./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor161942249 <...> Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. execve("./syz-executor161942249", ["./syz-executor161942249"], 0x7ffc63dbbda0 /* 10 vars */) = 0 brk(NULL) = 0x555556681000 brk(0x555556681d00) = 0x555556681d00 arch_prctl(ARCH_SET_FS, 0x555556681380) = 0 set_tid_address(0x555556681650) = 5036 set_robust_list(0x555556681660, 24) = 0 rseq(0x555556681ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor161942249", 4096) = 27 getrandom("\x2a\xd2\x64\x67\xb6\x03\x68\xd0", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556681d00 brk(0x5555566a2d00) = 0x5555566a2d00 brk(0x5555566a3000) = 0x5555566a3000 mprotect(0x7fc39f713000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556681650) = 5037 ./strace-static-x86_64: Process 5037 attached [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5037] set_robust_list(0x555556681660, 24) = 0 ./strace-static-x86_64: Process 5038 attached [pid 5036] <... clone resumed>, child_tidptr=0x555556681650) = 5038 [pid 5037] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5038] set_robust_list(0x555556681660, 24 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5038] <... set_robust_list resumed>) = 0 [pid 5036] <... clone resumed>, child_tidptr=0x555556681650) = 5039 ./strace-static-x86_64: Process 5040 attached [pid 5038] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5040] set_robust_list(0x555556681660, 24) = 0 ./strace-static-x86_64: Process 5039 attached ./strace-static-x86_64: Process 5042 attached ./strace-static-x86_64: Process 5041 attached [pid 5040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5039] set_robust_list(0x555556681660, 24 [pid 5037] <... clone resumed>, child_tidptr=0x555556681650) = 5040 [pid 5039] <... set_robust_list resumed>) = 0 [pid 5042] set_robust_list(0x555556681660, 24 [pid 5041] set_robust_list(0x555556681660, 24 [pid 5040] <... prctl resumed>) = 0 [pid 5042] <... set_robust_list resumed>) = 0 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5040] setpgid(0, 0 [pid 5039] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5036] <... clone resumed>, child_tidptr=0x555556681650) = 5041 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5040] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 5044 attached [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5042] <... prctl resumed>) = 0 [pid 5040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5038] <... clone resumed>, child_tidptr=0x555556681650) = 5042 ./strace-static-x86_64: Process 5043 attached [pid 5044] set_robust_list(0x555556681660, 24 [pid 5042] setpgid(0, 0 [pid 5040] <... openat resumed>) = 3 [pid 5039] <... clone resumed>, child_tidptr=0x555556681650) = 5043 [pid 5044] <... set_robust_list resumed>) = 0 [pid 5042] <... setpgid resumed>) = 0 [pid 5043] set_robust_list(0x555556681660, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556681650) = 5044 [pid 5040] write(3, "1000", 4 [pid 5044] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5043] <... set_robust_list resumed>) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5040] <... write resumed>) = 4 ./strace-static-x86_64: Process 5045 attached [pid 5036] <... clone resumed>, child_tidptr=0x555556681650) = 5045 [pid 5043] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5040] close(3 [pid 5036] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5045] set_robust_list(0x555556681660, 24 [pid 5044] <... prctl resumed>) = 0 [pid 5043] <... prctl resumed>) = 0 [pid 5042] <... openat resumed>) = 3 [pid 5040] <... close resumed>) = 0 ./strace-static-x86_64: Process 5046 attached [pid 5045] <... set_robust_list resumed>) = 0 [pid 5044] setpgid(0, 0 [pid 5043] setpgid(0, 0 [pid 5040] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5046] set_robust_list(0x555556681660, 24 [pid 5040] <... openat resumed>) = 3 [pid 5046] <... set_robust_list resumed>) = 0 [pid 5044] <... setpgid resumed>) = 0 [pid 5042] write(3, "1000", 4 [pid 5045] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5043] <... setpgid resumed>) = 0 [pid 5042] <... write resumed>) = 4 [pid 5043] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5046] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5044] <... openat resumed>) = 3 [pid 5043] <... openat resumed>) = 3 [pid 5042] close(3 [pid 5036] <... clone resumed>, child_tidptr=0x555556681650) = 5046 [pid 5043] write(3, "1000", 4 [pid 5040] dup(3./strace-static-x86_64: Process 5047 attached [pid 5043] <... write resumed>) = 4 [pid 5047] set_robust_list(0x555556681660, 24 [pid 5045] <... clone resumed>, child_tidptr=0x555556681650) = 5047 [pid 5043] close(3 [pid 5040] <... dup resumed>) = 4 ./strace-static-x86_64: Process 5048 attached [pid 5047] <... set_robust_list resumed>) = 0 [pid 5044] write(3, "1000", 4 [pid 5043] <... close resumed>) = 0 [pid 5042] <... close resumed>) = 0 [pid 5040] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5044] <... write resumed>) = 4 [pid 5048] set_robust_list(0x555556681660, 24 [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5046] <... clone resumed>, child_tidptr=0x555556681650) = 5048 [pid 5044] close(3 [pid 5043] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5042] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5044] <... close resumed>) = 0 [pid 5048] <... set_robust_list resumed>) = 0 [pid 5047] <... prctl resumed>) = 0 [pid 5044] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5043] <... openat resumed>) = 3 [pid 5042] <... openat resumed>) = 3 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5047] setpgid(0, 0 [pid 5044] <... openat resumed>) = 3 [pid 5043] dup(3 [pid 5047] <... setpgid resumed>) = 0 [pid 5048] <... prctl resumed>) = 0 [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5044] dup(3 [pid 5048] setpgid(0, 0 [pid 5044] <... dup resumed>) = 4 [pid 5048] <... setpgid resumed>) = 0 [pid 5044] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5047] <... openat resumed>) = 3 [pid 5043] <... dup resumed>) = 4 [pid 5042] dup(3 [pid 5047] write(3, "1000", 4) = 4 [pid 5043] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5048] <... openat resumed>) = 3 [pid 5047] close(3 [pid 5042] <... dup resumed>) = 4 [pid 5048] write(3, "1000", 4 [pid 5047] <... close resumed>) = 0 [pid 5048] <... write resumed>) = 4 [pid 5047] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5042] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5048] close(3) = 0 [pid 5047] <... openat resumed>) = 3 [pid 5047] dup(3) = 4 [pid 5048] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME [pid 5047] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5048] <... openat resumed>) = 3 [pid 5048] dup(3) = 4 [pid 5048] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5037] kill(-5040, SIGKILL) = 0 [pid 5037] kill(5040, SIGKILL) = 0 [pid 5041] kill(-5044, SIGKILL [pid 5038] kill(-5042, SIGKILL [pid 5041] <... kill resumed>) = 0 [pid 5038] <... kill resumed>) = 0 [pid 5041] kill(5044, SIGKILL [pid 5038] kill(5042, SIGKILL [pid 5041] <... kill resumed>) = 0 [pid 5038] <... kill resumed>) = 0 [pid 5039] kill(-5043, SIGKILL) = 0 [pid 5039] kill(5043, SIGKILL) = 0 [pid 5045] kill(-5047, SIGKILL) = 0 [pid 5045] kill(5047, SIGKILL) = 0 [pid 5046] kill(-5048, SIGKILL) = 0 [pid 5046] kill(5048, SIGKILL) = 0 [pid 5039] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5041] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5046] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5041] <... openat resumed>) = 3 [pid 5039] <... openat resumed>) = 3 [pid 5046] <... openat resumed>) = 3 [pid 5046] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5041] newfstatat(3, "", [pid 5046] getdents64(3, [pid 5041] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5039] newfstatat(3, "", [pid 5041] getdents64(3, [pid 5039] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5046] <... getdents64 resumed>0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5041] <... getdents64 resumed>0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5041] getdents64(3, [pid 5046] getdents64(3, [pid 5041] <... getdents64 resumed>0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5041] close(3 [pid 5046] <... getdents64 resumed>0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5046] close(3 [pid 5041] <... close resumed>) = 0 [pid 5039] getdents64(3, [pid 5046] <... close resumed>) = 0 [pid 5039] <... getdents64 resumed>0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5039] getdents64(3, 0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5045] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5038] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5045] <... openat resumed>) = 3 [pid 5038] <... openat resumed>) = 3 [pid 5045] newfstatat(3, "", [pid 5038] newfstatat(3, "", [pid 5045] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5038] <... newfstatat resumed>{st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5045] getdents64(3, [pid 5039] close(3 [pid 5038] getdents64(3, 0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5039] <... close resumed>) = 0 [pid 5038] getdents64(3, [pid 5045] <... getdents64 resumed>0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5038] <... getdents64 resumed>0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5045] getdents64(3, [pid 5038] close(3 [pid 5045] <... getdents64 resumed>0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5038] <... close resumed>) = 0 [pid 5045] close(3) = 0 [pid 5037] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5037] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5037] getdents64(3, 0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5037] getdents64(3, 0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5037] close(3) = 0 [ 76.109012][ T27] cfg80211: failed to load regulatory.db [pid 5040] <... fallocate resumed>) = ? [pid 5040] +++ killed by SIGKILL +++ [pid 5037] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5040, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5160 /* 51.60 s */} --- [pid 5037] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5065 attached [pid 5065] set_robust_list(0x555556681660, 24 [pid 5037] <... clone resumed>, child_tidptr=0x555556681650) = 5065 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5065] setpgid(0, 0) = 0 [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5065] write(3, "1000", 4) = 4 [pid 5065] close(3) = 0 [pid 5065] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5065] dup(3) = 4 [pid 5065] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5037] kill(-5065, SIGKILL) = 0 [pid 5037] kill(5065, SIGKILL) = 0 [pid 5037] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5037] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5037] getdents64(3, 0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5037] getdents64(3, 0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5037] close(3) = 0 [pid 5044] <... fallocate resumed>) = ? [pid 5044] +++ killed by SIGKILL +++ [pid 5041] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5044, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5037 /* 50.37 s */} --- [pid 5041] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached [pid 5066] set_robust_list(0x555556681660, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556681650) = 5066 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5066] dup(3) = 4 [pid 5066] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5041] kill(-5066, SIGKILL) = 0 [pid 5041] kill(5066, SIGKILL) = 0 [pid 5041] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5041] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5041] getdents64(3, 0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5041] getdents64(3, 0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5041] close(3) = 0 [pid 5043] <... fallocate resumed>) = ? [pid 5043] +++ killed by SIGKILL +++ [pid 5039] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5043, si_uid=0, si_status=SIGKILL, si_utime=0, si_stime=5157 /* 51.57 s */} --- [pid 5039] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5073 attached , child_tidptr=0x555556681650) = 5073 [pid 5073] set_robust_list(0x555556681660, 24) = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] write(3, "1000", 4) = 4 [pid 5073] close(3) = 0 [pid 5073] openat(AT_FDCWD, "/dev/nullb0", O_RDWR|O_NONBLOCK|O_SYNC|O_LARGEFILE|O_NOATIME) = 3 [pid 5073] dup(3) = 4 [pid 5073] fallocate(4, FALLOC_FL_KEEP_SIZE|FALLOC_FL_ZERO_RANGE, 0, 9223372036854775807 [pid 5039] kill(-5073, SIGKILL) = 0 [pid 5039] kill(5073, SIGKILL) = 0 [pid 5039] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5039] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5039] getdents64(3, 0x5555566826f0 /* 2 entries */, 32768) = 48 [pid 5039] getdents64(3, 0x5555566826f0 /* 0 entries */, 32768) = 0 [pid 5039] close(3) = 0 [ 285.991070][ T29] INFO: task syz-executor161:5047 blocked for more than 143 seconds. [ 285.999369][ T29] Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 286.007362][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.016388][ T29] task:syz-executor161 state:D stack:28160 pid:5047 ppid:5045 flags:0x00004006 [ 286.025915][ T29] Call Trace: [ 286.029435][ T29] [ 286.032422][ T29] __schedule+0xee1/0x5a10 [ 286.036879][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.042924][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 286.048529][ T29] ? io_schedule_timeout+0x150/0x150 [ 286.053902][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 286.060191][ T29] schedule+0xe7/0x1b0 [ 286.064602][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.070357][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 286.076401][ T29] ? down_timeout+0x90/0x90 [ 286.081232][ T29] ? lock_sync+0x190/0x190 [ 286.085672][ T29] ? preempt_count_sub+0x150/0x150 [ 286.091192][ T29] down_write+0x1d3/0x200 [ 286.095837][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 286.102236][ T29] blkdev_fallocate+0x1e9/0x450 [ 286.107136][ T29] ? file_to_blk_mode+0x130/0x130 [ 286.112421][ T29] vfs_fallocate+0x46c/0xe80 [ 286.117121][ T29] __x64_sys_fallocate+0xd5/0x140 [ 286.122505][ T29] do_syscall_64+0x38/0xb0 [ 286.127231][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.133451][ T29] RIP: 0033:0x7fc39f6a0b29 [ 286.138163][ T29] RSP: 002b:00007ffdda0030b8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.146927][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc39f6a0b29 [ 286.155195][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.163491][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.171855][ T29] R10: 7fffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 286.179923][ T29] R13: 00007ffdda0032d8 R14: 00007ffdda0030e0 R15: 00007ffdda0030d0 [ 286.187969][ T29] [ 286.191034][ T29] INFO: task syz-executor161:5048 blocked for more than 143 seconds. [ 286.199106][ T29] Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 286.206854][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.215889][ T29] task:syz-executor161 state:D stack:28160 pid:5048 ppid:5046 flags:0x00004006 [ 286.225459][ T29] Call Trace: [ 286.229033][ T29] [ 286.232265][ T29] __schedule+0xee1/0x5a10 [ 286.236705][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.245683][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 286.251570][ T29] ? io_schedule_timeout+0x150/0x150 [ 286.257132][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 286.263099][ T29] schedule+0xe7/0x1b0 [ 286.267188][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.272694][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 286.278784][ T29] ? down_timeout+0x90/0x90 [ 286.283625][ T29] ? lock_sync+0x190/0x190 [ 286.288373][ T29] ? preempt_count_sub+0x150/0x150 [ 286.294070][ T29] down_write+0x1d3/0x200 [ 286.298719][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 286.305087][ T29] blkdev_fallocate+0x1e9/0x450 [ 286.310226][ T29] ? file_to_blk_mode+0x130/0x130 [ 286.315556][ T29] vfs_fallocate+0x46c/0xe80 [ 286.320176][ T29] __x64_sys_fallocate+0xd5/0x140 [ 286.325279][ T29] do_syscall_64+0x38/0xb0 [ 286.329713][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.335668][ T29] RIP: 0033:0x7fc39f6a0b29 [ 286.340093][ T29] RSP: 002b:00007ffdda0030b8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.349025][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc39f6a0b29 [ 286.357328][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.365613][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.373900][ T29] R10: 7fffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 286.382184][ T29] R13: 00007ffdda0032d8 R14: 00007ffdda0030e0 R15: 00007ffdda0030d0 [ 286.390442][ T29] [ 286.393893][ T29] INFO: task syz-executor161:5065 blocked for more than 143 seconds. [ 286.402271][ T29] Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 286.409821][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.418530][ T29] task:syz-executor161 state:D stack:27520 pid:5065 ppid:5037 flags:0x00004006 [ 286.428041][ T29] Call Trace: [ 286.431680][ T29] [ 286.434628][ T29] __schedule+0xee1/0x5a10 [ 286.439432][ T29] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.445761][ T29] ? print_usage_bug.part.0+0x670/0x670 [ 286.451667][ T29] ? io_schedule_timeout+0x150/0x150 [ 286.457238][ T29] ? rwsem_down_write_slowpath+0x48e/0x12a0 [ 286.463211][ T29] schedule+0xe7/0x1b0 [ 286.467872][ T29] schedule_preempt_disabled+0x13/0x20 [ 286.473715][ T29] rwsem_down_write_slowpath+0x53d/0x12a0 [ 286.479459][ T29] ? down_timeout+0x90/0x90 [ 286.484026][ T29] ? lock_sync+0x190/0x190 [ 286.488462][ T29] ? preempt_count_sub+0x150/0x150 [ 286.493639][ T29] down_write+0x1d3/0x200 [ 286.498259][ T29] ? rwsem_down_write_slowpath+0x12a0/0x12a0 [ 286.504576][ T29] blkdev_fallocate+0x1e9/0x450 [ 286.509736][ T29] ? file_to_blk_mode+0x130/0x130 [ 286.515086][ T29] vfs_fallocate+0x46c/0xe80 [ 286.519961][ T29] __x64_sys_fallocate+0xd5/0x140 [ 286.525318][ T29] do_syscall_64+0x38/0xb0 [ 286.530087][ T29] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.536304][ T29] RIP: 0033:0x7fc39f6a0b29 [ 286.540770][ T29] RSP: 002b:00007ffdda0030b8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 286.549348][ T29] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc39f6a0b29 [ 286.557708][ T29] RDX: 0000000000000000 RSI: 0000000000000011 RDI: 0000000000000004 [ 286.566008][ T29] RBP: 00000000000f4240 R08: 00000000000000a0 R09: 00000000000000a0 [ 286.574334][ T29] R10: 7fffffffffffffff R11: 0000000000000246 R12: 000000000000d58c [ 286.582678][ T29] R13: 00007ffdda0030cc R14: 00007ffdda0030e0 R15: 00007ffdda0030d0 [ 286.591434][ T29] [ 286.594485][ T29] [ 286.594485][ T29] Showing all locks held in the system: [ 286.602623][ T29] 1 lock held by khungtaskd/29: [ 286.607475][ T29] #0: ffffffff8cbab2e0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 286.617849][ T29] 2 locks held by klogd/4480: [ 286.622961][ T29] 2 locks held by getty/4788: [ 286.627642][ T29] #0: ffff88802a0c20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 286.637911][ T29] #1: ffffc90002efe2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc5/0x1480 [ 286.648567][ T29] 1 lock held by syz-executor161/5042: [ 286.654480][ T29] 1 lock held by syz-executor161/5047: [ 286.660243][ T29] #0: ffff888148890940 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 286.671274][ T29] 1 lock held by syz-executor161/5048: [ 286.677017][ T29] #0: ffff888148890940 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 286.688229][ T29] 1 lock held by syz-executor161/5065: [ 286.693741][ T29] #0: ffff888148890940 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 286.704656][ T29] 1 lock held by syz-executor161/5066: [ 286.710119][ T29] #0: ffff888148890940 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 286.721151][ T29] 1 lock held by syz-executor161/5073: [ 286.726900][ T29] #0: ffff888148890940 (mapping.invalidate_lock#2){++++}-{3:3}, at: blkdev_fallocate+0x1e9/0x450 [ 286.737832][ T29] [ 286.740393][ T29] ============================================= [ 286.740393][ T29] [ 286.749257][ T29] NMI backtrace for cpu 0 [ 286.753673][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 286.763472][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 286.773693][ T29] Call Trace: [ 286.776950][ T29] [ 286.779878][ T29] dump_stack_lvl+0xd9/0x1b0 [ 286.784469][ T29] nmi_cpu_backtrace+0x277/0x380 [ 286.789386][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 286.794566][ T29] nmi_trigger_cpumask_backtrace+0x299/0x300 [ 286.800524][ T29] watchdog+0xf87/0x1210 [ 286.804763][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 286.810718][ T29] ? lockdep_hardirqs_on+0x7d/0x100 [ 286.815995][ T29] ? __kthread_parkme+0x14b/0x220 [ 286.820999][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 286.826954][ T29] kthread+0x33c/0x440 [ 286.830999][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.836182][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.841821][ T29] ret_from_fork+0x45/0x80 [ 286.846229][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 286.852022][ T29] ret_from_fork_asm+0x11/0x20 [ 286.856794][ T29] [ 286.859889][ T29] Sending NMI from CPU 0 to CPUs 1: [ 286.865147][ C1] NMI backtrace for cpu 1 [ 286.865155][ C1] CPU: 1 PID: 4480 Comm: klogd Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 286.865169][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 286.865176][ C1] RIP: 0010:__lock_acquire+0x794/0x5de0 [ 286.865197][ C1] Code: 20 66 81 e2 ff 1f 0f b7 da be 08 00 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 80 ee 9e 91 e8 14 5e 75 00 48 0f a3 1d 7c c3 36 10 <0f> 82 12 ff ff ff 48 8b 44 24 48 0f b6 10 48 c7 c0 e0 d5 2d 92 83 [ 286.865209][ C1] RSP: 0018:ffffc90003147348 EFLAGS: 00000047 [ 286.865220][ C1] RAX: 0000000000000001 RBX: 0000000000000179 RCX: ffffffff81682afc [ 286.865227][ C1] RDX: fffffbfff233ddd6 RSI: 0000000000000008 RDI: ffffffff919eeea8 [ 286.865235][ C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: fffffbfff233ddd5 [ 286.865243][ C1] R10: ffffffff919eeeaf R11: dffffc0000000000 R12: ffffed100fc84c80 [ 286.865251][ C1] R13: 0000000000000000 R14: ffff88807e425940 R15: 0000000000000004 [ 286.865261][ C1] FS: 00007f0869267380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 286.865274][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.865282][ C1] CR2: 0000000020001008 CR3: 000000007ee52000 CR4: 0000000000350ee0 [ 286.865290][ C1] Call Trace: [ 286.865295][ C1] [ 286.865299][ C1] ? show_regs+0x8f/0xa0 [ 286.865314][ C1] ? nmi_cpu_backtrace+0x1d4/0x380 [ 286.865328][ C1] ? nmi_cpu_backtrace_handler+0xc/0x10 [ 286.865345][ C1] ? nmi_handle+0x1a6/0x570 [ 286.865361][ C1] ? __lock_acquire+0x794/0x5de0 [ 286.865377][ C1] ? default_do_nmi+0x69/0x160 [ 286.865393][ C1] ? exc_nmi+0x171/0x1e0 [ 286.865408][ C1] ? end_repeat_nmi+0x16/0x31 [ 286.865426][ C1] ? __lock_acquire+0x78c/0x5de0 [ 286.865442][ C1] ? __lock_acquire+0x794/0x5de0 [ 286.865458][ C1] ? __lock_acquire+0x794/0x5de0 [ 286.865474][ C1] ? __lock_acquire+0x794/0x5de0 [ 286.865490][ C1] [ 286.865493][ C1] [ 286.865500][ C1] ? mark_lock+0x105/0x1950 [ 286.865515][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.865533][ C1] ? print_usage_bug.part.0+0x670/0x670 [ 286.865548][ C1] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 286.865567][ C1] lock_acquire+0x1ae/0x510 [ 286.865583][ C1] ? debug_check_no_obj_freed+0xe1/0x4c0 [ 286.865604][ C1] ? lock_sync+0x190/0x190 [ 286.865619][ C1] ? debug_check_no_obj_freed+0x245/0x4c0 [ 286.865637][ C1] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.865656][ C1] _raw_spin_lock_irqsave+0x3a/0x50 [ 286.865669][ C1] ? debug_check_no_obj_freed+0xe1/0x4c0 [ 286.865687][ C1] debug_check_no_obj_freed+0xe1/0x4c0 [ 286.865709][ C1] free_unref_page_prepare+0x1e5/0xa40 [ 286.865731][ C1] free_unref_page+0x33/0x3b0 [ 286.865744][ C1] __unfreeze_partials+0x21d/0x240 [ 286.865762][ C1] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.865783][ C1] qlist_free_all+0x6a/0x170 [ 286.865798][ C1] kasan_quarantine_reduce+0x18e/0x1d0 [ 286.865814][ C1] __kasan_kmalloc+0x86/0xb0 [ 286.865832][ C1] ? __alloc_skb+0x12b/0x330 [ 286.865857][ C1] __kmalloc_node_track_caller+0x61/0x100 [ 286.865871][ C1] kmalloc_reserve+0xef/0x260 [ 286.865890][ C1] __alloc_skb+0x12b/0x330 [ 286.865908][ C1] ? __napi_build_skb+0x50/0x50 [ 286.865929][ C1] alloc_skb_with_frags+0xe4/0x710 [ 286.865945][ C1] sock_alloc_send_pskb+0x7e4/0x970 [ 286.865961][ C1] ? lock_acquire+0x1ae/0x510 [ 286.865979][ C1] ? sock_wmalloc+0x120/0x120 [ 286.865993][ C1] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.866009][ C1] ? do_raw_spin_lock+0x12e/0x2b0 [ 286.866026][ C1] ? spin_bug+0x1d0/0x1d0 [ 286.866045][ C1] unix_dgram_sendmsg+0x455/0x1c30 [ 286.866061][ C1] ? aa_sk_perm+0x2c1/0xad0 [ 286.866079][ C1] ? unix_dgram_connect+0xba0/0xba0 [ 286.866091][ C1] ? aa_af_perm+0x260/0x260 [ 286.866109][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 286.866127][ C1] ? unix_dgram_connect+0xba0/0xba0 [ 286.866141][ C1] __sock_sendmsg+0xd5/0x180 [ 286.866160][ C1] __sys_sendto+0x255/0x340 [ 286.866172][ C1] ? __ia32_sys_getpeername+0xb0/0xb0 [ 286.866184][ C1] ? reacquire_held_locks+0x4b0/0x4b0 [ 286.866201][ C1] ? preempt_count_sub+0x150/0x150 [ 286.866223][ C1] ? preempt_count_sub+0x150/0x150 [ 286.866247][ C1] __x64_sys_sendto+0xe0/0x1b0 [ 286.866259][ C1] ? syscall_enter_from_user_mode+0x26/0x80 [ 286.866277][ C1] do_syscall_64+0x38/0xb0 [ 286.866291][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 286.866306][ C1] RIP: 0033:0x7f08693c99b5 [ 286.866316][ C1] Code: 8b 44 24 08 48 83 c4 28 48 98 c3 48 98 c3 41 89 ca 64 8b 04 25 18 00 00 00 85 c0 75 26 45 31 c9 45 31 c0 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 7a 48 8b 15 44 c4 0c 00 f7 d8 64 89 02 48 83 [ 286.866327][ C1] RSP: 002b:00007ffed9ae05b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 286.866339][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f08693c99b5 [ 286.866347][ C1] RDX: 0000000000000039 RSI: 0000565273ffbb00 RDI: 0000000000000003 [ 286.866355][ C1] RBP: 0000565273ff7910 R08: 0000000000000000 R09: 0000000000000000 [ 286.866362][ C1] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000013 [ 286.866370][ C1] R13: 00007f0869557212 R14: 00007ffed9ae06b8 R15: 0000000000000000 [ 286.866381][ C1] [ 286.866386][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.239 msecs [ 286.867462][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 287.385563][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0 [ 287.395385][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 287.405430][ T29] Call Trace: [ 287.408701][ T29] [ 287.411623][ T29] dump_stack_lvl+0xd9/0x1b0 [ 287.416238][ T29] panic+0x6a6/0x750 [ 287.420131][ T29] ? panic_smp_self_stop+0xa0/0xa0 [ 287.425240][ T29] ? lapic_can_unplug_cpu+0xa0/0xa0 [ 287.430631][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 287.436004][ T29] ? watchdog+0xd3e/0x1210 [ 287.440519][ T29] watchdog+0xd4f/0x1210 [ 287.444763][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.450753][ T29] ? lockdep_hardirqs_on+0x7d/0x100 [ 287.455950][ T29] ? __kthread_parkme+0x14b/0x220 [ 287.460967][ T29] ? proc_dohung_task_timeout_secs+0x90/0x90 [ 287.467112][ T29] kthread+0x33c/0x440 [ 287.471181][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.476376][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.482007][ T29] ret_from_fork+0x45/0x80 [ 287.486509][ T29] ? kthread_complete_and_exit+0x40/0x40 [ 287.492324][ T29] ret_from_fork_asm+0x11/0x20 [ 287.497092][ T29] [ 287.500897][ T29] Kernel Offset: disabled [ 287.505221][ T29] Rebooting in 86400 seconds..