./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1943289891 <...> Warning: Permanently added '10.128.10.0' (ED25519) to the list of known hosts. execve("./syz-executor1943289891", ["./syz-executor1943289891"], 0x7ffffcc5e930 /* 10 vars */) = 0 brk(NULL) = 0x5555763bf000 brk(0x5555763bfd00) = 0x5555763bfd00 arch_prctl(ARCH_SET_FS, 0x5555763bf380) = 0 set_tid_address(0x5555763bf650) = 5838 set_robust_list(0x5555763bf660, 24) = 0 rseq(0x5555763bfca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor1943289891", 4096) = 28 getrandom("\xb8\x03\x55\xb3\x3d\xc3\xdc\x6d", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x5555763bfd00 brk(0x5555763e0d00) = 0x5555763e0d00 brk(0x5555763e1000) = 0x5555763e1000 mprotect(0x7ff0f5f59000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached [pid 5839] set_robust_list(0x5555763bf660, 24) = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5838] <... clone resumed>, child_tidptr=0x5555763bf650) = 5839 [pid 5839] <... prctl resumed>) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] write(1, "executing program\n", 18executing program ) = 18 [pid 5839] open(NULL, O_RDONLY) = -1 EFAULT (Bad address) [pid 5839] memfd_create("syzkaller", 0) = 3 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff0eda00000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216 [pid 5839] munmap(0x7ff0eda00000, 138412032) = 0 [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5839] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5839] close(3) = 0 [pid 5839] close(4) = 0 [pid 5839] mkdir("./file0", 0777) = 0 [ 129.096933][ T5839] loop0: detected capacity change from 0 to 32768 [ 129.180714][ T5839] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 129.180714][ T5839] allowing incompatible features above 0.0: (unknown version) [ 129.204500][ T5839] bcachefs (loop0): invalid bkey in superblock btree=xattrs level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 2285c34bed0abe32 written 16 min_key 8796093022208:0:0 durability: 0 (invalid extent entry 0000000000000000) [ 129.204523][ T5839] invalid extent entry type (got 7, max 7), deleting [ 129.233841][ T5839] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 129.241970][ T5839] bcachefs (loop0): Version upgrade required: [ 129.241970][ T5839] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 129.241970][ T5839] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 129.241970][ T5839] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 129.319339][ T5839] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree alloc level 0/0 [ 129.319357][ T5839] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 129.319368][ T5839] node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing [ 129.360159][ T5839] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error [ 129.360159][ T5839] btree=alloc level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0 [ 129.390710][ T5839] bcachefs (loop0): accounting_read... done [ 129.397771][ T5839] bcachefs (loop0): alloc_read... done [ 129.403647][ T5839] bcachefs (loop0): snapshots_read... done [ 129.409853][ T5839] bcachefs (loop0): check_allocations... [ 129.413399][ T5839] bcachefs (loop0): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 129.413417][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 129.446582][ T5839] bcachefs (loop0): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 129.446597][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 129.473448][ T5839] bcachefs (loop0): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 129.473463][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 129.500151][ T5839] bcachefs (loop0): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 129.500168][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 129.528827][ T5839] bcachefs (loop0): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 129.528843][ T5839] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 129.555064][ T5839] bcachefs (loop0): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.565296][ T5839] bcachefs (loop0): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.577570][ T5839] bcachefs (loop0): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.587669][ T5839] bcachefs (loop0): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.599087][ T5839] bcachefs (loop0): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.609133][ T5839] bcachefs (loop0): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.620526][ T5839] bcachefs (loop0): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.630499][ T5839] bcachefs (loop0): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.641912][ T5839] bcachefs (loop0): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.651932][ T5839] bcachefs (loop0): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.663697][ T5839] bcachefs (loop0): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.673698][ T5839] bcachefs (loop0): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.685258][ T5839] bcachefs (loop0): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.695246][ T5839] bcachefs (loop0): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.706635][ T5839] bcachefs (loop0): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.716635][ T5839] bcachefs (loop0): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 129.727886][ T5839] bcachefs (loop0): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 129.738321][ T5839] bcachefs (loop0): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 129.750186][ T5839] bcachefs (loop0): bucket 0:16 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.760258][ T5839] bcachefs (loop0): bucket 0:16 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.771816][ T5839] bcachefs (loop0): bucket 0:17 gen 0 has wrong data_type: got free, should be sb, fixing [ 129.771830][ T5839] Ratelimiting new instances of previous error [ 129.788251][ T5839] bcachefs (loop0): bucket 0:17 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 129.788265][ T5839] Ratelimiting new instances of previous error [ 129.814407][ T5839] done [ 129.819040][ T5839] bcachefs (loop0): going read-write [ 129.829618][ T5839] bcachefs (loop0): journal_replay... done [ 129.868362][ T5839] bcachefs (loop0): check_alloc_info... [ 129.870232][ T5839] bcachefs (loop0): hole in alloc btree missing in freespace btree [ 129.870256][ T5839] device 0 buckets 10-16, fixing [ 129.891046][ T5839] bcachefs (loop0): bucket incorrectly unset in need_discard btree [ 129.891060][ T5839] u64s 13 type alloc_v4 0:31:0 len 0 ver 0: [ 129.891068][ T5839] gen 0 oldest_gen 0 data_type need_discard [ 129.891075][ T5839] journal_seq_nonempty 4 [ 129.891082][ T5839] journal_seq_empty 0 [ 129.891089][ T5839] need_discard 1 [ 129.891095][ T5839] need_inc_gen 1 [ 129.891102][ T5839] dirty_sectors 0 [ 129.891108][ T5839] stripe_sectors 0 [ 129.891115][ T5839] cached_sectors 0 [ 129.891122][ T5839] stripe 0 [ 129.891128][ T5839] stripe_redundancy 0 [ 129.891135][ T5839] io_time[READ] 1 [ 129.891141][ T5839] io_time[WRITE] 512 [ 129.891148][ T5839] fragmentation 0 [ 129.891154][ T5839] bp_start 8 [ 129.891161][ T5839] , fixing [ 129.984090][ T5839] done [ 129.988542][ T5839] bcachefs (loop0): check_lrus... done [ 129.995102][ T5839] bcachefs (loop0): check_btree_backpointers... done [ 130.003825][ T5839] bcachefs (loop0): check_backpointers_to_extents... done [ 130.015237][ T5839] bcachefs (loop0): check_extents_to_backpointers... [ 130.016863][ T5839] bcachefs (loop0): scanning for missing backpointers in 5/128 buckets [ 130.033099][ T5839] done [ 130.038430][ T5839] bcachefs (loop0): check_alloc_to_lru_refs... done [ 130.047250][ T5839] bcachefs (loop0): bucket_gens_init... done [ 130.059928][ T5839] bcachefs (loop0): check_snapshot_trees... done [ 130.067433][ T5839] bcachefs (loop0): check_snapshots... [ 130.067973][ T5839] bcachefs (loop0): snapshot points to missing/incorrect tree: [ 130.067985][ T5839] u64s 8 type snapshot 0:4294967295:0 len 0 ver 0: is_subvol 1 deleted 0 parent 0 children 0 0 subvol 1 tree 0, fixing [ 130.102725][ T5839] done [ 130.107554][ T5839] bcachefs (loop0): check_subvols... done [ 130.115157][ T5839] bcachefs (loop0): check_subvol_children... done [ 130.122777][ T5839] bcachefs (loop0): delete_dead_snapshots... done [ 130.130281][ T5839] bcachefs (loop0): check_inodes... done [ 130.138300][ T5839] bcachefs (loop0): check_extents... done [ 130.145623][ T5839] bcachefs (loop0): check_indirect_extents... done [ 130.153355][ T5839] bcachefs (loop0): check_dirents... done [ 130.162998][ T5839] bcachefs (loop0): check_xattrs... done [ 130.170528][ T5839] bcachefs (loop0): check_root... done [ 130.177466][ T5839] bcachefs (loop0): check_unreachable_inodes... done [ 130.185471][ T5839] bcachefs (loop0): check_subvolume_structure... done [ 130.193365][ T5839] bcachefs (loop0): check_directory_structure... done [ 130.201873][ T5839] bcachefs (loop0): check_nlinks... [ 130.202588][ T5839] bcachefs (loop0): inode 536870914 type reg has wrong i_nlink (2780562353, should be 1), fixing [ 130.218720][ T5839] done [ 130.223618][ T5839] bcachefs (loop0): resume_logged_ops... done [ 130.229814][ T5839] bcachefs (loop0): delete_dead_inodes... done [ 130.236569][ T5839] bcachefs (loop0): set_fs_needs_rebalance... done [pid 5839] mount("/dev/loop0", "./file0", "bcachefs", MS_I_VERSION, "18446744073709551615" [pid 5838] kill(-5839, SIGKILL) = 0 [pid 5838] kill(5839, SIGKILL) = 0 [pid 5838] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5838] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5838] getdents64(3, 0x5555763c06f0 /* 2 entries */, 32768) = 48 [pid 5838] getdents64(3, 0x5555763c06f0 /* 0 entries */, 32768) = 0 [pid 5838] close(3) = 0 [ 140.456937][ T5839] flags: replay_done,running,space_low [ 140.456956][ T5839] dirty journal entries: 0/32768 [ 140.456963][ T5839] seq: 25 [ 140.456970][ T5839] seq_ondisk: 25 [ 140.456977][ T5839] last_seq: 26 [ 140.456983][ T5839] last_seq_ondisk: 25 [ 140.456990][ T5839] flushed_seq_ondisk: 25 [ 140.456996][ T5839] watermark: reclaim [ 140.457003][ T5839] each entry reserved: 321 [ 140.457010][ T5839] nr flush writes: 15 [ 140.457017][ T5839] nr noflush writes: 0 [ 140.457023][ T5839] average write size: 2.01 KiB [ 140.457030][ T5839] free buf: 65536 [ 140.457037][ T5839] nr direct reclaim: 0 [ 140.457043][ T5839] nr background reclaim: 2 [ 140.457050][ T5839] reclaim kicked: 0 [ 140.457056][ T5839] reclaim runs in: 0 ms [ 140.457063][ T5839] blocked: 0 [ 140.457069][ T5839] current entry sectors: 128 [ 140.457076][ T5839] current entry error: (No error) [ 140.457082][ T5839] current entry: closed [ 140.457089][ T5839] unwritten entries: [ 140.457095][ T5839] last buf closed [ 140.457101][ T5839] space: [ 140.457107][ T5839] discarded 128:128 [ 140.457114][ T5839] clean ondisk 128:128 [ 140.457120][ T5839] clean 128:128 [ 140.457127][ T5839] total 256:512 [ 140.457134][ T5839] dev 0: [ 140.457139][ T5839] durability 1: [ 140.457145][ T5839] nr 2 [ 140.457152][ T5839] bucket size 256 [ 140.457158][ T5839] available 0:128 [ 140.457165][ T5839] discard_idx 0 [ 140.457171][ T5839] dirty_ondisk 0 (seq 25) [ 140.457178][ T5839] dirty_idx 0 (seq 25) [ 140.457185][ T5839] cur_idx 0 (seq 25) [ 140.457191][ T5839] replicas want 1 need 1 [ 286.367761][ T31] INFO: task syz-executor194:5839 blocked for more than 143 seconds. [ 286.376097][ T31] Not tainted 6.15.0-rc4-syzkaller #0 [ 286.381999][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.390883][ T31] task:syz-executor194 state:D stack:12264 pid:5839 tgid:5839 ppid:5838 task_flags:0x400140 flags:0x00004006 [ 286.403046][ T31] Call Trace: [ 286.406435][ T31] [ 286.409435][ T31] __schedule+0x168f/0x4c70 [ 286.413989][ T31] ? __journal_res_get+0x21b4/0x24f0 [ 286.419339][ T31] ? kasan_save_track+0x3e/0x80 [ 286.424228][ T31] ? bch2_fs_start+0x70b/0xae0 [ 286.429089][ T31] ? __se_sys_mount+0x317/0x410 [ 286.434010][ T31] ? schedule+0x165/0x360 [ 286.438413][ T31] ? __pfx___schedule+0x10/0x10 [ 286.443333][ T31] ? schedule+0x91/0x360 [ 286.447722][ T31] schedule+0x165/0x360 [ 286.451912][ T31] ? __closure_sync+0x113/0x220 [ 286.456836][ T31] __closure_sync+0x163/0x220 [ 286.461702][ T31] ? __pfx___closure_sync+0x10/0x10 [ 286.467004][ T31] bch2_journal_res_get_slowpath+0x88d/0x950 [ 286.473029][ T31] ? __pfx_bch2_journal_res_get_slowpath+0x10/0x10 [ 286.479635][ T31] ? __pfx_closure_sync_fn+0x10/0x10 [ 286.484961][ T31] ? __pfx_closure_sync_fn+0x10/0x10 [ 286.490358][ T31] ? __pfx_closure_sync_fn+0x10/0x10 [ 286.495677][ T31] ? __pfx_journal_res_get_fast+0x10/0x10 [ 286.501457][ T31] ? bch2_journal_flush_pins+0x1e8/0x250 [ 286.507273][ T31] ? _raw_spin_unlock_irq+0x2e/0x50 [ 286.512533][ T31] bch2_journal_res_get+0x14f/0x1f0 [ 286.517812][ T31] __bch2_journal_meta+0x40/0x1d0 [ 286.522891][ T31] bch2_journal_meta+0xf9/0x7f0 [ 286.527841][ T31] bch2_fs_recovery+0x2558/0x37b0 [ 286.532911][ T31] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 286.538367][ T31] ? __lock_acquire+0xaac/0xd20 [ 286.543262][ T31] ? __lock_acquire+0xaac/0xd20 [ 286.548236][ T31] ? percpu_ref_put+0x1e/0x230 [ 286.553194][ T31] ? bch2_get_next_online_dev+0x2d/0x4d0 [ 286.558968][ T31] ? bch2_fs_start+0x65b/0xae0 [ 286.563897][ T31] ? up_write+0x1c4/0x420 [ 286.568316][ T31] bch2_fs_start+0x70b/0xae0 [ 286.572935][ T31] ? __pfx_bch2_fs_start+0x10/0x10 [ 286.578147][ T31] ? percpu_ref_put+0x1e/0x230 [ 286.582948][ T31] ? percpu_ref_put+0x1e/0x230 [ 286.587791][ T31] ? percpu_ref_put+0x188/0x230 [ 286.592679][ T31] bch2_fs_get_tree+0xd99/0x1340 [ 286.597720][ T31] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 286.603125][ T31] ? smack_fs_context_parse_param+0x102/0x170 [ 286.609324][ T31] ? vfs_parse_monolithic_sep+0x2e3/0x310 [ 286.615098][ T31] ? cap_capable+0x11f/0x460 [ 286.619744][ T31] ? bch2_init_fs_context+0x88/0x110 [ 286.625067][ T31] ? safesetid_security_capable+0xa9/0x1a0 [ 286.630955][ T31] vfs_get_tree+0x8f/0x2b0 [ 286.635410][ T31] do_new_mount+0x24a/0xa40 [ 286.640006][ T31] __se_sys_mount+0x317/0x410 [ 286.644802][ T31] ? __pfx___se_sys_mount+0x10/0x10 [ 286.650116][ T31] ? __x64_sys_mount+0x20/0xc0 [ 286.654932][ T31] do_syscall_64+0xf6/0x210 [ 286.659511][ T31] ? clear_bhb_loop+0x45/0xa0 [ 286.664215][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.670192][ T31] RIP: 0033:0x7ff0f5ee20ba [ 286.674648][ T31] RSP: 002b:00007ffc0c3c0b78 EFLAGS: 00000282 ORIG_RAX: 00000000000000a5 [ 286.683168][ T31] RAX: ffffffffffffffda RBX: 00007ffc0c3c0b90 RCX: 00007ff0f5ee20ba [ 286.691225][ T31] RDX: 00002000000000c0 RSI: 0000200000000000 RDI: 00007ffc0c3c0b90 [ 286.699282][ T31] RBP: 00002000000000c0 R08: 00007ffc0c3c0bd0 R09: 0000000000005954 [ 286.707318][ T31] R10: 0000000000800000 R11: 0000000000000282 R12: 0000200000000000 [ 286.715295][ T31] R13: 00007ffc0c3c0bd0 R14: 0000000000000003 R15: 0000000000800000 [ 286.723356][ T31] [ 286.726572][ T31] [ 286.726572][ T31] Showing all locks held in the system: [ 286.734312][ T31] 1 lock held by khungtaskd/31: [ 286.739209][ T31] #0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 286.749201][ T31] 2 locks held by getty/5578: [ 286.753885][ T31] #0: ffff888030e570a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.763761][ T31] #1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 286.773984][ T31] 1 lock held by syz-executor194/5839: [ 286.779534][ T31] #0: ffff8880431da0e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super+0x204/0x970 [ 286.789764][ T31] [ 286.792091][ T31] ============================================= [ 286.792091][ T31] [ 286.800553][ T31] NMI backtrace for cpu 0 [ 286.800577][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 286.800599][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 286.800611][ T31] Call Trace: [ 286.800618][ T31] [ 286.800626][ T31] dump_stack_lvl+0x189/0x250 [ 286.800653][ T31] ? __wake_up_klogd+0xd9/0x110 [ 286.800682][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.800707][ T31] ? __pfx__printk+0x10/0x10 [ 286.800748][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 286.800779][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 286.800804][ T31] ? _printk+0xcf/0x120 [ 286.800838][ T31] ? __pfx__printk+0x10/0x10 [ 286.800869][ T31] ? debug_show_all_locks+0x2e/0x180 [ 286.800894][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 286.800925][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 286.800957][ T31] watchdog+0xfee/0x1030 [ 286.800982][ T31] ? watchdog+0x1de/0x1030 [ 286.801014][ T31] kthread+0x70e/0x8a0 [ 286.801039][ T31] ? __pfx_watchdog+0x10/0x10 [ 286.801061][ T31] ? __pfx_kthread+0x10/0x10 [ 286.801084][ T31] ? __pfx_kthread+0x10/0x10 [ 286.801104][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.801133][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.801164][ T31] ? __pfx_kthread+0x10/0x10 [ 286.801184][ T31] ret_from_fork+0x4b/0x80 [ 286.801201][ T31] ? __pfx_kthread+0x10/0x10 [ 286.801221][ T31] ret_from_fork_asm+0x1a/0x30 [ 286.801266][ T31] [ 286.801274][ T31] Sending NMI from CPU 0 to CPUs 1: [ 286.952293][ C1] NMI backtrace for cpu 1 [ 286.952311][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 286.952330][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 286.952340][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 286.952372][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 7a 19 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 286.952386][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 286.952401][ C1] RAX: 5c32d4eba4f08700 RBX: ffffffff81973cc8 RCX: 5c32d4eba4f08700 [ 286.952414][ C1] RDX: 0000000000000001 RSI: ffffffff8d735765 RDI: ffffffff8bc0fa20 [ 286.952425][ C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b [ 286.952437][ C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7d9f70 [ 286.952450][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038dbb40 [ 286.952461][ C1] FS: 0000000000000000(0000) GS:ffff888126202000(0000) knlGS:0000000000000000 [ 286.952474][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.952485][ C1] CR2: 000055cbe8bb7600 CR3: 000000000dd36000 CR4: 00000000003526f0 [ 286.952500][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 286.952510][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 286.952520][ C1] Call Trace: [ 286.952528][ C1] [ 286.952535][ C1] default_idle+0x13/0x20 [ 286.952554][ C1] default_idle_call+0x74/0xb0 [ 286.952573][ C1] do_idle+0x1e8/0x510 [ 286.952602][ C1] ? __pfx_do_idle+0x10/0x10 [ 286.952624][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 286.952650][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.952675][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 286.952699][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 286.952728][ C1] cpu_startup_entry+0x44/0x60 [ 286.952751][ C1] start_secondary+0x101/0x110 [ 286.952776][ C1] common_startup_64+0x13e/0x147 [ 286.952806][ C1] [ 286.953361][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 287.160460][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc4-syzkaller #0 PREEMPT(full) [ 287.170538][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 287.180602][ T31] Call Trace: [ 287.183886][ T31] [ 287.186826][ T31] dump_stack_lvl+0x99/0x250 [ 287.191454][ T31] ? __asan_memcpy+0x40/0x70 [ 287.196073][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.201297][ T31] ? __pfx__printk+0x10/0x10 [ 287.205918][ T31] panic+0x2db/0x790 [ 287.209832][ T31] ? __pfx_panic+0x10/0x10 [ 287.214299][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 287.220117][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 287.225522][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 287.231697][ T31] watchdog+0x102d/0x1030 [ 287.236039][ T31] ? watchdog+0x1de/0x1030 [ 287.240472][ T31] kthread+0x70e/0x8a0 [ 287.244553][ T31] ? __pfx_watchdog+0x10/0x10 [ 287.249240][ T31] ? __pfx_kthread+0x10/0x10 [ 287.253841][ T31] ? __pfx_kthread+0x10/0x10 [ 287.258443][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.263654][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.268868][ T31] ? __pfx_kthread+0x10/0x10 [ 287.273489][ T31] ret_from_fork+0x4b/0x80 [ 287.277909][ T31] ? __pfx_kthread+0x10/0x10 [ 287.282504][ T31] ret_from_fork_asm+0x1a/0x30 [ 287.287295][ T31] [ 287.290673][ T31] Kernel Offset: disabled [ 287.295010][ T31] Rebooting in 86400 seconds..