./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1572770215 <...> Warning: Permanently added '10.128.1.34' (ECDSA) to the list of known hosts. execve("./syz-executor1572770215", ["./syz-executor1572770215"], 0x7ffc459c1d50 /* 10 vars */) = 0 brk(NULL) = 0x555556372000 brk(0x555556372c40) = 0x555556372c40 arch_prctl(ARCH_SET_FS, 0x555556372300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1572770215", 4096) = 28 brk(0x555556393c40) = 0x555556393c40 brk(0x555556394000) = 0x555556394000 mprotect(0x7f36dd5d2000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563725d0) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] memfd_create("syzkaller", 0) = 3 [pid 5068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f36d510c000 [pid 5068] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x80"..., 33554432) = 33554432 [pid 5068] munmap(0x7f36d510c000, 33554432) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5068] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5068] close(3) = 0 [pid 5068] mkdir("./file0", 0777) = 0 syzkaller login: [ 54.603634][ T5068] loop0: detected capacity change from 0 to 65536 [ 54.619967][ T5068] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030. [ 54.630908][ T5068] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261 [ 54.641486][ T5068] XFS (loop0): Log size 128 blocks too small, minimum size is 2880 blocks [ 54.650387][ T5068] XFS (loop0): Log size out of supported range. [ 54.656903][ T5068] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report. [ 54.692217][ T5068] XFS (loop0): Starting recovery (logdev: internal) [ 54.706893][ T5068] XFS (loop0): Ending recovery (logdev: internal) [pid 5068] mount("/dev/loop0", "./file0", "xfs", MS_SILENT, "inode32,usrquota,,nouuid" [pid 5067] kill(-5068, SIGKILL) = 0 [pid 5067] kill(5068, SIGKILL) = 0 [pid 5067] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5067] fstat(3, {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0 [pid 5067] getdents64(3, 0x555556373620 /* 2 entries */, 32768) = 48 [pid 5067] getdents64(3, 0x555556373620 /* 0 entries */, 32768) = 0 [pid 5067] close(3) = 0 [ 76.293471][ T7] cfg80211: failed to load regulatory.db [ 286.212073][ T28] INFO: task syz-executor157:5068 blocked for more than 143 seconds. [ 286.220242][ T28] Not tainted 6.1.0-syzkaller-14321-g0a924817d2ed #0 [ 286.227596][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.236352][ T28] task:syz-executor157 state:D stack:20400 pid:5068 ppid:5067 flags:0x00004004 [ 286.245632][ T28] Call Trace: [ 286.248927][ T28] [ 286.251852][ T28] __schedule+0x995/0xe20 [ 286.256367][ T28] ? release_firmware_map_entry+0x180/0x180 [ 286.262303][ T28] ? rcu_read_lock_sched_held+0x87/0x110 [ 286.268031][ T28] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 286.274114][ T28] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.279380][ T28] schedule+0xcb/0x190 [ 286.283502][ T28] xlog_grant_head_wait+0x317/0x530 [ 286.288785][ T28] xlog_grant_head_check+0x28c/0x470 [ 286.294181][ T28] ? trace_xfs_log_regrant+0x2f0/0x2f0 [ 286.299670][ T28] xfs_log_reserve+0x310/0x6f0 [ 286.304483][ T28] ? trace_xfs_log_regrant_exit+0x2f0/0x2f0 [ 286.310396][ T28] ? xfs_mod_freecounter+0x1e0/0x490 [ 286.315735][ T28] xfs_trans_reserve+0x231/0x690 [ 286.320778][ T28] xfs_trans_alloc+0x410/0x610 [ 286.325587][ T28] xfs_qm_qino_alloc+0x281/0x960 [ 286.330603][ T28] ? xfs_qm_shrink_scan+0x410/0x410 [ 286.335836][ T28] ? memset+0x1f/0x40 [ 286.339876][ T28] ? lockdep_init_map_type+0x9d/0x890 [ 286.345307][ T28] xfs_qm_init_quotainos+0x616/0x890 [ 286.350615][ T28] ? trace_xfs_dqattach_get+0x2f0/0x2f0 [ 286.356225][ T28] ? __raw_spin_lock_init+0x41/0x100 [ 286.361535][ T28] ? __list_lru_init+0x3b5/0x5f0 [ 286.366587][ T28] xfs_qm_init_quotainfo+0x122/0x1000 [ 286.372025][ T28] ? xfs_qm_mount_quotas+0x610/0x610 [ 286.377300][ T28] ? xfs_mod_freecounter+0x1e0/0x490 [ 286.382623][ T28] ? trace_xfs_perag_put+0x106/0x310 [ 286.388007][ T28] xfs_qm_mount_quotas+0x98/0x610 [ 286.393097][ T28] xfs_mountfs+0x1860/0x1ef0 [ 286.397709][ T28] ? xfs_default_resblks+0x70/0x70 [ 286.402862][ T28] ? xfs_filestream_new_ag+0x510/0x510 [ 286.408411][ T28] ? trace_xfs_inode_timestamp_range+0x104/0x300 [ 286.414807][ T28] xfs_fs_fill_super+0xf95/0x11f0 [ 286.419846][ T28] get_tree_bdev+0x400/0x620 [ 286.424523][ T28] ? xfs_fs_warn_deprecated+0x190/0x190 [ 286.430087][ T28] vfs_get_tree+0x88/0x270 [ 286.434586][ T28] do_new_mount+0x289/0xad0 [ 286.439213][ T28] ? do_move_mount_old+0x150/0x150 [ 286.444360][ T28] ? user_path_at_empty+0x149/0x1a0 [ 286.449614][ T28] __se_sys_mount+0x2d3/0x3c0 [ 286.454354][ T28] ? __x64_sys_mount+0xc0/0xc0 [ 286.459134][ T28] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 286.465260][ T28] ? __x64_sys_mount+0x1c/0xc0 [ 286.470051][ T28] do_syscall_64+0x3d/0xb0 [ 286.474563][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.480557][ T28] RIP: 0033:0x7f36dd55a5fa [ 286.485030][ T28] RSP: 002b:00007ffe1cea4bb8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 286.493497][ T28] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f36dd55a5fa [ 286.501460][ T28] RDX: 000000002000bb00 RSI: 0000000020000000 RDI: 00007ffe1cea4bd0 [ 286.509463][ T28] RBP: 00007ffe1cea4bd0 R08: 00007ffe1cea4c10 R09: 0000000000000002 [ 286.517471][ T28] R10: 0000000000008000 R11: 0000000000000206 R12: 0000000000000004 [ 286.525484][ T28] R13: 00005555563722c0 R14: 0000000000008000 R15: 00007ffe1cea4c10 [ 286.533520][ T28] [ 286.536569][ T28] [ 286.536569][ T28] Showing all locks held in the system: [ 286.544339][ T28] 1 lock held by rcu_tasks_kthre/12: [ 286.549628][ T28] #0: ffffffff8d326e90 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.560127][ T28] 1 lock held by rcu_tasks_trace/13: [ 286.565439][ T28] #0: ffffffff8d327690 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00 [ 286.576435][ T28] 1 lock held by khungtaskd/28: [ 286.581285][ T28] #0: ffffffff8d326cc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 286.590690][ T28] 2 locks held by getty/4747: [ 286.595406][ T28] #0: ffff88802822e098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 286.605440][ T28] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650 [ 286.615606][ T28] 2 locks held by syz-executor157/5068: [ 286.621138][ T28] #0: ffff88802b68c0e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x212/0x920 [ 286.631277][ T28] #1: ffff88802b68c650 (sb_internal#2){.+.+}-{0:0}, at: xfs_qm_qino_alloc+0x281/0x960 [ 286.641018][ T28] [ 286.643376][ T28] ============================================= [ 286.643376][ T28] [ 286.651785][ T28] NMI backtrace for cpu 0 [ 286.656096][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-syzkaller-14321-g0a924817d2ed #0 [ 286.665623][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.675664][ T28] Call Trace: [ 286.678930][ T28] [ 286.681847][ T28] dump_stack_lvl+0x1b1/0x290 [ 286.686540][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 286.691997][ T28] ? panic+0x710/0x710 [ 286.696070][ T28] ? tick_nohz_tick_stopped+0x76/0xb0 [ 286.701497][ T28] ? nmi_cpu_backtrace+0x205/0x4f0 [ 286.706613][ T28] nmi_cpu_backtrace+0x46f/0x4f0 [ 286.711539][ T28] ? vprintk_emit+0x109/0x1e0 [ 286.716243][ T28] ? nmi_trigger_cpumask_backtrace+0x420/0x420 [ 286.722400][ T28] ? _printk+0xc0/0x100 [ 286.726554][ T28] ? panic+0x710/0x710 [ 286.730618][ T28] ? __wake_up_klogd+0xcd/0x100 [ 286.735470][ T28] ? panic+0x710/0x710 [ 286.739565][ T28] ? nmi_trigger_cpumask_backtrace+0xc9/0x420 [ 286.745637][ T28] nmi_trigger_cpumask_backtrace+0x1ba/0x420 [ 286.751617][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 286.757743][ T28] watchdog+0xcd5/0xd20 [ 286.761929][ T28] kthread+0x266/0x300 [ 286.766017][ T28] ? hungtask_pm_notify+0x50/0x50 [ 286.771041][ T28] ? kthread_blkcg+0xd0/0xd0 [ 286.775632][ T28] ret_from_fork+0x1f/0x30 [ 286.780076][ T28] [ 286.783213][ T28] Sending NMI from CPU 0 to CPUs 1: [ 286.788442][ C1] NMI backtrace for cpu 1 [ 286.788451][ C1] CPU: 1 PID: 9 Comm: kworker/u4:0 Not tainted 6.1.0-syzkaller-14321-g0a924817d2ed #0 [ 286.788465][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 286.788472][ C1] Workqueue: events_unbound toggle_allocation_gate [ 286.788492][ C1] RIP: 0010:lock_is_held_type+0x117/0x180 [ 286.788507][ C1] Code: 00 48 c7 c7 60 cc ed 8a e8 46 14 00 00 b8 ff ff ff ff 65 0f c1 05 09 e6 51 75 83 f8 01 75 38 9c 8f 04 24 f7 04 24 00 02 00 00 <75> 46 41 f7 c4 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 48 [ 286.788517][ C1] RSP: 0018:ffffc900000e7638 EFLAGS: 00000046 [ 286.788527][ C1] RAX: 0000000000000001 RBX: 0000000000000006 RCX: 0000000080000002 [ 286.788535][ C1] RDX: 0000000000000000 RSI: ffffffff8aedcc60 RDI: ffffffff8b4bbfe0 [ 286.788543][ C1] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1d2cabe [ 286.788556][ C1] R10: fffffbfff1d2cabe R11: 1ffffffff1d2cabd R12: 0000000000000046 [ 286.788565][ C1] R13: ffff88813fed0000 R14: 00000000ffffffff R15: ffffffff8d326c40 [ 286.788573][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.788584][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.788593][ C1] CR2: 00005611ada35680 CR3: 000000000d08e000 CR4: 00000000003506e0 [ 286.788604][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.788611][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.788619][ C1] Call Trace: [ 286.788623][ C1] [ 286.788630][ C1] rcu_read_lock_sched_held+0x87/0x110 [ 286.788647][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 286.788662][ C1] ? native_set_ldt+0x120/0x120 [ 286.788733][ C1] trace_tlb_flush+0x93/0x210 [ 286.788757][ C1] switch_mm_irqs_off+0x5f6/0x9c0 [ 286.788775][ C1] ? __rwlock_init+0x140/0x140 [ 286.788792][ C1] ? switch_mm+0x150/0x150 [ 286.788809][ C1] ? text_poke_memcpy+0x5/0x10 [ 286.788823][ C1] ? text_poke_memcpy+0x5/0x10 [ 286.788837][ C1] ? kmem_cache_alloc_lru+0xb5/0x320 [ 286.788867][ C1] __text_poke+0x69e/0x900 [ 286.788881][ C1] ? kmem_cache_alloc_lru+0xb5/0x320 [ 286.788894][ C1] ? __text_poke+0x900/0x900 [ 286.788907][ C1] ? text_poke+0x90/0x90 [ 286.788920][ C1] ? perf_event_text_poke+0x233/0x310 [ 286.788962][ C1] ? perf_event_bpf_output+0x220/0x220 [ 286.788980][ C1] ? trace_contention_end+0x72/0x1d0 [ 286.788999][ C1] text_poke_bp_batch+0x64c/0x850 [ 286.789012][ C1] ? arch_jump_label_transform_apply+0xe/0x20 [ 286.789032][ C1] ? __kmem_cache_alloc_bulk+0xb5/0x3e0 [ 286.789046][ C1] ? text_poke_loc_init+0x500/0x500 [ 286.789061][ C1] ? __jump_label_update+0x38e/0x3b0 [ 286.789092][ C1] text_poke_finish+0x16/0x30 [ 286.789105][ C1] arch_jump_label_transform_apply+0x13/0x20 [ 286.789124][ C1] static_key_disable_cpuslocked+0xc8/0x1b0 [ 286.789138][ C1] static_key_disable+0x16/0x20 [ 286.789151][ C1] toggle_allocation_gate+0x1a8/0x240 [ 286.789166][ C1] ? virt_to_slab+0x2c0/0x2c0 [ 286.789178][ C1] ? rcu_read_lock_sched_held+0x87/0x110 [ 286.789193][ C1] ? wake_bit_function+0x240/0x240 [ 286.789222][ C1] ? do_raw_spin_unlock+0x134/0x8a0 [ 286.789242][ C1] process_one_work+0x877/0xdb0 [ 286.789284][ C1] ? worker_detach_from_pool+0x260/0x260 [ 286.789303][ C1] ? _raw_spin_lock_irq+0xba/0xf0 [ 286.789320][ C1] ? _raw_spin_lock_irqsave+0x100/0x100 [ 286.789341][ C1] worker_thread+0xb14/0x1330 [ 286.789370][ C1] kthread+0x266/0x300 [ 286.789383][ C1] ? rcu_lock_release+0x20/0x20 [ 286.789398][ C1] ? kthread_blkcg+0xd0/0xd0 [ 286.789412][ C1] ret_from_fork+0x1f/0x30 [ 286.789435][ C1] [ 286.790531][ T28] Kernel panic - not syncing: hung_task: blocked tasks [ 287.149359][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-syzkaller-14321-g0a924817d2ed #0 [ 287.158812][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 287.168856][ T28] Call Trace: [ 287.172128][ T28] [ 287.175055][ T28] dump_stack_lvl+0x1b1/0x290 [ 287.179738][ T28] ? nf_tcp_handle_invalid+0x630/0x630 [ 287.185195][ T28] ? panic+0x710/0x710 [ 287.189261][ T28] ? vscnprintf+0x59/0x80 [ 287.193588][ T28] panic+0x2d6/0x710 [ 287.197477][ T28] ? schedule_preempt_disabled+0x20/0x20 [ 287.203106][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.209261][ T28] ? memcpy_page_flushcache+0x100/0x100 [ 287.214805][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420 [ 287.220976][ T28] ? nmi_trigger_cpumask_backtrace+0x34e/0x420 [ 287.227330][ T28] ? nmi_trigger_cpumask_backtrace+0x353/0x420 [ 287.233494][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 287.239583][ T28] watchdog+0xd15/0xd20 [ 287.243772][ T28] kthread+0x266/0x300 [ 287.247853][ T28] ? hungtask_pm_notify+0x50/0x50 [ 287.252878][ T28] ? kthread_blkcg+0xd0/0xd0 [ 287.257476][ T28] ret_from_fork+0x1f/0x30 [ 287.261912][ T28] [ 287.265090][ T28] Kernel Offset: disabled [ 287.269409][ T28] Rebooting in 86400 seconds..