./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor712495898
<...>
Warning: Permanently added '10.128.1.152' (ECDSA) to the list of known hosts.
execve("./syz-executor712495898", ["./syz-executor712495898"], 0x7ffdf1925000 /* 10 vars */) = 0
brk(NULL) = 0x555555efb000
brk(0x555555efbc40) = 0x555555efbc40
arch_prctl(ARCH_SET_FS, 0x555555efb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor712495898", 4096) = 27
brk(0x555555f1cc40) = 0x555555f1cc40
brk(0x555555f1d000) = 0x555555f1d000
mprotect(0x7f1844270000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5063
mkdir("./syzkaller.VlHWe4", 0700) = 0
chmod("./syzkaller.VlHWe4", 0777) = 0
chdir("./syzkaller.VlHWe4") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555efb5d0) = 5064
./strace-static-x86_64: Process 5064 attached
[pid 5064] chdir("./0") = 0
[pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5064] setpgid(0, 0) = 0
[pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5064] write(3, "1000", 4) = 4
[pid 5064] close(3) = 0
[pid 5064] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5064] memfd_create("syzkaller", 0) = 3
[pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f183bdb5000
[pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 21030) = 21030
[pid 5064] munmap(0x7f183bdb5000, 21030) = 0
[pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5064] close(3) = 0
[pid 5064] mkdir("./file0", 0777) = 0
[pid 5064] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_RELATIME, "") = 0
[pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 61.450146][ T5064] loop0: detected capacity change from 0 to 41
[ 61.463915][ T5064] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 61.474943][ T5064] NILFS (loop0): mounting unchecked fs
[ 61.487304][ T5064] NILFS (loop0): recovery complete
[pid 5064] chdir("./file0") = 0
[pid 5064] ioctl(4, LOOP_CLR_FD) = 0
[pid 5064] close(4) = 0
[pid 5064] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5064] exit_group(0) = ?
[pid 5064] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555efc620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 61.495123][ T5066] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 81.303446][ T7] cfg80211: failed to load regulatory.db
[ 286.092152][ T28] INFO: task syz-executor712:5063 blocked for more than 143 seconds.
[ 286.100375][ T28] Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 286.108792][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 286.117564][ T28] task:syz-executor712 state:D stack:24944 pid:5063 ppid:5060 flags:0x00004002
[ 286.127333][ T28] Call Trace:
[ 286.130652][ T28]
[ 286.134008][ T28] __schedule+0x1409/0x43f0
[ 286.138732][ T28] ? print_irqtrace_events+0x220/0x220
[ 286.144639][ T28] ? do_raw_spin_unlock+0x13b/0x8b0
[ 286.149904][ T28] ? _raw_spin_unlock_irqrestore+0x8f/0x140
[ 286.156246][ T28] ? release_firmware_map_entry+0x190/0x190
[ 286.162485][ T28] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 286.168433][ T28] ? __might_sleep+0xc0/0xc0
[ 286.173543][ T28] ? do_raw_spin_unlock+0x13b/0x8b0
[ 286.178795][ T28] ? prepare_to_wait_event+0x3b2/0x3f0
[ 286.184667][ T28] schedule+0xc3/0x190
[ 286.188794][ T28] wb_wait_for_completion+0x166/0x290
[ 286.194635][ T28] ? __bpf_trace_writeback_inode_template+0x20/0x20
[ 286.201277][ T28] ? wake_bit_function+0x220/0x220
[ 286.206806][ T28] ? up_write+0x1a1/0x580
[ 286.211210][ T28] sync_inodes_sb+0x2b3/0xa70
[ 286.216503][ T28] ? filemap_fdatawrite_wbc+0xb3/0x180
[ 286.222428][ T28] ? filemap_flush+0x11e/0x170
[ 286.227283][ T28] ? try_to_writeback_inodes_sb+0xc0/0xc0
[ 286.233381][ T28] ? nilfs_sync_fs+0x5c8/0x760
[ 286.238260][ T28] ? get_nr_dirty_inodes+0x2af/0x2e0
[ 286.243975][ T28] sync_filesystem+0x16f/0x220
[ 286.248792][ T28] generic_shutdown_super+0x6f/0x310
[ 286.254510][ T28] kill_block_super+0x7e/0xe0
[ 286.259257][ T28] deactivate_locked_super+0xa4/0x110
[ 286.265024][ T28] cleanup_mnt+0x490/0x520
[ 286.269532][ T28] ? lockdep_hardirqs_on+0x98/0x140
[ 286.275197][ T28] task_work_run+0x24a/0x300
[ 286.279893][ T28] ? dput+0x36b/0x3f0
[ 286.284339][ T28] ? task_work_cancel+0x2b0/0x2b0
[ 286.289419][ T28] ptrace_notify+0x2a2/0x350
[ 286.294516][ T28] ? do_notify_parent+0xf60/0xf60
[ 286.299590][ T28] ? user_path_at_empty+0x12f/0x180
[ 286.305164][ T28] ? __x64_sys_umount+0x126/0x170
[ 286.310234][ T28] ? path_umount+0xef0/0xef0
[ 286.315228][ T28] ? syscall_enter_from_user_mode+0x32/0x2c0
[ 286.321269][ T28] syscall_exit_to_user_mode+0x171/0x2e0
[ 286.327589][ T28] do_syscall_64+0x4d/0xc0
[ 286.332336][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 286.339234][ T28] RIP: 0033:0x7f1844203c97
[ 286.344073][ T28] RSP: 002b:00007fff0e3376b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 286.352830][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f1844203c97
[ 286.360841][ T28] RDX: 00007fff0e337779 RSI: 000000000000000a RDI: 00007fff0e337770
[ 286.369239][ T28] RBP: 00007fff0e337770 R08: 00000000ffffffff R09: 00007fff0e337550
[ 286.377501][ T28] R10: 0000555555efc653 R11: 0000000000000206 R12: 00007fff0e3387d0
[ 286.385844][ T28] R13: 0000555555efc5f0 R14: 00007fff0e3376e0 R15: 0000000000000001
[ 286.394160][ T28]
[ 286.397273][ T28]
[ 286.397273][ T28] Showing all locks held in the system:
[ 286.405448][ T28] 1 lock held by rcu_tasks_kthre/12:
[ 286.410759][ T28] #0: ffffffff8cf25950 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xce0
[ 286.421728][ T28] 1 lock held by rcu_tasks_trace/13:
[ 286.427317][ T28] #0: ffffffff8cf26150 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xce0
[ 286.438822][ T28] 1 lock held by khungtaskd/28:
[ 286.443968][ T28] #0: ffffffff8cf25780 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[ 286.453618][ T28] 2 locks held by kworker/u4:4/56:
[ 286.458761][ T28] #0: ffff88801751b138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x77f/0x1370
[ 286.469847][ T28] #1: ffffc90001577d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7c6/0x1370
[ 286.482194][ T28] 2 locks held by getty/4738:
[ 286.487061][ T28] #0: ffff888149dda098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 286.497392][ T28] #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6ab/0x1db0
[ 286.507931][ T28] 2 locks held by syz-executor712/5063:
[ 286.513851][ T28] #0: ffff888075c840e0 (&type->s_umount_key#43){+.+.}-{3:3}, at: deactivate_super+0xad/0xf0
[ 286.524504][ T28] #1: ffff8881468727d0 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x294/0xa70
[ 286.534936][ T28] 2 locks held by segctord/5066:
[ 286.539935][ T28]
[ 286.542943][ T28] =============================================
[ 286.542943][ T28]
[ 286.551386][ T28] NMI backtrace for cpu 1
[ 286.555738][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 286.565568][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 286.575647][ T28] Call Trace:
[ 286.578949][ T28]
[ 286.581993][ T28] dump_stack_lvl+0x1e7/0x2d0
[ 286.586723][ T28] ? nf_tcp_handle_invalid+0x640/0x640
[ 286.592308][ T28] ? panic+0x770/0x770
[ 286.596438][ T28] ? nmi_cpu_backtrace+0x256/0x560
[ 286.601792][ T28] nmi_cpu_backtrace+0x4e5/0x560
[ 286.606784][ T28] ? vprintk_emit+0x10d/0x1f0
[ 286.611559][ T28] ? nmi_trigger_cpumask_backtrace+0x3f0/0x3f0
[ 286.617753][ T28] ? _printk+0xd5/0x120
[ 286.621945][ T28] ? panic+0x770/0x770
[ 286.626070][ T28] ? __wake_up_klogd+0xcc/0x100
[ 286.630953][ T28] ? panic+0x770/0x770
[ 286.635081][ T28] ? nmi_trigger_cpumask_backtrace+0xe6/0x3f0
[ 286.641211][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 286.647361][ T28] nmi_trigger_cpumask_backtrace+0x1b4/0x3f0
[ 286.653386][ T28] watchdog+0xf70/0xfb0
[ 286.657617][ T28] kthread+0x270/0x300
[ 286.661711][ T28] ? hungtask_pm_notify+0x90/0x90
[ 286.666862][ T28] ? kthread_blkcg+0xd0/0xd0
[ 286.671657][ T28] ret_from_fork+0x1f/0x30
[ 286.676250][ T28]
[ 286.679409][ T28] Sending NMI from CPU 1 to CPUs 0:
[ 286.684690][ C0] NMI backtrace for cpu 0
[ 286.684700][ C0] CPU: 0 PID: 56 Comm: kworker/u4:4 Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 286.684717][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 286.684726][ C0] Workqueue: writeback wb_workfn (flush-7:0)
[ 286.684749][ C0] RIP: 0010:kasan_check_range+0x4e/0x290
[ 286.684825][ C0] Code: 48 c1 ed 2f 81 fd ff ff 01 00 0f 82 47 02 00 00 48 89 fb 48 c1 eb 03 49 b8 00 00 00 00 00 fc ff df 4e 8d 0c 03 4c 8d 54 37 ff <49> c1 ea 03 49 bb 01 00 00 00 00 fc ff df 4f 8d 34 1a 4c 89 f5 4c
[ 286.684837][ C0] RSP: 0018:ffffc90001576ed8 EFLAGS: 00000a02
[ 286.684849][ C0] RAX: 0000000000000001 RBX: 1ffff920002aedec RCX: ffffffff816c677d
[ 286.684860][ C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90001576f60
[ 286.684869][ C0] RBP: 000000000001ffff R08: dffffc0000000000 R09: fffff520002aedec
[ 286.684879][ C0] R10: ffffc90001576f63 R11: dffffc0000000001 R12: ffff888076201950
[ 286.684890][ C0] R13: 1ffff920002aedec R14: ffffc90001576f60 R15: 1ffff1100ec4032b
[ 286.684901][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 286.684914][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.684924][ C0] CR2: 0000558a49036600 CR3: 00000000274cf000 CR4: 00000000003506f0
[ 286.684937][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 286.684945][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 286.684954][ C0] Call Trace:
[ 286.684958][ C0]
[ 286.684965][ C0] do_raw_spin_lock+0x14d/0x3a0
[ 286.684986][ C0] ? __rwlock_init+0x150/0x150
[ 286.685007][ C0] nilfs_segctor_sync+0xa7/0x5e0
[ 286.685054][ C0] ? __lock_acquire+0x1f80/0x1f80
[ 286.685081][ C0] ? nilfs_flush_segment+0x3d0/0x3d0
[ 286.685108][ C0] ? folio_unlock+0x126/0x2f0
[ 286.685132][ C0] ? nilfs_mdt_write_page+0x126/0x230
[ 286.685150][ C0] __writepage+0x64/0x130
[ 286.685184][ C0] write_cache_pages+0x99a/0x16a0
[ 286.685211][ C0] ? generic_writepages+0x170/0x170
[ 286.685232][ C0] ? tag_pages_for_writeback+0x690/0x690
[ 286.685260][ C0] ? do_writepages+0x3ea/0x670
[ 286.685280][ C0] ? blk_start_plug+0x51/0x110
[ 286.685313][ C0] do_writepages+0x413/0x670
[ 286.685335][ C0] ? __writepage+0x130/0x130
[ 286.685361][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.685410][ C0] ? do_raw_spin_lock+0x14d/0x3a0
[ 286.685431][ C0] __writeback_single_inode+0x1a9/0x1550
[ 286.685454][ C0] writeback_sb_inodes+0x947/0x1360
[ 286.685487][ C0] ? queue_io+0x6e0/0x6e0
[ 286.685504][ C0] ? rcu_read_lock_sched_held+0x8d/0x130
[ 286.685531][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.685559][ C0] ? queue_io+0x476/0x6e0
[ 286.685579][ C0] wb_writeback+0x4ed/0x1030
[ 286.685605][ C0] ? rcu_lock_release+0x30/0x30
[ 286.685627][ C0] ? do_raw_spin_unlock+0x13b/0x8b0
[ 286.685645][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 286.685662][ C0] ? lockdep_hardirqs_on+0x98/0x140
[ 286.685687][ C0] wb_workfn+0x470/0x10e0
[ 286.685713][ C0] ? inode_wait_for_writeback+0x290/0x290
[ 286.685739][ C0] ? rcu_read_lock_sched_held+0x8d/0x130
[ 286.685760][ C0] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.685782][ C0] ? do_raw_spin_unlock+0x13b/0x8b0
[ 286.685799][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 286.685818][ C0] process_one_work+0x8fa/0x1370
[ 286.685845][ C0] ? worker_detach_from_pool+0x260/0x260
[ 286.685865][ C0] ? _raw_spin_lock_irqsave+0x120/0x120
[ 286.685881][ C0] ? kthread_data+0x52/0xc0
[ 286.685906][ C0] ? wq_worker_running+0x9b/0x1a0
[ 286.685922][ C0] worker_thread+0xa63/0x1210
[ 286.685945][ C0] ? _raw_spin_unlock+0x40/0x40
[ 286.685967][ C0] kthread+0x270/0x300
[ 286.685980][ C0] ? rcu_lock_release+0x30/0x30
[ 286.685996][ C0] ? kthread_blkcg+0xd0/0xd0
[ 286.686011][ C0] ret_from_fork+0x1f/0x30
[ 286.686040][ C0]
[ 286.686047][ C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.356 msecs
[ 286.902065][ T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 286.902082][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.2.0-rc8-syzkaller-00021-ge1c04510f521 #0
[ 286.902105][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 286.902118][ T28] Call Trace:
[ 286.902126][ T28]
[ 286.902134][ T28] dump_stack_lvl+0x1e7/0x2d0
[ 286.902174][ T28] ? nf_tcp_handle_invalid+0x640/0x640
[ 286.902204][ T28] ? panic+0x770/0x770
[ 286.902233][ T28] ? vscnprintf+0x5d/0x80
[ 286.902261][ T28] panic+0x31c/0x770
[ 286.902280][ T28] ? schedule_preempt_disabled+0x20/0x20
[ 286.902314][ T28] ? nmi_trigger_cpumask_backtrace+0x2c5/0x3f0
[ 286.902348][ T28] ? memcpy_page_flushcache+0x100/0x100
[ 286.902379][ T28] ? nmi_trigger_cpumask_backtrace+0x2c5/0x3f0
[ 286.902409][ T28] ? nmi_trigger_cpumask_backtrace+0x33e/0x3f0
[ 286.902458][ T28] ? nmi_trigger_cpumask_backtrace+0x343/0x3f0
[ 286.902494][ T28] watchdog+0xfae/0xfb0
[ 286.902534][ T28] kthread+0x270/0x300
[ 286.902554][ T28] ? hungtask_pm_notify+0x90/0x90
[ 286.902573][ T28] ? kthread_blkcg+0xd0/0xd0
[ 286.902597][ T28] ret_from_fork+0x1f/0x30
[ 286.902643][ T28]
[ 286.905910][ T28] Kernel Offset: disabled
[ 287.200202][ T28] Rebooting in 86400 seconds..