./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor4236184651 <...> Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. execve("./syz-executor4236184651", ["./syz-executor4236184651"], 0x7ffe51ca18d0 /* 10 vars */) = 0 brk(NULL) = 0x55555ba64000 brk(0x55555ba64d00) = 0x55555ba64d00 arch_prctl(ARCH_SET_FS, 0x55555ba64380) = 0 set_tid_address(0x55555ba64650) = 5866 set_robust_list(0x55555ba64660, 24) = 0 rseq(0x55555ba64ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor4236184651", 4096) = 28 getrandom("\x04\xf3\xeb\x3a\x31\x25\xb8\xc3", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55555ba64d00 brk(0x55555ba85d00) = 0x55555ba85d00 brk(0x55555ba86000) = 0x55555ba86000 mprotect(0x7fce6d1ff000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5868 attached , child_tidptr=0x55555ba64650) = 5868 [pid 5868] set_robust_list(0x55555ba64660, 24) = 0 [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5868] setpgid(0, 0) = 0 [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5868] write(3, "1000", 4) = 4 [pid 5868] close(3) = 0 executing program [pid 5868] write(1, "executing program\n", 18) = 18 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fce64c00000 [pid 5868] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5868] munmap(0x7fce64c00000, 138412032) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] close(4) = 0 [pid 5868] mkdir("./file1", 0777) = 0 [ 134.927784][ T5868] loop0: detected capacity change from 0 to 256 [pid 5868] mount("/dev/loop0", "./file1", "exfat", MS_LAZYTIME, "errors=continue,") = 0 [pid 5868] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./file1") = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5868] mkdir("./bus", 000) = 0 [pid 5868] rename("./file1", "./bus/file1") = 0 [pid 5868] mkdirat(AT_FDCWD, "./file1", 0700) = 0 [pid 5868] mkdirat(AT_FDCWD, "./file1/file4", 0704) = 0 [ 134.967570][ T5868] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [pid 5868] mkdirat(AT_FDCWD, "./file1/file4/file6", 0700) = 0 [pid 5868] mkdirat(AT_FDCWD, "./file1/file4/file7", 0711) = 0 [pid 5868] renameat2(AT_FDCWD, "./file1/file4/file6", AT_FDCWD, "./file1/file4/file7/file6", 0 [pid 5866] kill(-5868, SIGKILL) = 0 [pid 5866] kill(5868, SIGKILL) = 0 [pid 5866] openat(AT_FDCWD, "/sys/fs/fuse/connections", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5866] newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=0, ...}, AT_EMPTY_PATH) = 0 [pid 5866] getdents64(3, 0x55555ba656f0 /* 2 entries */, 32768) = 48 [pid 5866] getdents64(3, 0x55555ba656f0 /* 0 entries */, 32768) = 0 [pid 5866] close(3) = 0 [ 286.397873][ T31] INFO: task syz-executor423:5868 blocked for more than 143 seconds. [ 286.406127][ T31] Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 [ 286.413753][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 286.422560][ T31] task:syz-executor423 state:D stack:24472 pid:5868 tgid:5868 ppid:5866 task_flags:0x400140 flags:0x00004006 [ 286.434555][ T31] Call Trace: [ 286.437896][ T31] [ 286.440846][ T31] __schedule+0x16a2/0x4cb0 [ 286.445420][ T31] ? __pfx_preempt_schedule_notrace+0x10/0x10 [ 286.451482][ T31] ? schedule+0x165/0x360 [ 286.455850][ T31] ? __pfx___schedule+0x10/0x10 [ 286.460826][ T31] ? schedule+0x91/0x360 [ 286.465193][ T31] schedule+0x165/0x360 [ 286.469413][ T31] schedule_preempt_disabled+0x13/0x30 [ 286.474872][ T31] rwsem_down_write_slowpath+0xbec/0x1030 [ 286.480836][ T31] ? rwsem_down_write_slowpath+0x7ec/0x1030 [ 286.486801][ T31] ? __pfx_rwsem_down_write_slowpath+0x10/0x10 [ 286.492957][ T31] ? __lock_acquire+0xab9/0xd20 [ 286.497871][ T31] ? lock_two_directories+0x16b/0x220 [ 286.503268][ T31] ? mnt_get_write_access+0x68/0x2a0 [ 286.508678][ T31] down_write_nested+0x1b5/0x200 [ 286.513645][ T31] ? __pfx_down_write_nested+0x10/0x10 [ 286.519166][ T31] ? mnt_get_write_access+0x223/0x2a0 [ 286.524571][ T31] lock_two_directories+0x16b/0x220 [ 286.529858][ T31] do_renameat2+0x38a/0xc50 [ 286.534482][ T31] ? __pfx_do_renameat2+0x10/0x10 [ 286.539569][ T31] ? getname_flags+0x1e5/0x540 [ 286.544345][ T31] __x64_sys_renameat2+0xce/0xe0 [ 286.549338][ T31] do_syscall_64+0xfa/0x3b0 [ 286.553848][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.559124][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.565234][ T31] ? clear_bhb_loop+0x60/0xb0 [ 286.569932][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.575887][ T31] RIP: 0033:0x7fce6d18ac59 [ 286.580318][ T31] RSP: 002b:00007ffd5341c978 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 286.588772][ T31] RAX: ffffffffffffffda RBX: 0000200000000140 RCX: 00007fce6d18ac59 [ 286.596804][ T31] RDX: 00000000ffffff9c RSI: 0000200000000580 RDI: 00000000ffffff9c [ 286.604767][ T31] RBP: 0000200000000080 R08: 0000000000000000 R09: 000055555ba654c0 [ 286.612774][ T31] R10: 00002000000005c0 R11: 0000000000000246 R12: 0031656c69662f2e [ 286.620792][ T31] R13: 00007ffd5341cbc8 R14: 431bde82d7b634db R15: 00007fce6d1d303b [ 286.628818][ T31] [ 286.631854][ T31] [ 286.631854][ T31] Showing all locks held in the system: [ 286.639612][ T31] 1 lock held by khungtaskd/31: [ 286.644464][ T31] #0: ffffffff8e13f160 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 286.654437][ T31] 1 lock held by klogd/5196: [ 286.659060][ T31] #0: ffff8880b8739e18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 286.669042][ T31] 2 locks held by getty/5600: [ 286.673725][ T31] #0: ffff888034e3a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 286.683534][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 286.693713][ T31] 4 locks held by syz-executor423/5868: [ 286.699299][ T31] #0: ffff88807b562428 (sb_writers#8){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 286.708519][ T31] #1: ffff88807b562738 (&type->s_vfs_rename_key){+.+.}-{4:4}, at: do_renameat2+0x37f/0xc50 [ 286.718682][ T31] #2: ffff88807e641c60 (&sb->s_type->i_mutex_key#14/1){+.+.}-{4:4}, at: lock_two_directories+0x141/0x220 [ 286.730062][ T31] #3: ffff88807e641c60 (&sb->s_type->i_mutex_key#15/5){+.+.}-{4:4}, at: lock_two_directories+0x16b/0x220 [ 286.741458][ T31] [ 286.743772][ T31] ============================================= [ 286.743772][ T31] [ 286.752258][ T31] NMI backtrace for cpu 0 [ 286.752279][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 286.752294][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.752301][ T31] Call Trace: [ 286.752308][ T31] [ 286.752315][ T31] dump_stack_lvl+0x189/0x250 [ 286.752334][ T31] ? __wake_up_klogd+0xd9/0x110 [ 286.752356][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.752372][ T31] ? __pfx__printk+0x10/0x10 [ 286.752400][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 286.752420][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 286.752437][ T31] ? _printk+0xcf/0x120 [ 286.752458][ T31] ? __pfx__printk+0x10/0x10 [ 286.752476][ T31] ? debug_show_all_locks+0x2e/0x180 [ 286.752491][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 286.752517][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 286.752540][ T31] watchdog+0xfee/0x1030 [ 286.752565][ T31] ? watchdog+0x1de/0x1030 [ 286.752593][ T31] kthread+0x711/0x8a0 [ 286.752634][ T31] ? __pfx_watchdog+0x10/0x10 [ 286.752655][ T31] ? __pfx_kthread+0x10/0x10 [ 286.752677][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 286.752698][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.752717][ T31] ? __pfx_kthread+0x10/0x10 [ 286.752746][ T31] ret_from_fork+0x3fc/0x770 [ 286.752767][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 286.752790][ T31] ? __switch_to_asm+0x39/0x70 [ 286.752808][ T31] ? __switch_to_asm+0x33/0x70 [ 286.752826][ T31] ? __pfx_kthread+0x10/0x10 [ 286.752848][ T31] ret_from_fork_asm+0x1a/0x30 [ 286.752882][ T31] [ 286.752888][ T31] Sending NMI from CPU 0 to CPUs 1: [ 286.914641][ C1] NMI backtrace for cpu 1 [ 286.914657][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 286.914674][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 286.914684][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 286.914710][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 1d 20 00 f3 0f 1e fa fb f4 88 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 286.914722][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 286.914736][ C1] RAX: 45dc65ebf5011800 RBX: ffffffff81976b68 RCX: 45dc65ebf5011800 [ 286.914747][ C1] RDX: 0000000000000001 RSI: ffffffff8d985220 RDI: ffffffff8be1ca40 [ 286.914758][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 286.914769][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa0c9f0 [ 286.914780][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a57b40 [ 286.914790][ C1] FS: 0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000 [ 286.914802][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 286.914813][ C1] CR2: 000055d85a932660 CR3: 000000000df38000 CR4: 00000000003526f0 [ 286.914827][ C1] Call Trace: [ 286.914835][ C1] [ 286.914841][ C1] default_idle+0x13/0x20 [ 286.914857][ C1] default_idle_call+0x74/0xb0 [ 286.914874][ C1] do_idle+0x1e8/0x510 [ 286.914893][ C1] ? __pfx_do_idle+0x10/0x10 [ 286.914907][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 286.914928][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 286.914948][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 286.914967][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 286.915001][ C1] cpu_startup_entry+0x44/0x60 [ 286.915016][ C1] start_secondary+0x101/0x110 [ 286.915037][ C1] common_startup_64+0x13e/0x147 [ 286.915064][ C1] [ 287.100274][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 287.107129][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-syzkaller-00121-gbc9ff192a6c9 #0 PREEMPT(full) [ 287.118939][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.129001][ T31] Call Trace: [ 287.132280][ T31] [ 287.135206][ T31] dump_stack_lvl+0x99/0x250 [ 287.139798][ T31] ? __asan_memcpy+0x40/0x70 [ 287.144381][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.149570][ T31] ? __pfx__printk+0x10/0x10 [ 287.154168][ T31] panic+0x2db/0x790 [ 287.158057][ T31] ? __pfx_panic+0x10/0x10 [ 287.162466][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 287.168267][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 287.173634][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 287.179796][ T31] watchdog+0x102d/0x1030 [ 287.184125][ T31] ? watchdog+0x1de/0x1030 [ 287.188629][ T31] kthread+0x711/0x8a0 [ 287.192696][ T31] ? __pfx_watchdog+0x10/0x10 [ 287.197370][ T31] ? __pfx_kthread+0x10/0x10 [ 287.201958][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 287.207161][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.212366][ T31] ? __pfx_kthread+0x10/0x10 [ 287.216967][ T31] ret_from_fork+0x3fc/0x770 [ 287.221590][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 287.226711][ T31] ? __switch_to_asm+0x39/0x70 [ 287.231476][ T31] ? __switch_to_asm+0x33/0x70 [ 287.236236][ T31] ? __pfx_kthread+0x10/0x10 [ 287.244078][ T31] ret_from_fork_asm+0x1a/0x30 [ 287.248871][ T31] [ 287.252075][ T31] Kernel Offset: disabled [ 287.256417][ T31] Rebooting in 86400 seconds..