./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4051127149 <...> [ 104.942675][ T10] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.247' (ED25519) to the list of known hosts. execve("./syz-executor4051127149", ["./syz-executor4051127149"], 0x7ffe3c723bd0 /* 10 vars */) = 0 brk(NULL) = 0x5555821bd000 brk(0x5555821bdd40) = 0x5555821bdd40 arch_prctl(ARCH_SET_FS, 0x5555821bd3c0) = 0 set_tid_address(0x5555821bd690) = 5828 set_robust_list(0x5555821bd6a0, 24) = 0 rseq(0x5555821bdce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4051127149", 4096) = 28 getrandom("\x3a\x91\x14\x4b\xc4\xce\x74\xe2", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555821bdd40 brk(0x5555821ded40) = 0x5555821ded40 brk(0x5555821df000) = 0x5555821df000 mprotect(0x7f4daeb2a000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5829 attached , child_tidptr=0x5555821bd690) = 5829 [pid 5829] set_robust_list(0x5555821bd6a0, 24) = 0 [pid 5829] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5829] setpgid(0, 0) = 0 [pid 5829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5829] write(3, "1000", 4) = 4 [pid 5829] close(3) = 0 [pid 5829] write(1, "executing program\n", 18executing program ) = 18 [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] rt_sigaction(SIGRT_1, {sa_handler=0x7f4daeac93f0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f4daeabaaa0}, NULL, 8) = 0 [pid 5829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4daea38000 [pid 5829] mprotect(0x7f4daea39000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4daea58990, parent_tid=0x7f4daea58990, exit_signal=0, stack=0x7f4daea38000, stack_size=0x20300, tls=0x7f4daea586c0}./strace-static-x86_64: Process 5830 attached => {parent_tid=[5830]}, 88) = 5830 [pid 5830] rseq(0x7f4daea58fe0, 0x20, 0, 0x53053053 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5830] <... rseq resumed>) = 0 [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] set_robust_list(0x7f4daea589a0, 24 [pid 5829] futex(0x7f4daeb30608, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] <... set_robust_list resumed>) = 0 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5830] memfd_create("syzkaller", 0) = 3 [pid 5830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4da6600000 [pid 5830] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5830] munmap(0x7f4da6600000, 138412032) = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5830] close(3) = 0 [pid 5830] close(4) = 0 [pid 5830] mkdir("./file1", 0777) = 0 [ 105.920532][ T5830] loop0: detected capacity change from 0 to 32768 [ 106.026832][ T5830] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 106.026856][ T5830] allowing incompatible features above 0.0: (unknown version) [ 106.026869][ T5830] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 106.063979][ T5830] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 106.072446][ T5830] bcachefs (loop0): initializing new filesystem [ 106.092827][ T5830] bcachefs (loop0): going read-write [ 106.136964][ T5830] bcachefs (loop0): marking superblocks [ 106.160288][ T5830] bcachefs (loop0): initializing freespace [ 106.171612][ T5830] bcachefs (loop0): done initializing freespace [pid 5830] mount("/dev/loop0", "./file1", "bcachefs", MS_SYNCHRONOUS|MS_NODIRATIME, "") = 0 [pid 5830] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 106.182851][ T5830] bcachefs (loop0): reading snapshots table [ 106.189016][ T5830] bcachefs (loop0): reading snapshots done [ 106.213267][ T5830] bcachefs (loop0): loop0: Superblock write was silently dropped! (seq 0 expected 42) [ 106.225699][ T5830] bcachefs (loop0): done starting filesystem [pid 5830] chdir("./file1") = 0 [pid 5830] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5830] ioctl(4, LOOP_CLR_FD) = 0 [pid 5830] close(4) = 0 [pid 5830] futex(0x7f4daeb3060c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] futex(0x7f4daeb30608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f4daeb30608, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 0756) = 4 [pid 5830] futex(0x7f4daeb3060c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5829] futex(0x7f4daeb30608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] open("./file1", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_DIRECT|O_NOATIME, 000 [pid 5829] <... futex resumed>) = 0 [pid 5830] <... open resumed>) = 5 [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] futex(0x7f4daeb3060c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f4daeb30608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] ftruncate(5, 33587196 [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] <... ftruncate resumed>) = 0 [pid 5830] futex(0x7f4daeb3060c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5829] <... futex resumed>) = 0 [pid 5830] futex(0x7f4daeb30608, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f4daeb30608, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5829] <... futex resumed>) = 0 [pid 5829] futex(0x7f4daeb3060c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5830] sendfile(5, 5, NULL, 34359738377 [pid 5829] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5829] futex(0x7f4daeb3061c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f4daea17000 [pid 5829] mprotect(0x7f4daea18000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5829] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f4daea37990, parent_tid=0x7f4daea37990, exit_signal=0, stack=0x7f4daea17000, stack_size=0x20300, tls=0x7f4daea376c0}./strace-static-x86_64: Process 5842 attached [pid 5842] rseq(0x7f4daea37fe0, 0x20, 0, 0x53053053) = 0 [pid 5842] set_robust_list(0x7f4daea379a0, 24 [pid 5829] <... clone3 resumed> => {parent_tid=[5842]}, 88) = 5842 [pid 5842] <... set_robust_list resumed>) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] futex(0x7f4daeb30618, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5829] <... futex resumed>) = 0 [pid 5842] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 6 [pid 5829] futex(0x7f4daeb3061c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5842] futex(0x7f4daeb3061c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f4daeb30618, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5829] futex(0x7f4daeb30618, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5829] <... futex resumed>) = 1 [pid 5842] sendfile(6, 6, NULL, 238724842 [pid 5829] futex(0x7f4daeb3061c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5829] exit_group(0) = ? [pid 5828] kill(-5829, SIGKILL) = 0 [pid 5828] kill(5829, SIGKILL) = 0 [pid 5828] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5828] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5828] getdents64(3, 0x5555821be730 /* 2 entries */, 32768) = 48 [pid 5828] getdents64(3, 0x5555821be730 /* 0 entries */, 32768) = 0 [pid 5828] close(3) = 0 [ 294.385535][ T31] INFO: task syz-executor405:5830 blocked for more than 143 seconds. [ 294.393991][ T31] Not tainted 6.16.0-rc2-syzkaller #0 [ 294.400036][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 294.408830][ T31] task:syz-executor405 state:D stack:16056 pid:5830 tgid:5829 ppid:5828 task_flags:0x400140 flags:0x00004006 [ 294.420943][ T31] Call Trace: [ 294.424286][ T31] [ 294.427243][ T31] __schedule+0x16a2/0x4cb0 [ 294.431947][ T31] ? schedule+0x165/0x360 [ 294.436371][ T31] ? __pfx___schedule+0x10/0x10 [ 294.441341][ T31] ? schedule+0x91/0x360 [ 294.445635][ T31] schedule+0x165/0x360 [ 294.449985][ T31] io_schedule+0x81/0xe0 [ 294.454283][ T31] folio_wait_bit_common+0x6b0/0xb90 [ 294.459742][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 294.465600][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 294.471253][ T31] ? __filemap_fdatawait_range+0x1d2/0x230 [ 294.477136][ T31] ? __pfx___filemap_fdatawait_range+0x10/0x10 [ 294.483395][ T31] ? do_sendfile+0x4da/0x7e0 [ 294.488083][ T31] invalidate_inode_pages2_range+0x557/0xa80 [ 294.494201][ T31] ? __pfx_invalidate_inode_pages2_range+0x10/0x10 [ 294.500883][ T31] bch2_write_invalidate_inode_pages_range+0xc5/0x110 [ 294.507702][ T31] bch2_direct_write+0x2a62/0x2ce0 [ 294.512984][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 294.518385][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 294.523717][ T31] ? kernel_text_address+0xa5/0xe0 [ 294.528924][ T31] ? __kernel_text_address+0xd/0x40 [ 294.534226][ T31] ? unwind_get_return_address+0x4d/0x90 [ 294.539986][ T31] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 294.546198][ T31] ? arch_stack_walk+0xfc/0x150 [ 294.551177][ T31] ? __pfx_bch2_direct_write+0x10/0x10 [ 294.556716][ T31] ? kasan_save_track+0x4f/0x80 [ 294.561677][ T31] ? kasan_save_track+0x3e/0x80 [ 294.566576][ T31] bch2_write_iter+0x18f/0x2b90 [ 294.571510][ T31] ? __se_sys_sendfile64+0x13e/0x190 [ 294.576845][ T31] ? do_syscall_64+0xfa/0x3b0 [ 294.581647][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.587813][ T31] ? __pfx_bch2_write_iter+0x10/0x10 [ 294.593209][ T31] ? splice_from_pipe_next+0x608/0x660 [ 294.598756][ T31] ? __asan_memset+0x22/0x50 [ 294.603474][ T31] iter_file_splice_write+0x937/0x1000 [ 294.609003][ T31] ? __pfx_iter_file_splice_write+0x10/0x10 [ 294.614991][ T31] ? rcu_read_lock_any_held+0xb3/0x120 [ 294.620596][ T31] ? direct_splice_actor+0x10c/0x160 [ 294.625914][ T31] ? __pfx_iter_file_splice_write+0x10/0x10 [ 294.631894][ T31] direct_splice_actor+0x101/0x160 [ 294.637072][ T31] splice_direct_to_actor+0x5a5/0xcc0 [ 294.642585][ T31] ? __pfx_direct_splice_actor+0x10/0x10 [ 294.648293][ T31] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 294.654312][ T31] do_splice_direct+0x181/0x270 [ 294.659220][ T31] ? __pfx_do_splice_direct+0x10/0x10 [ 294.664722][ T31] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 294.670724][ T31] ? rw_verify_area+0x258/0x650 [ 294.675637][ T31] do_sendfile+0x4da/0x7e0 [ 294.680186][ T31] ? __pfx_do_sendfile+0x10/0x10 [ 294.685179][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 294.690483][ T31] ? ptrace_notify+0x22d/0x2c0 [ 294.695334][ T31] __se_sys_sendfile64+0x13e/0x190 [ 294.700582][ T31] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 294.706282][ T31] ? rcu_is_watching+0x15/0xb0 [ 294.711219][ T31] do_syscall_64+0xfa/0x3b0 [ 294.715780][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.721931][ T31] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 294.727629][ T31] ? clear_bhb_loop+0x60/0xb0 [ 294.732393][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.738331][ T31] RIP: 0033:0x7f4daeaa3509 [ 294.743218][ T31] RSP: 002b:00007f4daea58218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 294.751784][ T31] RAX: ffffffffffffffda RBX: 00007f4daeb30608 RCX: 00007f4daeaa3509 [ 294.759843][ T31] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005 [ 294.767861][ T31] RBP: 00007f4daeb30600 R08: 0000000000000000 R09: 0000000000000000 [ 294.775939][ T31] R10: 0000000800000009 R11: 0000000000000246 R12: 00007f4daeafcb48 [ 294.783994][ T31] R13: 0031656c69662f2e R14: 0000200000000240 R15: 0000200000000040 [ 294.792095][ T31] [ 294.795234][ T31] INFO: task syz-executor405:5842 blocked for more than 143 seconds. [ 294.803390][ T31] Not tainted 6.16.0-rc2-syzkaller #0 [ 294.809371][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 294.818143][ T31] task:syz-executor405 state:D stack:24392 pid:5842 tgid:5829 ppid:5828 task_flags:0x440040 flags:0x00004006 [ 294.830398][ T31] Call Trace: [ 294.833713][ T31] [ 294.836657][ T31] __schedule+0x16a2/0x4cb0 [ 294.841281][ T31] ? blk_mq_flush_plug_list+0x41f/0x550 [ 294.846932][ T31] ? do_raw_spin_lock+0x121/0x290 [ 294.852071][ T31] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 294.858054][ T31] ? schedule+0x165/0x360 [ 294.862489][ T31] ? __lock_acquire+0xab9/0xd20 [ 294.867401][ T31] ? __pfx___schedule+0x10/0x10 [ 294.872396][ T31] ? schedule+0x91/0x360 [ 294.876692][ T31] schedule+0x165/0x360 [ 294.880962][ T31] __bch2_two_state_lock+0x1ea/0x370 [ 294.886315][ T31] ? __pfx___bch2_two_state_lock+0x10/0x10 [ 294.892234][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 294.898370][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 294.903740][ T31] ? blk_start_plug+0x52/0x1b0 [ 294.908571][ T31] bch2_readahead+0x94f/0x1100 [ 294.913473][ T31] ? __pfx_bch2_readahead+0x10/0x10 [ 294.918718][ T31] ? preempt_schedule_irq+0xde/0x150 [ 294.924111][ T31] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 294.929966][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.935212][ T31] ? __pfx_bch2_readahead+0x10/0x10 [ 294.940534][ T31] read_pages+0x17a/0x580 [ 294.944923][ T31] ? __pfx_read_pages+0x10/0x10 [ 294.949865][ T31] ? filemap_add_folio+0x1af/0x270 [ 294.955013][ T31] page_cache_ra_order+0xa24/0xc70 [ 294.960233][ T31] filemap_get_pages+0x43c/0x1ea0 [ 294.965321][ T31] ? __pfx_filemap_get_pages+0x10/0x10 [ 294.970872][ T31] ? stack_trace_save+0x9c/0xe0 [ 294.975764][ T31] ? __pfx___might_resched+0x10/0x10 [ 294.981279][ T31] filemap_splice_read+0x4fc/0xbc0 [ 294.986457][ T31] ? __pfx_filemap_splice_read+0x10/0x10 [ 294.992405][ T31] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 294.997839][ T31] ? alloc_pipe_info+0x374/0x4d0 [ 295.002864][ T31] ? __pfx_filemap_splice_read+0x10/0x10 [ 295.008540][ T31] splice_direct_to_actor+0x4a6/0xcc0 [ 295.014038][ T31] ? __schedule+0x16c0/0x4cb0 [ 295.018772][ T31] ? __pfx_direct_splice_actor+0x10/0x10 [ 295.024481][ T31] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 295.030493][ T31] do_splice_direct+0x181/0x270 [ 295.035373][ T31] ? __pfx_do_splice_direct+0x10/0x10 [ 295.040827][ T31] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 295.046772][ T31] ? rw_verify_area+0x258/0x650 [ 295.051733][ T31] do_sendfile+0x4da/0x7e0 [ 295.056200][ T31] ? __pfx_do_sendfile+0x10/0x10 [ 295.061226][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 295.066473][ T31] ? ptrace_notify+0x22d/0x2c0 [ 295.071364][ T31] __se_sys_sendfile64+0x13e/0x190 [ 295.076539][ T31] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 295.082263][ T31] ? rcu_is_watching+0x15/0xb0 [ 295.087120][ T31] do_syscall_64+0xfa/0x3b0 [ 295.091737][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.097850][ T31] ? __switch_to_asm+0x39/0x70 [ 295.102744][ T31] ? clear_bhb_loop+0x60/0xb0 [ 295.107469][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.113448][ T31] RIP: 0033:0x7f4daeaa3509 [ 295.117903][ T31] RSP: 002b:00007f4daea37218 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 295.126410][ T31] RAX: ffffffffffffffda RBX: 00007f4daeb30618 RCX: 00007f4daeaa3509 [ 295.134488][ T31] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 295.142541][ T31] RBP: 00007f4daeb30610 R08: 0000000000000000 R09: 0000000000000000 [ 295.150594][ T31] R10: 000000000e3aa6ea R11: 0000000000000246 R12: 00007f4daeafcb48 [ 295.158591][ T31] R13: 0031656c69662f2e R14: 0000200000000240 R15: 0000200000000040 [ 295.166713][ T31] [ 295.170022][ T31] [ 295.170022][ T31] Showing all locks held in the system: [ 295.177766][ T31] 1 lock held by khungtaskd/31: [ 295.182714][ T31] #0: ffffffff8e13ed60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 295.192807][ T31] 2 locks held by getty/5584: [ 295.197506][ T31] #0: ffff88814dc680a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 295.207431][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 295.217675][ T31] 1 lock held by syz-executor405/5830: [ 295.223237][ T31] #0: ffff888034a78428 (sb_writers#8){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160 [ 295.233032][ T31] 1 lock held by syz-executor405/5842: [ 295.238522][ T31] #0: ffff88806c5982e8 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_order+0x445/0xc70 [ 295.249524][ T31] [ 295.251906][ T31] ============================================= [ 295.251906][ T31] [ 295.260481][ T31] NMI backtrace for cpu 1 [ 295.260527][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 295.260550][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.260563][ T31] Call Trace: [ 295.260573][ T31] [ 295.260582][ T31] dump_stack_lvl+0x189/0x250 [ 295.260627][ T31] ? __wake_up_klogd+0xd9/0x110 [ 295.260663][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.260694][ T31] ? __pfx__printk+0x10/0x10 [ 295.260735][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 295.260775][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 295.260799][ T31] ? _printk+0xcf/0x120 [ 295.260824][ T31] ? __pfx__printk+0x10/0x10 [ 295.260848][ T31] ? debug_show_all_locks+0x2e/0x180 [ 295.260880][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 295.260918][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 295.260950][ T31] watchdog+0xfee/0x1030 [ 295.261001][ T31] ? watchdog+0x1de/0x1030 [ 295.261037][ T31] kthread+0x70e/0x8a0 [ 295.261065][ T31] ? __pfx_watchdog+0x10/0x10 [ 295.261090][ T31] ? __pfx_kthread+0x10/0x10 [ 295.261115][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.261153][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.261183][ T31] ? __pfx_kthread+0x10/0x10 [ 295.261207][ T31] ret_from_fork+0x3fc/0x770 [ 295.261251][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 295.261287][ T31] ? __switch_to_asm+0x39/0x70 [ 295.261306][ T31] ? __switch_to_asm+0x33/0x70 [ 295.261325][ T31] ? __pfx_kthread+0x10/0x10 [ 295.261349][ T31] ret_from_fork_asm+0x1a/0x30 [ 295.261391][ T31] [ 295.261399][ T31] Sending NMI from CPU 1 to CPUs 0: [ 295.422588][ C0] NMI backtrace for cpu 0 [ 295.422617][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 295.422639][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.422651][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 295.422697][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 f6 28 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 295.422722][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c6 [ 295.422738][ C0] RAX: 0c7705bb82258100 RBX: ffffffff81975c68 RCX: 0c7705bb82258100 [ 295.422753][ C0] RDX: 0000000000000001 RSI: ffffffff8d96e7d3 RDI: ffffffff8be1b680 [ 295.422765][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 295.422779][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8f9fe2f0 [ 295.422793][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a50 [ 295.422805][ C0] FS: 0000000000000000(0000) GS:ffff888125c85000(0000) knlGS:0000000000000000 [ 295.422819][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 295.422831][ C0] CR2: 000055ed86da7660 CR3: 000000000df38000 CR4: 00000000003526f0 [ 295.422846][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 295.422856][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 295.422868][ C0] Call Trace: [ 295.422877][ C0] [ 295.422885][ C0] default_idle+0x13/0x20 [ 295.422903][ C0] default_idle_call+0x74/0xb0 [ 295.422923][ C0] do_idle+0x1e8/0x510 [ 295.422962][ C0] ? __pfx_do_idle+0x10/0x10 [ 295.422988][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.423014][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 295.423039][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 295.423067][ C0] cpu_startup_entry+0x44/0x60 [ 295.423093][ C0] rest_init+0x2de/0x300 [ 295.423112][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 295.423192][ C0] start_kernel+0x47d/0x500 [ 295.423227][ C0] x86_64_start_reservations+0x24/0x30 [ 295.423248][ C0] x86_64_start_kernel+0x143/0x1c0 [ 295.423267][ C0] common_startup_64+0x13e/0x147 [ 295.423303][ C0] [ 295.423564][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 295.423596][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller #0 PREEMPT(full) [ 295.423625][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.423641][ T31] Call Trace: [ 295.423653][ T31] [ 295.423670][ T31] dump_stack_lvl+0x99/0x250 [ 295.423712][ T31] ? __asan_memcpy+0x40/0x70 [ 295.423740][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.423777][ T31] ? __pfx__printk+0x10/0x10 [ 295.423817][ T31] panic+0x2db/0x790 [ 295.423860][ T31] ? __pfx_panic+0x10/0x10 [ 295.423895][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 295.423949][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 295.423981][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 295.424027][ T31] watchdog+0x102d/0x1030 [ 295.424064][ T31] ? watchdog+0x1de/0x1030 [ 295.424105][ T31] kthread+0x70e/0x8a0 [ 295.424145][ T31] ? __pfx_watchdog+0x10/0x10 [ 295.424176][ T31] ? __pfx_kthread+0x10/0x10 [ 295.424205][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.424244][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.424278][ T31] ? __pfx_kthread+0x10/0x10 [ 295.424306][ T31] ret_from_fork+0x3fc/0x770 [ 295.424343][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 295.424383][ T31] ? __switch_to_asm+0x39/0x70 [ 295.424405][ T31] ? __switch_to_asm+0x33/0x70 [ 295.424428][ T31] ? __pfx_kthread+0x10/0x10 [ 295.424456][ T31] ret_from_fork_asm+0x1a/0x30 [ 295.424499][ T31] [ 295.790252][ T31] Kernel Offset: disabled [ 295.794633][ T31] Rebooting in 86400 seconds..