./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2196367195

<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 4645
[   30.524522][ T4646] 8021q: adding VLAN 0 to HW filter on device bond0
[   30.533858][ T4646] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts.
execve("./syz-executor2196367195", ["./syz-executor2196367195"], 0x7ffd256a54f0 /* 10 vars */) = 0
brk(NULL)                               = 0x555556b6e000
brk(0x555556b6ec40)                     = 0x555556b6ec40
arch_prctl(ARCH_SET_FS, 0x555556b6e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2196367195", 4096) = 28
brk(0x555556b8fc40)                     = 0x555556b8fc40
brk(0x555556b90000)                     = 0x555556b90000
mprotect(0x7f4e3cd3a000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556b6e5d0) = 5068
./strace-static-x86_64: Process 5068 attached
[pid  5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5068] setpgid(0, 0)               = 0
[pid  5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5068] write(3, "1000", 4)         = 4
[pid  5068] close(3)                    = 0
[pid  5068] memfd_create("syzkaller", 0) = 3
[pid  5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4e3487f000
[pid  5068] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576
[pid  5068] munmap(0x7f4e3487f000, 1048576) = 0
[pid  5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5068] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5068] close(3)                    = 0
[pid  5068] mkdir("./file0", 0777)      = 0
syzkaller login: [   54.212946][ T5068] loop0: detected capacity change from 0 to 2048
[   54.223665][ T5068] EXT4-fs: Ignoring removed oldalloc option
[   54.232089][ T5068] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[pid  5068] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS, "barrier,noauto_da_alloc,dioread_nolock,oldalloc,,errors=continue") = 0
[pid  5068] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5068] chdir("./file0")            = 0
[pid  5068] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5068] close(4)                    = 0
[pid  5068] open("./file1", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|FASYNC|0x3c, 0400) = 4
[   54.261795][ T5068] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none.
[   54.279073][   T27] audit: type=1800 audit(1672103776.698:2): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor219" name="file1" dev="loop0" ino=15 res=0 errno=0
[pid  5068] fallocate(4, 0, 0, 1048820 <unfinished ...>
[pid  5067] kill(-5068, SIGKILL)        = 0
[pid  5067] kill(5068, SIGKILL)         = 0
[pid  5067] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[pid  5067] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
[pid  5067] getdents64(3, 0x555556b6f620 /* 2 entries */, 32768) = 48
[pid  5067] getdents64(3, 0x555556b6f620 /* 0 entries */, 32768) = 0
[pid  5067] close(3)                    = 0
[   76.258232][   T26] cfg80211: failed to load regulatory.db
[  286.176932][   T28] INFO: task syz-executor219:5068 blocked for more than 143 seconds.
[  286.185100][   T28]       Not tainted 6.2.0-rc1-syzkaller #0
[  286.191054][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.199788][   T28] task:syz-executor219 state:D stack:20816 pid:5068  ppid:5067   flags:0x00004004
[  286.209077][   T28] Call Trace:
[  286.212428][   T28]  <TASK>
[  286.215396][   T28]  __schedule+0x995/0xe20
[  286.219933][   T28]  ? release_firmware_map_entry+0x180/0x180
[  286.225843][   T28]  ? do_raw_spin_unlock+0x134/0x8a0
[  286.231167][   T28]  ? lockdep_hardirqs_on+0x8d/0x130
[  286.236407][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  286.242358][   T28]  ? _raw_spin_unlock+0x40/0x40
[  286.247295][   T28]  schedule+0xcb/0x190
[  286.251380][   T28]  io_schedule+0x83/0x100
[  286.255701][   T28]  bit_wait_io+0xe/0xc0
[  286.259899][   T28]  __wait_on_bit_lock+0xbb/0x1a0
[  286.264852][   T28]  ? bit_wait+0xc0/0xc0
[  286.269051][   T28]  out_of_line_wait_on_bit_lock+0x1c3/0x240
[  286.274958][   T28]  ? bit_wait+0xc0/0xc0
[  286.279191][   T28]  ? __wait_on_bit_lock+0x1a0/0x1a0
[  286.284410][   T28]  ? bit_waitqueue+0x30/0x30
[  286.289109][   T28]  ? do_raw_spin_unlock+0x134/0x8a0
[  286.294326][   T28]  __sync_dirty_buffer+0x107/0x330
[  286.299564][   T28]  __ext4_handle_dirty_metadata+0x29a/0x810
[  286.305540][   T28]  ? ext4_convert_inline_data_nolock+0x66d/0x820
[  286.311980][   T28]  ext4_convert_inline_data_nolock+0x6e5/0x820
[  286.318194][   T28]  ? ext4_add_dirent_to_inline+0x450/0x450
[  286.324015][   T28]  ? ext4_journal_check_start+0x178/0x240
[  286.329814][   T28]  ? ext4_convert_inline_data+0x31f/0x610
[  286.335626][   T28]  ? __ext4_journal_start_sb+0x19b/0x1f0
[  286.341368][   T28]  ext4_convert_inline_data+0x4c8/0x610
[  286.346956][   T28]  ? memalloc_retry_wait+0xb0/0xb0
[  286.352070][   T28]  ext4_fallocate+0x149/0x1ca0
[  286.356876][   T28]  ? rcu_read_lock_any_held+0xb1/0x130
[  286.362509][   T28]  ? memalloc_retry_wait+0xb0/0xb0
[  286.367679][   T28]  vfs_fallocate+0x515/0x670
[  286.372331][   T28]  __x64_sys_fallocate+0xb9/0x100
[  286.377393][   T28]  do_syscall_64+0x3d/0xb0
[  286.381838][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  286.387849][   T28] RIP: 0033:0x7f4e3cccc209
[  286.392275][   T28] RSP: 002b:00007fff80867bd8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[  286.400749][   T28] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4e3cccc209
[  286.408750][   T28] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  286.416764][   T28] RBP: 0000000000000000 R08: 00007f4e3cd3aec0 R09: 00007f4e3cd3aec0
[  286.424740][   T28] R10: 00000000001000f4 R11: 0000000000000246 R12: 00007fff80867c00
[  286.432765][   T28] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[  286.440782][   T28]  </TASK>
[  286.443799][   T28] 
[  286.443799][   T28] Showing all locks held in the system:
[  286.451632][   T28] 1 lock held by rcu_tasks_kthre/12:
[  286.456981][   T28]  #0: ffffffff8d326e90 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00
[  286.467476][   T28] 1 lock held by rcu_tasks_trace/13:
[  286.472785][   T28]  #0: ffffffff8d327690 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00
[  286.483857][   T28] 1 lock held by khungtaskd/28:
[  286.488738][   T28]  #0: ffffffff8d326cc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  286.498131][   T28] 2 locks held by getty/4744:
[  286.502809][   T28]  #0: ffff888149efb098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[  286.512650][   T28]  #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650
[  286.522809][   T28] 3 locks held by syz-executor219/5068:
[  286.528383][   T28]  #0: ffff88802b59a460 (sb_writers#4){.+.+}-{0:0}, at: vfs_fallocate+0x489/0x670
[  286.537686][   T28]  #1: ffff888076e7ac20 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: ext4_fallocate+0x141/0x1ca0
[  286.548348][   T28]  #2: ffff888076e7a8e8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_convert_inline_data+0x3a4/0x610
[  286.558795][   T28] 
[  286.561122][   T28] =============================================
[  286.561122][   T28] 
[  286.569562][   T28] NMI backtrace for cpu 0
[  286.573887][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc1-syzkaller #0
[  286.581936][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  286.591977][   T28] Call Trace:
[  286.595249][   T28]  <TASK>
[  286.598173][   T28]  dump_stack_lvl+0x1b1/0x290
[  286.602868][   T28]  ? nf_tcp_handle_invalid+0x630/0x630
[  286.608333][   T28]  ? panic+0x710/0x710
[  286.612401][   T28]  ? nmi_cpu_backtrace+0x205/0x4f0
[  286.617531][   T28]  nmi_cpu_backtrace+0x46f/0x4f0
[  286.622500][   T28]  ? vprintk_emit+0x109/0x1e0
[  286.627181][   T28]  ? nmi_trigger_cpumask_backtrace+0x420/0x420
[  286.633348][   T28]  ? _printk+0xc0/0x100
[  286.637503][   T28]  ? panic+0x710/0x710
[  286.641575][   T28]  ? __wake_up_klogd+0xcd/0x100
[  286.646426][   T28]  ? panic+0x710/0x710
[  286.650499][   T28]  ? nmi_trigger_cpumask_backtrace+0xc9/0x420
[  286.656573][   T28]  nmi_trigger_cpumask_backtrace+0x1ba/0x420
[  286.662555][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  286.668667][   T28]  watchdog+0xcd5/0xd20
[  286.672868][   T28]  kthread+0x266/0x300
[  286.676974][   T28]  ? hungtask_pm_notify+0x50/0x50
[  286.681996][   T28]  ? kthread_blkcg+0xd0/0xd0
[  286.686584][   T28]  ret_from_fork+0x1f/0x30
[  286.691040][   T28]  </TASK>
[  286.694192][   T28] Sending NMI from CPU 0 to CPUs 1:
[  286.699464][    C1] NMI backtrace for cpu 1
[  286.699473][    C1] CPU: 1 PID: 75 Comm: kworker/u4:4 Not tainted 6.2.0-rc1-syzkaller #0
[  286.699487][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  286.699495][    C1] Workqueue: events_unbound toggle_allocation_gate
[  286.699551][    C1] RIP: 0010:__sanitizer_cov_trace_pc+0x33/0x60
[  286.699571][    C1] Code: 40 98 03 00 65 8b 15 c4 bc 77 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 6c 15 00 00 00 74 2c 8b 91 48 15 00 00 <83> fa 02 75 21 48 8b 91 50 15 00 00 48 8b 32 48 8d 7e 01 8b 89 4c
[  286.699581][    C1] RSP: 0018:ffffc900015e7818 EFLAGS: 00000246
[  286.699591][    C1] RAX: ffffffff813e284a RBX: 0000000001e0a2a5 RCX: ffff888018cc0000
[  286.699601][    C1] RDX: 0000000000000000 RSI: 0000000001e0a2a5 RDI: 000000001fffffff
[  286.699609][    C1] RBP: ffffc900015e79f0 R08: ffffffff813e283c R09: ffffed100250cc0d
[  286.699618][    C1] R10: ffffed100250cc0d R11: 1ffff1100250cc0c R12: 1ffff920002bcf14
[  286.699628][    C1] R13: dffffc0000000000 R14: 0000000001e0a2a5 R15: ffffffff81e0a2a5
[  286.699637][    C1] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[  286.699648][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.699657][    C1] CR2: 000056235d7db268 CR3: 000000000d08e000 CR4: 00000000003506e0
[  286.699668][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  286.699675][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  286.699683][    C1] Call Trace:
[  286.699687][    C1]  <TASK>
[  286.699691][    C1]  __phys_addr+0x10a/0x160
[  286.699747][    C1]  ? kmem_cache_alloc_lru+0xb5/0x320
[  286.699766][    C1]  __text_poke+0x100/0x900
[  286.699801][    C1]  ? kmem_cache_alloc+0xdd/0x350
[  286.699814][    C1]  ? __text_poke+0x900/0x900
[  286.699827][    C1]  ? text_poke+0x90/0x90
[  286.699840][    C1]  ? perf_event_text_poke+0x233/0x310
[  286.699896][    C1]  ? perf_event_bpf_output+0x220/0x220
[  286.699915][    C1]  ? trace_contention_end+0x72/0x1d0
[  286.699934][    C1]  text_poke_bp_batch+0x64c/0x850
[  286.699948][    C1]  ? arch_jump_label_transform_apply+0xe/0x20
[  286.699985][    C1]  ? __kmem_cache_alloc_bulk+0xb5/0x3e0
[  286.699999][    C1]  ? text_poke_loc_init+0x500/0x500
[  286.700015][    C1]  ? __jump_label_update+0x38e/0x3b0
[  286.700036][    C1]  text_poke_finish+0x16/0x30
[  286.700049][    C1]  arch_jump_label_transform_apply+0x13/0x20
[  286.700068][    C1]  static_key_disable_cpuslocked+0xc8/0x1b0
[  286.700083][    C1]  static_key_disable+0x16/0x20
[  286.700096][    C1]  toggle_allocation_gate+0x1a8/0x240
[  286.700111][    C1]  ? virt_to_slab+0x2c0/0x2c0
[  286.700124][    C1]  ? rcu_read_lock_sched_held+0x87/0x110
[  286.700139][    C1]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  286.700154][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  286.700174][    C1]  ? do_raw_spin_unlock+0x134/0x8a0
[  286.700195][    C1]  process_one_work+0x877/0xdb0
[  286.700236][    C1]  ? worker_detach_from_pool+0x260/0x260
[  286.700254][    C1]  ? _raw_spin_lock_irq+0xba/0xf0
[  286.700272][    C1]  ? _raw_spin_lock_irqsave+0x100/0x100
[  286.700293][    C1]  worker_thread+0xb14/0x1330
[  286.700314][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  286.700339][    C1]  kthread+0x266/0x300
[  286.700353][    C1]  ? rcu_lock_release+0x20/0x20
[  286.700368][    C1]  ? kthread_blkcg+0xd0/0xd0
[  286.700383][    C1]  ret_from_fork+0x1f/0x30
[  286.700406][    C1]  </TASK>
[  286.700523][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  287.030394][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc1-syzkaller #0
[  287.038455][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  287.048502][   T28] Call Trace:
[  287.051781][   T28]  <TASK>
[  287.054707][   T28]  dump_stack_lvl+0x1b1/0x290
[  287.059397][   T28]  ? nf_tcp_handle_invalid+0x630/0x630
[  287.064856][   T28]  ? panic+0x710/0x710
[  287.068931][   T28]  ? vscnprintf+0x59/0x80
[  287.073263][   T28]  panic+0x2d6/0x710
[  287.077155][   T28]  ? schedule_preempt_disabled+0x20/0x20
[  287.082787][   T28]  ? nmi_trigger_cpumask_backtrace+0x2d0/0x420
[  287.088942][   T28]  ? memcpy_page_flushcache+0x100/0x100
[  287.094486][   T28]  ? nmi_trigger_cpumask_backtrace+0x2d0/0x420
[  287.100638][   T28]  ? nmi_trigger_cpumask_backtrace+0x34e/0x420
[  287.106791][   T28]  ? nmi_trigger_cpumask_backtrace+0x353/0x420
[  287.112942][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  287.119005][   T28]  watchdog+0xd15/0xd20
[  287.123170][   T28]  kthread+0x266/0x300
[  287.127238][   T28]  ? hungtask_pm_notify+0x50/0x50
[  287.132262][   T28]  ? kthread_blkcg+0xd0/0xd0
[  287.136853][   T28]  ret_from_fork+0x1f/0x30
[  287.141282][   T28]  </TASK>
[  287.144498][   T28] Kernel Offset: disabled
[  287.148820][   T28] Rebooting in 86400 seconds..