat resumed>) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5038] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5035] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5041 attached [pid 5040] set_robust_list(0x555556d4b660, 24 [pid 5035] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5040] <... set_robust_list resumed>) = 0 [pid 5037] <... clone resumed>, child_tidptr=0x555556d4b650) = 5041 ./strace-static-x86_64: Process 5042 attached [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5039] <... clone resumed>, child_tidptr=0x555556d4b650) = 5042 ./strace-static-x86_64: Process 5043 attached [pid 5042] set_robust_list(0x555556d4b660, 24 [pid 5041] set_robust_list(0x555556d4b660, 24 [pid 5040] <... prctl resumed>) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556d4b650) = 5043 [pid 5043] set_robust_list(0x555556d4b660, 24 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5040] setpgid(0, 0 [pid 5043] <... set_robust_list resumed>) = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5040] <... setpgid resumed>) = 0 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5042] <... prctl resumed>) = 0 [pid 5043] <... prctl resumed>) = 0 [pid 5042] setpgid(0, 0 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5043] setpgid(0, 0 [pid 5042] <... setpgid resumed>) = 0 [pid 5043] <... setpgid resumed>) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5040] <... openat resumed>) = 3 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5042] <... openat resumed>) = 3 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5040] write(3, "1000", 4 [pid 5043] <... openat resumed>) = 3 [pid 5042] write(3, "1000", 4 [pid 5040] <... write resumed>) = 4 [pid 5043] write(3, "1000", 4 [pid 5042] <... write resumed>) = 4 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5040] close(3 [pid 5043] <... write resumed>) = 4 [pid 5042] close(3 [pid 5043] close(3 [pid 5042] <... close resumed>) = 0 [pid 5041] <... prctl resumed>) = 0 [pid 5040] <... close resumed>) = 0 [pid 5043] <... close resumed>) = 0 [pid 5042] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5043] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5042] <... openat resumed>) = 3 [pid 5041] setpgid(0, 0 [pid 5040] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE [pid 5043] <... openat resumed>) = 3 [pid 5042] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5040] <... openat resumed>) = 3 [pid 5043] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5041] <... setpgid resumed>) = 0 [pid 5040] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5041] write(3, "1000", 4) = 4 [pid 5041] close(3) = 0 [pid 5041] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5041] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5032] kill(-5035, SIGKILL) = 0 [pid 5032] kill(5035, SIGKILL) = 0 [pid 5033] kill(-5038, SIGKILL) = 0 [pid 5033] kill(5038, SIGKILL) = 0 [pid 5034] kill(-5040, SIGKILL) = 0 [pid 5034] kill(5040, SIGKILL) = 0 [pid 5037] kill(-5041, SIGKILL) = 0 [pid 5037] kill(5041, SIGKILL) = 0 [pid 5039] kill(-5042, SIGKILL) = 0 [pid 5039] kill(5042, SIGKILL) = 0 [pid 5036] kill(-5043, SIGKILL) = 0 [pid 5036] kill(5043, SIGKILL) = 0 [pid 5032] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5032] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5032] getdents64(3, 0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5037] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5033] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5032] getdents64(3, [pid 5037] <... openat resumed>) = 3 [pid 5037] newfstatat(3, "", [pid 5033] <... openat resumed>) = 3 [pid 5032] <... getdents64 resumed>0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5037] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5033] newfstatat(3, "", [pid 5037] getdents64(3, [pid 5032] close(3 [pid 5037] <... getdents64 resumed>0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5033] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5032] <... close resumed>) = 0 [pid 5037] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5037] close(3 [pid 5033] getdents64(3, [pid 5037] <... close resumed>) = 0 [pid 5033] <... getdents64 resumed>0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5033] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5033] close(3) = 0 [pid 5034] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5034] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5034] getdents64(3, 0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5034] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5034] close(3) = 0 [pid 5036] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5036] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5036] getdents64(3, [pid 5039] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5036] <... getdents64 resumed>0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5039] <... openat resumed>) = 3 [pid 5036] getdents64(3, [pid 5039] newfstatat(3, "", [pid 5036] <... getdents64 resumed>0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5039] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5036] close(3 [pid 5039] getdents64(3, [pid 5036] <... close resumed>) = 0 [pid 5039] <... getdents64 resumed>0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5039] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5039] close(3) = 0 syzkaller login: [ 91.927065][ T9] cfg80211: failed to load regulatory.db [pid 5038] <... fallocate resumed>) = ? [pid 5038] +++ killed by SIGKILL +++ [pid 5033] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5038, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7930 /* 79.30 s */} --- [pid 5033] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x555556d4b660, 24 [pid 5033] <... clone resumed>, child_tidptr=0x555556d4b650) = 5061 [pid 5061] <... set_robust_list resumed>) = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5061] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5033] kill(-5061, SIGKILL) = 0 [pid 5033] kill(5061, SIGKILL) = 0 [pid 5033] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5033] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5033] getdents64(3, 0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5033] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5033] close(3) = 0 [pid 5035] <... fallocate resumed>) = ? [pid 5035] +++ killed by SIGKILL +++ [pid 5032] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5035, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=7809 /* 78.09 s */} --- [pid 5032] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d4b650) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x555556d4b660, 24) = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_APPEND|O_LARGEFILE) = 3 [pid 5068] fallocate(3, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 1099511627778 [pid 5032] kill(-5068, SIGKILL) = 0 [pid 5032] kill(5068, SIGKILL) = 0 [ 286.466064][ T28] INFO: task syz-executor126:5040 blocked for more than 143 seconds. [ 286.474913][ T28] Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 286.482615][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.491392][ T28] task:syz-executor126 state:D stack:28176 pid:5040 ppid:5034 flags:0x00004006 [ 286.500719][ T28] Call Trace: [ 286.504046][ T28] [ 286.507140][ T28] __schedule+0xee1/0x59f0 [ 286.511815][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.517984][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 286.523625][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.529041][ T28] ? rwsem_down_write_slowpath+0x48f/0x1290 [ 286.535025][ T28] schedule+0xe7/0x1b0 [ 286.539213][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.544759][ T28] rwsem_down_write_slowpath+0x53e/0x1290 [ 286.551097][ T28] ? down_timeout+0x90/0x90 [ 286.556371][ T28] ? lock_sync+0x190/0x190 [ 286.561327][ T28] ? preempt_count_sub+0x150/0x150 [ 286.567021][ T28] down_write+0x1d3/0x200 [ 286.571917][ T28] ? down_write_killable_nested+0x250/0x250 [ 286.578483][ T28] blkdev_fallocate+0x1e6/0x3e0 [ 286.583959][ T28] ? file_to_blk_mode+0x130/0x130 [ 286.589589][ T28] vfs_fallocate+0x46c/0xe80 [ 286.594324][ T28] __x64_sys_fallocate+0xd5/0x140 [ 286.599513][ T28] do_syscall_64+0x38/0xb0 [ 286.604060][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.610217][ T28] RIP: 0033:0x7f06c66edae9 [ 286.614684][ T28] RSP: 002b:00007fffc7d53938 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.623205][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f06c66edae9 [ 286.631839][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 286.640610][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.649208][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 286.658164][ T28] R13: 00007fffc7d53b58 R14: 00007fffc7d53960 R15: 00007fffc7d53950 [pid 5032] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5032] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [ 286.666697][ T28] [ 286.671378][ T28] INFO: task syz-executor126:5041 blocked for more than 143 seconds. [ 286.680132][ T28] Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 286.687853][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.696767][ T28] task:syz-executor126 state:D stack:28176 pid:5041 ppid:5037 flags:0x00004006 [ 286.706241][ T28] Call Trace: [ 286.709569][ T28] [ 286.712549][ T28] __schedule+0xee1/0x59f0 [pid 5032] getdents64(3, 0x555556d4c6f0 /* 2 entries */, 32768) = 48 [pid 5032] getdents64(3, 0x555556d4c6f0 /* 0 entries */, 32768) = 0 [pid 5032] close(3) = 0 [ 286.717505][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.724201][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 286.730545][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.736744][ T28] ? rwsem_down_write_slowpath+0x48f/0x1290 [ 286.743197][ T28] schedule+0xe7/0x1b0 [ 286.747864][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.753894][ T28] rwsem_down_write_slowpath+0x53e/0x1290 [ 286.760200][ T28] ? down_timeout+0x90/0x90 [ 286.764780][ T28] ? lock_sync+0x190/0x190 [ 286.769328][ T28] ? preempt_count_sub+0x150/0x150 [ 286.774530][ T28] down_write+0x1d3/0x200 [ 286.778963][ T28] ? down_write_killable_nested+0x250/0x250 [ 286.785402][ T28] blkdev_fallocate+0x1e6/0x3e0 [ 286.790835][ T28] ? file_to_blk_mode+0x130/0x130 [ 286.796396][ T28] vfs_fallocate+0x46c/0xe80 [ 286.801498][ T28] __x64_sys_fallocate+0xd5/0x140 [ 286.806636][ T28] do_syscall_64+0x38/0xb0 [ 286.811595][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.818064][ T28] RIP: 0033:0x7f06c66edae9 [ 286.823001][ T28] RSP: 002b:00007fffc7d53938 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.831991][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f06c66edae9 [ 286.840058][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 286.848243][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.857115][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 286.865622][ T28] R13: 00007fffc7d53b58 R14: 00007fffc7d53960 R15: 00007fffc7d53950 [ 286.874499][ T28] [ 286.878077][ T28] INFO: task syz-executor126:5043 blocked for more than 143 seconds. [ 286.886649][ T28] Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 286.894188][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.903426][ T28] task:syz-executor126 state:D stack:28176 pid:5043 ppid:5036 flags:0x00004006 [ 286.913298][ T28] Call Trace: [ 286.916652][ T28] [ 286.919643][ T28] __schedule+0xee1/0x59f0 [ 286.924134][ T28] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.930233][ T28] ? print_usage_bug.part.0+0x670/0x670 [ 286.936413][ T28] ? io_schedule_timeout+0x150/0x150 [ 286.942251][ T28] ? rwsem_down_write_slowpath+0x48f/0x1290 [ 286.948815][ T28] schedule+0xe7/0x1b0 [ 286.953489][ T28] schedule_preempt_disabled+0x13/0x20 [ 286.959551][ T28] rwsem_down_write_slowpath+0x53e/0x1290 [ 286.967933][ T28] ? down_timeout+0x90/0x90 [ 286.982090][ T28] ? lock_sync+0x190/0x190 [ 286.991070][ T28] ? preempt_count_sub+0x150/0x150 [ 286.998227][ T28] down_write+0x1d3/0x200 [ 287.003880][ T28] ? down_write_killable_nested+0x250/0x250 [ 287.012490][ T28] blkdev_fallocate+0x1e6/0x3e0 [ 287.019966][ T28] ? file_to_blk_mode+0x130/0x130 [ 287.026496][ T28] vfs_fallocate+0x46c/0xe80 [ 287.031651][ T28] __x64_sys_fallocate+0xd5/0x140 [ 287.037354][ T28] do_syscall_64+0x38/0xb0 [ 287.041847][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 287.048487][ T28] RIP: 0033:0x7f06c66edae9 [ 287.053366][ T28] RSP: 002b:00007fffc7d53938 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 287.062494][ T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f06c66edae9 [ 287.071274][ T28] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000003 [ 287.079879][ T28] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 287.088490][ T28] R10: 0000010000000002 R11: 0000000000000246 R12: 0000000000000001 [ 287.097118][ T28] R13: 00007fffc7d53b58 R14: 00007fffc7d53960 R15: 00007fffc7d53950 [ 287.105627][ T28] [ 287.108966][ T28] [ 287.108966][ T28] Showing all locks held in the system: [ 287.117055][ T28] 1 lock held by rcu_tasks_kthre/13: [ 287.122384][ T28] #0: ffffffff8c9a6c10 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xef0 [ 287.133227][ T28] 1 lock held by rcu_tasks_trace/14: [ 287.138872][ T28] #0: ffffffff8c9a68d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xef0 [ 287.150239][ T28] 1 lock held by khungtaskd/28: [ 287.155760][ T28] #0: ffffffff8c9a7820 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340 [ 287.165797][ T28] 2 locks held by getty/4785: [ 287.170922][ T28] #0: ffff88814ab15098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 287.181300][ T28] #1: ffffc900015972f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480 [ 287.192125][ T28] 1 lock held by syz-executor126/5040: [ 287.198087][ T28] #0: ffff88801e6214c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e6/0x3e0 [ 287.209325][ T28] 1 lock held by syz-executor126/5041: [ 287.215203][ T28] #0: ffff88801e6214c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e6/0x3e0 [ 287.226584][ T28] 1 lock held by syz-executor126/5042: [ 287.232490][ T28] 1 lock held by syz-executor126/5043: [ 287.238044][ T28] #0: ffff88801e6214c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e6/0x3e0 [ 287.248816][ T28] 1 lock held by syz-executor126/5061: [ 287.254311][ T28] #0: ffff88801e6214c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e6/0x3e0 [ 287.265121][ T28] 1 lock held by syz-executor126/5068: [ 287.271047][ T28] #0: ffff88801e6214c8 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e6/0x3e0 [ 287.282259][ T28] [ 287.285009][ T28] ============================================= [ 287.285009][ T28] [ 287.294064][ T28] NMI backtrace for cpu 1 [ 287.298442][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 287.307832][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 287.317984][ T28] Call Trace: [ 287.321268][ T28] [ 287.324206][ T28] dump_stack_lvl+0xd9/0x1b0 [ 287.328904][ T28] nmi_cpu_backtrace+0x277/0x380 [ 287.333894][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.339130][ T28] nmi_trigger_cpumask_backtrace+0x2ac/0x310 [ 287.345139][ T28] watchdog+0xfab/0x1230 [ 287.349452][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.355653][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.361688][ T28] kthread+0x33a/0x430 [ 287.365789][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.372325][ T28] ret_from_fork+0x2c/0x70 [ 287.376781][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.382446][ T28] ret_from_fork_asm+0x11/0x20 [ 287.387269][ T28] RIP: 0000:0x0 [ 287.390757][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 287.398132][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 287.406571][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 287.414561][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.422555][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.430544][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 287.438539][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.446666][ T28] [ 287.449843][ T28] Sending NMI from CPU 1 to CPUs 0: [ 287.455120][ C0] NMI backtrace for cpu 0 [ 287.455133][ C0] CPU: 0 PID: 1088 Comm: kworker/u4:5 Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 287.455160][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 287.455176][ C0] Workqueue: events_unbound toggle_allocation_gate [ 287.455228][ C0] RIP: 0010:lockdep_assert_cpus_held+0x0/0xf0 [ 287.455268][ C0] Code: 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 00 e8 67 d2 38 00 48 c7 c7 20 d0 84 8c e9 7b 65 18 00 66 66 2e 0f 1f 84 00 00 00 00 00 <66> 0f 1f 00 53 e8 46 d2 38 00 48 c7 c0 04 02 ac 8e 48 ba 00 00 00 [ 287.455292][ C0] RSP: 0018:ffffc900057cfc00 EFLAGS: 00000293 [ 287.455310][ C0] RAX: 0000000000000000 RBX: ffffffff92172ce0 RCX: 0000000000000000 [ 287.455326][ C0] RDX: ffff8880213c3b80 RSI: ffffffff81b291e7 RDI: 0000000000000001 [ 287.455342][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 287.455357][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801e843078 [ 287.455372][ C0] R13: ffff88801e843000 R14: ffff888013250000 R15: ffffffff92172380 [ 287.455389][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 287.455414][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.455430][ C0] CR2: 0000555556d546f8 CR3: 000000000c776000 CR4: 00000000003506f0 [ 287.455446][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.455460][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.455475][ C0] Call Trace: [ 287.455482][ C0] [ 287.455489][ C0] ? nmi_cpu_backtrace+0x1d4/0x380 [ 287.455522][ C0] ? cpus_write_unlock+0x20/0x20 [ 287.455557][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 287.455593][ C0] ? nmi_handle+0x145/0x400 [ 287.455624][ C0] ? irqentry_nmi_enter+0x7f/0x90 [ 287.455647][ C0] ? cpus_write_unlock+0x20/0x20 [ 287.455686][ C0] ? default_do_nmi+0x69/0x160 [ 287.455727][ C0] ? exc_nmi+0x171/0x1e0 [ 287.455765][ C0] ? end_repeat_nmi+0x16/0x31 [ 287.455857][ C0] ? static_key_disable_cpuslocked+0x57/0x1b0 [ 287.455901][ C0] ? cpus_write_unlock+0x20/0x20 [ 287.455936][ C0] ? cpus_write_unlock+0x20/0x20 [ 287.455972][ C0] ? cpus_write_unlock+0x20/0x20 [ 287.456006][ C0] [ 287.456012][ C0] [ 287.456018][ C0] static_key_disable_cpuslocked+0x5c/0x1b0 [ 287.456053][ C0] static_key_disable+0x1a/0x20 [ 287.456085][ C0] toggle_allocation_gate+0x13f/0x250 [ 287.456112][ C0] ? wake_up_kfence_timer+0x30/0x30 [ 287.456137][ C0] ? spin_bug+0x1d0/0x1d0 [ 287.456176][ C0] process_one_work+0xaa2/0x16f0 [ 287.456211][ C0] ? lock_sync+0x190/0x190 [ 287.456241][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 287.456274][ C0] ? spin_bug+0x1d0/0x1d0 [ 287.456312][ C0] worker_thread+0x687/0x1110 [ 287.456348][ C0] ? __kthread_parkme+0x152/0x220 [ 287.456373][ C0] ? process_one_work+0x16f0/0x16f0 [ 287.456403][ C0] kthread+0x33a/0x430 [ 287.456427][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.456455][ C0] ret_from_fork+0x2c/0x70 [ 287.456482][ C0] ? kthread_complete_and_exit+0x40/0x40 [ 287.456509][ C0] ret_from_fork_asm+0x11/0x20 [ 287.456544][ C0] RIP: 0000:0x0 [ 287.456565][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 287.456575][ C0] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 287.456596][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 287.456611][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.456625][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.456639][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 287.456653][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.456676][ C0] [ 287.456684][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.564 msecs [ 287.457575][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.457590][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc2-next-20230719-syzkaller #0 [ 287.457625][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 287.457642][ T28] Call Trace: [ 287.457649][ T28] [ 287.457660][ T28] dump_stack_lvl+0xd9/0x1b0 [ 287.457709][ T28] panic+0x6a4/0x750 [ 287.457747][ T28] ? panic_smp_self_stop+0xa0/0xa0 [ 287.457790][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.457836][ T28] ? preempt_schedule_thunk+0x1a/0x30 [ 287.457890][ T28] ? watchdog+0xd63/0x1230 [ 287.457947][ T28] watchdog+0xd74/0x1230 [ 287.458002][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.458064][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.458117][ T28] kthread+0x33a/0x430 [ 287.458149][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.458188][ T28] ret_from_fork+0x2c/0x70 [ 287.458224][ T28] ? kthread_complete_and_exit+0x40/0x40 [ 287.458284][ T28] ret_from_fork_asm+0x11/0x20 [ 287.458330][ T28] RIP: 0000:0x0 [ 287.458362][ T28] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 287.458377][ T28] RSP: 0000:0000000000000000 EFLAGS: 00000000 ORIG_RAX: 0000000000000000 [ 287.458406][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 287.458425][ T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 287.458445][ T28] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 287.458464][ T28] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 287.458484][ T28] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 287.458522][ T28] [ 287.461441][ T28] Kernel Offset: disabled [ 288.006619][ T28] Rebooting in 86400 seconds..