./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3623499485 <...> DUID 00:04:2f:bc:f2:2f:e4:1d:55:f7:99:3b:0f:15:66:5c:e9:07 forked to background, child pid 4660 [ 40.653887][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 40.689474][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.130' (ECDSA) to the list of known hosts. execve("./syz-executor3623499485", ["./syz-executor3623499485"], 0x7ffe144bdb70 /* 10 vars */) = 0 brk(NULL) = 0x5555570b4000 brk(0x5555570b4c40) = 0x5555570b4c40 arch_prctl(ARCH_SET_FS, 0x5555570b4300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor3623499485", 4096) = 28 brk(0x5555570d5c40) = 0x5555570d5c40 brk(0x5555570d6000) = 0x5555570d6000 mprotect(0x7f6279d83000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570b45d0) = 4996 ./strace-static-x86_64: Process 4996 attached [pid 4996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4996] setpgid(0, 0) = 0 [pid 4996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 4996] write(3, "1000", 4) = 4 [pid 4996] close(3) = 0 [pid 4996] memfd_create("syzkaller", 0) = 3 [pid 4996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f62718c8000 [pid 4996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 4996] munmap(0x7f62718c8000, 262144) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 4996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 4996] close(3) = 0 [pid 4996] mkdir("./file0", 0777) = 0 [pid 4996] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_LAZYTIME, ",errors=continue") = 0 [pid 4996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 4996] chdir("./file0") = 0 [pid 4996] ioctl(4, LOOP_CLR_FD) = 0 [pid 4996] close(4) = 0 [pid 4996] setxattr("./file0", "user.incfs.metadata", "\x10\x95\xf4\x01\x01", 5, 0) = 0 [pid 4996] chdir("./file0") = 0 syzkaller login: [ 70.721698][ T4996] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4996 'syz-executor362' [ 70.742654][ T4996] loop0: detected capacity change from 0 to 512 [ 70.759563][ T4996] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 4996] openat(AT_FDCWD, "cpuset.effective_cpus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 4995] kill(-4996, SIGKILL) = 0 [pid 4995] kill(4996, SIGKILL) = 0 [pid 4995] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 4995] getdents64(3, 0x5555570b5620 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(3, 0x5555570b5620 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [ 81.710840][ T758] cfg80211: failed to load regulatory.db [ 286.508781][ T28] INFO: task syz-executor362:4996 blocked for more than 143 seconds. [ 286.517060][ T28] Not tainted 6.3.0-syzkaller-12423-g865fdb08197e #0 [ 286.524449][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.533345][ T28] task:syz-executor362 state:D stack:22656 pid:4996 ppid:4995 flags:0x00004004 [ 286.542933][ T28] Call Trace: [ 286.546227][ T28] [ 286.549327][ T28] __schedule+0x187b/0x4900 [ 286.553936][ T28] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 286.560088][ T28] ? release_firmware_map_entry+0x190/0x190 [ 286.566094][ T28] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 286.572129][ T28] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 286.578056][ T28] ? _raw_spin_unlock+0x40/0x40 [ 286.582988][ T28] schedule+0xc3/0x180 [ 286.587099][ T28] io_schedule+0x8c/0x100 [ 286.591567][ T28] bit_wait_io+0x12/0xc0 [ 286.595950][ T28] __wait_on_bit_lock+0xbd/0x1a0 [ 286.601031][ T28] ? bit_wait+0xc0/0xc0 [ 286.605248][ T28] out_of_line_wait_on_bit_lock+0x1d4/0x250 [ 286.611282][ T28] ? bit_wait+0xc0/0xc0 [ 286.615479][ T28] ? __wait_on_bit_lock+0x1a0/0x1a0 [ 286.620749][ T28] ? bit_waitqueue+0x30/0x30 [ 286.625416][ T28] __sync_dirty_buffer+0x120/0x380 [ 286.630670][ T28] __ext4_handle_dirty_metadata+0x2a6/0x820 [ 286.636612][ T28] ext4_handle_dirty_dirblock+0x362/0x6f0 [ 286.642436][ T28] ? ext4_has_metadata_csum+0x1c0/0x1c0 [ 286.648067][ T28] ? __asan_memcpy+0x40/0x70 [ 286.652914][ T28] ? ext4_init_dot_dotdot+0x31a/0x4f0 [ 286.658328][ T28] ? ext4_finish_convert_inline_dir+0xf6/0x6f0 [ 286.664557][ T28] ext4_finish_convert_inline_dir+0x57b/0x6f0 [ 286.670758][ T28] ext4_convert_inline_data_nolock+0xa01/0xd80 [ 286.676940][ T28] ? ext4_add_dirent_to_inline+0x4f0/0x4f0 [ 286.682811][ T28] ? get_max_inline_xattr_value_size+0x3f4/0x510 [ 286.689301][ T28] ext4_try_add_inline_entry+0x809/0xb70 [ 286.694973][ T28] ? ext4_da_write_inline_data_begin+0x1090/0x1090 [ 286.701563][ T28] ? __brelse+0x59/0x90 [ 286.705764][ T28] ? __ext4_new_inode+0x3645/0x42e0 [ 286.711125][ T28] ext4_add_entry+0x535/0x1010 [ 286.715953][ T28] ? ext4_inc_count+0x190/0x190 [ 286.721048][ T28] ext4_add_nondir+0x98/0x290 [ 286.725776][ T28] ext4_create+0x376/0x550 [ 286.730343][ T28] ? ext4_lookup+0x750/0x750 [ 286.734983][ T28] ? bpf_lsm_inode_create+0x9/0x10 [ 286.740178][ T28] ? security_inode_create+0xb8/0x100 [ 286.745609][ T28] ? ext4_lookup+0x750/0x750 [ 286.750357][ T28] path_openat+0x13df/0x3170 [ 286.755052][ T28] ? do_filp_open+0x490/0x490 [ 286.759864][ T28] do_filp_open+0x234/0x490 [ 286.764406][ T28] ? vfs_tmpfile+0x4a0/0x4a0 [ 286.769154][ T28] ? _raw_spin_unlock+0x28/0x40 [ 286.774039][ T28] ? alloc_fd+0x59c/0x640 [ 286.778424][ T28] do_sys_openat2+0x13f/0x500 [ 286.783184][ T28] ? print_irqtrace_events+0x220/0x220 [ 286.788763][ T28] ? do_sys_open+0x230/0x230 [ 286.793368][ T28] ? lockdep_hardirqs_on+0x98/0x140 [ 286.798632][ T28] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.803877][ T28] ? ptrace_notify+0x278/0x380 [ 286.808795][ T28] __x64_sys_openat+0x247/0x290 [ 286.813696][ T28] ? __ia32_sys_open+0x270/0x270 [ 286.818756][ T28] ? syscall_enter_from_user_mode+0x32/0x230 [ 286.824779][ T28] ? syscall_enter_from_user_mode+0x8c/0x230 [ 286.830910][ T28] do_syscall_64+0x41/0xc0 [ 286.835372][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.841326][ T28] RIP: 0033:0x7f6279d15279 [ 286.845800][ T28] RSP: 002b:00007fffe9b67c08 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 286.854346][ T28] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007f6279d15279 [ 286.862374][ T28] RDX: 000000000000275a RSI: 0000000020000100 RDI: 00000000ffffff9c [ 286.870480][ T28] RBP: 0000000020000100 R08: 00007f6279d83ec0 R09: 00007f6279d83ec0 [ 286.878626][ T28] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffe9b67c30 [ 286.886652][ T28] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000 [ 286.894824][ T28] [ 286.897958][ T28] [ 286.897958][ T28] Showing all locks held in the system: [ 286.905957][ T28] 1 lock held by rcu_tasks_kthre/13: [ 286.911403][ T28] #0: ffffffff8cf277b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.923118][ T28] 1 lock held by rcu_tasks_trace/14: [ 286.928445][ T28] #0: ffffffff8cf27b70 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20 [ 286.939651][ T28] 1 lock held by khungtaskd/28: [ 286.944503][ T28] #0: ffffffff8cf275e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.954132][ T28] 1 lock held by klogd/4436: [ 286.958792][ T28] #0: ffff8880b993c1d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 286.968979][ T28] 2 locks held by getty/4747: [ 286.973684][ T28] #0: ffff88802d81a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.983561][ T28] #1: ffffc900015802f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0 [ 286.994040][ T28] 3 locks held by syz-executor362/4996: [ 286.999699][ T28] #0: ffff88807c4ba460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 [ 287.009120][ T28] #1: ffff88807827f200 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: path_openat+0x7ba/0x3170 [ 287.019424][ T28] #2: ffff88807827eec8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_try_add_inline_entry+0xf6/0xb70 [ 287.029941][ T28] [ 287.032322][ T28] ============================================= [ 287.032322][ T28] [ 287.040952][ T28] NMI backtrace for cpu 0 [ 287.045304][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-syzkaller-12423-g865fdb08197e #0 [ 287.054862][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 287.064916][ T28] Call Trace: [ 287.068194][ T28] [ 287.071142][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 287.075871][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 287.081351][ T28] ? panic+0x770/0x770 [ 287.085432][ T28] nmi_cpu_backtrace+0x498/0x4d0 [ 287.090559][ T28] ? vprintk_emit+0x10d/0x1f0 [ 287.095260][ T28] ? nmi_trigger_cpumask_backtrace+0x300/0x300 [ 287.101448][ T28] ? _printk+0xd5/0x120 [ 287.105622][ T28] ? panic+0x770/0x770 [ 287.109733][ T28] ? __wake_up_klogd+0xcc/0x100 [ 287.114598][ T28] ? panic+0x770/0x770 [ 287.118685][ T28] ? __rcu_read_unlock+0x96/0x100 [ 287.123738][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.129830][ T28] nmi_trigger_cpumask_backtrace+0x187/0x300 [ 287.135921][ T28] watchdog+0xec2/0xf00 [ 287.140265][ T28] kthread+0x2b8/0x350 [ 287.144351][ T28] ? hungtask_pm_notify+0x90/0x90 [ 287.149399][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.154009][ T28] ret_from_fork+0x1f/0x30 [ 287.158454][ T28] [ 287.161636][ T28] Sending NMI from CPU 0 to CPUs 1: [ 287.166886][ C1] NMI backtrace for cpu 1 [ 287.166899][ C1] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted 6.3.0-syzkaller-12423-g865fdb08197e #0 [ 287.166918][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 287.166929][ C1] Workqueue: events_unbound toggle_allocation_gate [ 287.166954][ C1] RIP: 0010:__mutex_unlock_slowpath+0x735/0x750 [ 287.166983][ C1] Code: 05 00 00 00 00 00 41 c7 44 05 0a 00 00 00 00 66 41 c7 44 05 0e 00 00 65 48 8b 04 25 28 00 00 00 48 3b 84 24 c0 00 00 00 75 0f <48> 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b7 0e f7 ff 0f 1f [ 287.166997][ C1] RSP: 0018:ffffc90000b279a0 EFLAGS: 00000246 [ 287.167011][ C1] RAX: 03569676234bc300 RBX: 0000000000000000 RCX: ffffffff8ab7cb3c [ 287.167023][ C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000b27a40 [ 287.167034][ C1] RBP: ffffc90000b27ab0 R08: dffffc0000000000 R09: fffff52000164f49 [ 287.167047][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffffffff2364230 [ 287.167059][ C1] R13: dffffc0000000000 R14: ffffffff8cdd8980 R15: 1ffff92000164f48 [ 287.167072][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 287.167086][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 287.167098][ C1] CR2: 0000560dc8964680 CR3: 000000000cd30000 CR4: 00000000003506e0 [ 287.167113][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 287.167123][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 287.167133][ C1] Call Trace: [ 287.167139][ C1] [ 287.167146][ C1] ? text_poke_finish+0x30/0x30 [ 287.167173][ C1] ? mutex_unlock+0x10/0x10 [ 287.167202][ C1] ? mutex_lock_io_nested+0x60/0x60 [ 287.167228][ C1] arch_jump_label_transform_queue+0x81/0xd0 [ 287.167251][ C1] __jump_label_update+0x177/0x3a0 [ 287.167279][ C1] static_key_disable_cpuslocked+0xce/0x1b0 [ 287.167304][ C1] static_key_disable+0x1a/0x20 [ 287.167325][ C1] toggle_allocation_gate+0x1b8/0x250 [ 287.167344][ C1] ? show_object+0xa0/0xa0 [ 287.167360][ C1] ? print_irqtrace_events+0x220/0x220 [ 287.167383][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 287.167409][ C1] process_one_work+0x8a0/0x10e0 [ 287.167443][ C1] ? worker_detach_from_pool+0x290/0x290 [ 287.167477][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 287.167494][ C1] ? kthread_data+0x52/0xc0 [ 287.167516][ C1] ? wq_worker_running+0x9b/0x1a0 [ 287.167539][ C1] worker_thread+0xa63/0x1210 [ 287.167578][ C1] kthread+0x2b8/0x350 [ 287.167598][ C1] ? pr_cont_work+0x5e0/0x5e0 [ 287.167621][ C1] ? kthread_blkcg+0xd0/0xd0 [ 287.167643][ C1] ret_from_fork+0x1f/0x30 [ 287.167684][ C1] [ 287.167887][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.431158][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.3.0-syzkaller-12423-g865fdb08197e #0 [ 287.440625][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 287.450692][ T28] Call Trace: [ 287.453983][ T28] [ 287.457013][ T28] dump_stack_lvl+0x1e7/0x2d0 [ 287.461722][ T28] ? nf_tcp_handle_invalid+0x650/0x650 [ 287.467207][ T28] ? panic+0x770/0x770 [ 287.471381][ T28] ? vscnprintf+0x5d/0x80 [ 287.475728][ T28] panic+0x30f/0x770 [ 287.479659][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.485857][ T28] ? __memcpy_flushcache+0x2b0/0x2b0 [ 287.491245][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.497330][ T28] ? nmi_trigger_cpumask_backtrace+0x233/0x300 [ 287.503506][ T28] ? nmi_trigger_cpumask_backtrace+0x2b4/0x300 [ 287.509689][ T28] ? nmi_trigger_cpumask_backtrace+0x2b9/0x300 [ 287.515863][ T28] watchdog+0xf00/0xf00 [ 287.520053][ T28] kthread+0x2b8/0x350 [ 287.524139][ T28] ? hungtask_pm_notify+0x90/0x90 [ 287.529180][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.533789][ T28] ret_from_fork+0x1f/0x30 [ 287.538232][ T28] [ 287.541422][ T28] Kernel Offset: disabled [ 287.545770][ T28] Rebooting in 86400 seconds..