./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3110550814
<...>
Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts.
execve("./syz-executor3110550814", ["./syz-executor3110550814"], 0x7ffed72d2f60 /* 10 vars */) = 0
brk(NULL) = 0x555555f87000
brk(0x555555f87c40) = 0x555555f87c40
arch_prctl(ARCH_SET_FS, 0x555555f87300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3110550814", 4096) = 28
brk(0x555555fa8c40) = 0x555555fa8c40
brk(0x555555fa9000) = 0x555555fa9000
mprotect(0x7fbf769d0000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5068
mkdir("./syzkaller.s8tsZn", 0700) = 0
chmod("./syzkaller.s8tsZn", 0777) = 0
chdir("./syzkaller.s8tsZn") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555f875d0) = 5069
./strace-static-x86_64: Process 5069 attached
[pid 5069] chdir("./0") = 0
[pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5069] setpgid(0, 0) = 0
[pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5069] write(3, "1000", 4) = 4
[pid 5069] close(3) = 0
[pid 5069] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5069] memfd_create("syzkaller", 0) = 3
[pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbf6e50a000
[pid 5069] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00"..., 33554432) = 33554432
[pid 5069] munmap(0x7fbf6e50a000, 33554432) = 0
[pid 5069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5069] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5069] close(3) = 0
[pid 5069] mkdir("./file0", 0777) = 0
syzkaller login: [ 50.515643][ T5069] loop0: detected capacity change from 0 to 65536
[ 50.530749][ T5069] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 50.541388][ T5069] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 50.551460][ T5069] XFS (loop0): Log size 256 blocks too small, minimum size is 2880 blocks
[ 50.560308][ T5069] XFS (loop0): Log size out of supported range.
[ 50.567023][ T5069] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report.
[ 50.605973][ T5069] XFS (loop0): Starting recovery (logdev: internal)
[pid 5069] mount("/dev/loop0", "./file0", "xfs", MS_RDONLY|MS_NOSUID, ",nouuid") = 0
[pid 5069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5069] chdir("./file0") = 0
[pid 5069] ioctl(4, LOOP_CLR_FD) = 0
[pid 5069] close(4) = 0
[pid 5069] exit_group(0) = ?
[pid 5069] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=31 /* 0.31 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555f88620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 50.618064][ T5069] XFS (loop0): Ending recovery (logdev: internal)
[ 50.643692][ T5068] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 76.215334][ T900] cfg80211: failed to load regulatory.db
[ 286.133979][ T28] INFO: task syz-executor311:5068 blocked for more than 143 seconds.
[ 286.142150][ T28] Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 286.149394][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 286.158203][ T28] task:syz-executor311 state:D stack:20840 pid:5068 ppid:5065 flags:0x00004002
[ 286.167663][ T28] Call Trace:
[ 286.170955][ T28]
[ 286.174143][ T28] __schedule+0x995/0xe20
[ 286.178636][ T28] ? release_firmware_map_entry+0x180/0x180
[ 286.184771][ T28] ? rcu_read_lock_sched_held+0x87/0x110
[ 286.190516][ T28] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.196670][ T28] ? do_raw_spin_unlock+0x134/0x8a0
[ 286.201935][ T28] schedule+0xcb/0x190
[ 286.206195][ T28] xlog_grant_head_wait+0x317/0x530
[ 286.211464][ T28] xlog_grant_head_check+0x28c/0x470
[ 286.217046][ T28] ? trace_xfs_log_regrant+0x2f0/0x2f0
[ 286.222532][ T28] xfs_log_reserve+0x310/0x6f0
[ 286.227468][ T28] ? trace_xfs_log_regrant_exit+0x2f0/0x2f0
[ 286.233380][ T28] ? rcu_read_lock_sched_held+0x87/0x110
[ 286.239172][ T28] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.245302][ T28] ? xfs_trans_alloc+0x81/0x610
[ 286.250172][ T28] xfs_trans_reserve+0x231/0x690
[ 286.255277][ T28] xfs_trans_alloc+0x410/0x610
[ 286.260063][ T28] xfs_sync_sb+0x89/0x170
[ 286.264733][ T28] ? xfs_log_sb+0x1b0/0x1b0
[ 286.269275][ T28] ? do_raw_spin_unlock+0x134/0x8a0
[ 286.274550][ T28] xfs_log_quiesce+0x396/0x660
[ 286.279426][ T28] xfs_log_clean+0xa0/0x970
[ 286.284208][ T28] ? mark_lock+0x9a/0x350
[ 286.288576][ T28] ? xfs_log_quiesce+0x660/0x660
[ 286.293532][ T28] ? lockdep_hardirqs_on_prepare+0x428/0x790
[ 286.299756][ T28] ? print_irqtrace_events+0x220/0x220
[ 286.307046][ T28] ? do_raw_spin_unlock+0x134/0x8a0
[ 286.312281][ T28] ? _raw_spin_unlock_irqrestore+0x8b/0x120
[ 286.318385][ T28] ? lockdep_hardirqs_on+0x8d/0x130
[ 286.323637][ T28] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 286.329768][ T28] ? _raw_spin_unlock+0x40/0x40
[ 286.334786][ T28] ? _find_next_bit+0x134/0x140
[ 286.339677][ T28] xfs_log_unmount+0x28/0x1d0
[ 286.344536][ T28] xfs_unmountfs+0x1d6/0x280
[ 286.349142][ T28] ? xfs_uuid_unmount+0x160/0x160
[ 286.354317][ T28] ? xfs_fs_put_super+0x6a/0x2d0
[ 286.359278][ T28] ? __kmem_cache_free+0x71/0x110
[ 286.364486][ T28] ? xfs_fs_drop_inode+0xe0/0xe0
[ 286.369439][ T28] xfs_fs_put_super+0x72/0x2d0
[ 286.374344][ T28] ? generic_shutdown_super+0x12b/0x310
[ 286.379979][ T28] ? xfs_fs_drop_inode+0xe0/0xe0
[ 286.385257][ T28] generic_shutdown_super+0x130/0x310
[ 286.390661][ T28] kill_block_super+0x79/0xd0
[ 286.395588][ T28] deactivate_locked_super+0xa7/0xf0
[ 286.401002][ T28] cleanup_mnt+0x494/0x520
[ 286.405618][ T28] ? lockdep_hardirqs_on+0x8d/0x130
[ 286.410829][ T28] task_work_run+0x243/0x300
[ 286.415632][ T28] ? task_work_cancel+0x290/0x290
[ 286.420675][ T28] ? path_umount+0x1e0/0xf90
[ 286.425424][ T28] ptrace_notify+0x29a/0x340
[ 286.430091][ T28] ? do_notify_parent+0xe00/0xe00
[ 286.435309][ T28] ? user_path_at_empty+0x149/0x1a0
[ 286.440588][ T28] ? __x64_sys_umount+0x113/0x150
[ 286.445832][ T28] syscall_exit_work+0x8c/0xe0
[ 286.450654][ T28] syscall_exit_to_user_mode_prepare+0x63/0xc0
[ 286.457019][ T28] syscall_exit_to_user_mode+0xa/0x60
[ 286.462407][ T28] do_syscall_64+0x49/0xb0
[ 286.466996][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 286.472976][ T28] RIP: 0033:0x7fbf76958c17
[ 286.477526][ T28] RSP: 002b:00007ffc10105898 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 286.486081][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fbf76958c17
[ 286.494238][ T28] RDX: 00007ffc10105959 RSI: 000000000000000a RDI: 00007ffc10105950
[ 286.502214][ T28] RBP: 00007ffc10105950 R08: 00000000ffffffff R09: 00007ffc10105730
[ 286.510496][ T28] R10: 0000555555f88653 R11: 0000000000000202 R12: 00007ffc101069b0
[ 286.519240][ T28] R13: 0000555555f885f0 R14: 00007ffc101058c0 R15: 0000000000000001
[ 286.527336][ T28]
[ 286.530391][ T28]
[ 286.530391][ T28] Showing all locks held in the system:
[ 286.538358][ T28] 1 lock held by rcu_tasks_kthre/12:
[ 286.543646][ T28] #0: ffffffff8d326e90 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00
[ 286.554168][ T28] 1 lock held by rcu_tasks_trace/13:
[ 286.559458][ T28] #0: ffffffff8d327690 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x30/0xd00
[ 286.570463][ T28] 1 lock held by khungtaskd/28:
[ 286.575353][ T28] #0: ffffffff8d326cc0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[ 286.584743][ T28] 2 locks held by getty/4751:
[ 286.589423][ T28] #0: ffff88802c693098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[ 286.599295][ T28] #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x53b/0x1650
[ 286.609445][ T28] 1 lock held by syz-executor311/5068:
[ 286.615072][ T28] #0: ffff88802076a0e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0x96/0xd0
[ 286.625367][ T28]
[ 286.627697][ T28] =============================================
[ 286.627697][ T28]
[ 286.636417][ T28] NMI backtrace for cpu 0
[ 286.640752][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 286.650190][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 286.660317][ T28] Call Trace:
[ 286.663586][ T28]
[ 286.666504][ T28] dump_stack_lvl+0x1b1/0x290
[ 286.671170][ T28] ? preempt_schedule+0xb6/0xc0
[ 286.676008][ T28] ? nf_tcp_handle_invalid+0x630/0x630
[ 286.681453][ T28] ? panic+0x710/0x710
[ 286.685513][ T28] ? nmi_cpu_backtrace+0x205/0x4f0
[ 286.690635][ T28] nmi_cpu_backtrace+0x46f/0x4f0
[ 286.695560][ T28] ? vprintk_emit+0x109/0x1e0
[ 286.700233][ T28] ? nmi_trigger_cpumask_backtrace+0x420/0x420
[ 286.706371][ T28] ? _printk+0xc0/0x100
[ 286.710509][ T28] ? panic+0x710/0x710
[ 286.714565][ T28] ? __wake_up_klogd+0xcd/0x100
[ 286.719402][ T28] ? panic+0x710/0x710
[ 286.723455][ T28] ? nmi_trigger_cpumask_backtrace+0xc9/0x420
[ 286.729512][ T28] nmi_trigger_cpumask_backtrace+0x1ba/0x420
[ 286.735476][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 286.741587][ T28] watchdog+0xcd5/0xd20
[ 286.745878][ T28] kthread+0x266/0x300
[ 286.749959][ T28] ? hungtask_pm_notify+0x50/0x50
[ 286.754968][ T28] ? kthread_blkcg+0xd0/0xd0
[ 286.759545][ T28] ret_from_fork+0x1f/0x30
[ 286.764029][ T28]
[ 286.767208][ T28] Sending NMI from CPU 0 to CPUs 1:
[ 286.772434][ C1] NMI backtrace for cpu 1
[ 286.772443][ C1] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 286.772457][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 286.772465][ C1] Workqueue: events_unbound toggle_allocation_gate
[ 286.772521][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x33/0xa0
[ 286.772541][ C1] Code: 40 98 03 00 65 8b 0d 04 b8 77 7e f7 c1 00 01 ff 00 74 11 f7 c1 00 01 00 00 74 76 83 ba 6c 15 00 00 00 74 6d 8b 8a 48 15 00 00 <83> f9 03 75 62 48 8b 8a 50 15 00 00 44 8b 8a 4c 15 00 00 49 c1 e1
[ 286.772552][ C1] RSP: 0018:ffffc90000b777c0 EFLAGS: 00000246
[ 286.772562][ C1] RAX: 1ffff1100250cb55 RBX: 0000000000000000 RCX: 0000000000000000
[ 286.772570][ C1] RDX: ffff888018319d40 RSI: 0000000000000000 RDI: 0000000000000080
[ 286.772579][ C1] RBP: 0000000012865007 R08: ffffffff81cba417 R09: fffff9400000f049
[ 286.772588][ C1] R10: fffff9400000f049 R11: 1ffffd400000f048 R12: 1ffff1100250c8aa
[ 286.772597][ C1] R13: dffffc0000000000 R14: ffff888012868000 R15: ffff888012865aa8
[ 286.772606][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 286.772617][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.772626][ C1] CR2: 00005609aaa09d90 CR3: 000000000d08e000 CR4: 00000000003506e0
[ 286.772638][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 286.772645][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 286.772653][ C1] Call Trace:
[ 286.772657][ C1]
[ 286.772661][ C1] walk_to_pmd+0x187/0x240
[ 286.772698][ C1] __get_locked_pte+0x24/0x1c0
[ 286.772714][ C1] ? kmem_cache_alloc+0xdd/0x350
[ 286.772727][ C1] __text_poke+0x228/0x900
[ 286.772765][ C1] ? __text_poke+0x900/0x900
[ 286.772779][ C1] ? text_poke+0x90/0x90
[ 286.772792][ C1] ? perf_event_text_poke+0x233/0x310
[ 286.772829][ C1] ? perf_event_bpf_output+0x220/0x220
[ 286.772847][ C1] ? trace_contention_end+0x72/0x1d0
[ 286.772866][ C1] text_poke_bp_batch+0x64c/0x850
[ 286.772880][ C1] ? arch_jump_label_transform_apply+0xe/0x20
[ 286.772917][ C1] ? __kmem_cache_alloc_bulk+0xb5/0x3e0
[ 286.772932][ C1] ? text_poke_loc_init+0x500/0x500
[ 286.772948][ C1] ? __jump_label_update+0x38e/0x3b0
[ 286.772970][ C1] text_poke_finish+0x16/0x30
[ 286.772983][ C1] arch_jump_label_transform_apply+0x13/0x20
[ 286.773002][ C1] static_key_enable_cpuslocked+0x129/0x250
[ 286.773017][ C1] static_key_enable+0x16/0x20
[ 286.773030][ C1] toggle_allocation_gate+0xb1/0x240
[ 286.773045][ C1] ? virt_to_slab+0x2c0/0x2c0
[ 286.773058][ C1] ? rcu_read_lock_sched_held+0x87/0x110
[ 286.773073][ C1] ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 286.773087][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 286.773109][ C1] ? do_raw_spin_unlock+0x134/0x8a0
[ 286.773130][ C1] process_one_work+0x877/0xdb0
[ 286.773154][ C1] ? worker_detach_from_pool+0x260/0x260
[ 286.773173][ C1] ? _raw_spin_lock_irq+0xba/0xf0
[ 286.773190][ C1] ? _raw_spin_lock_irqsave+0x100/0x100
[ 286.773212][ C1] worker_thread+0xb14/0x1330
[ 286.773234][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 286.773259][ C1] kthread+0x266/0x300
[ 286.773272][ C1] ? rcu_lock_release+0x20/0x20
[ 286.773287][ C1] ? kthread_blkcg+0xd0/0xd0
[ 286.773301][ C1] ret_from_fork+0x1f/0x30
[ 286.773325][ C1]
[ 286.773435][ T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 287.104786][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.1.0-syzkaller-14594-g72a85e2b0a1e #0
[ 287.114235][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 287.124283][ T28] Call Trace:
[ 287.127565][ T28]
[ 287.130493][ T28] dump_stack_lvl+0x1b1/0x290
[ 287.135177][ T28] ? nf_tcp_handle_invalid+0x630/0x630
[ 287.140635][ T28] ? panic+0x710/0x710
[ 287.144705][ T28] ? vscnprintf+0x59/0x80
[ 287.149031][ T28] panic+0x2d6/0x710
[ 287.152923][ T28] ? schedule_preempt_disabled+0x20/0x20
[ 287.158555][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420
[ 287.164709][ T28] ? memcpy_page_flushcache+0x100/0x100
[ 287.170253][ T28] ? nmi_trigger_cpumask_backtrace+0x2d0/0x420
[ 287.176403][ T28] ? nmi_trigger_cpumask_backtrace+0x34e/0x420
[ 287.182558][ T28] ? nmi_trigger_cpumask_backtrace+0x353/0x420
[ 287.188711][ T28] ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 287.194774][ T28] watchdog+0xd15/0xd20
[ 287.198959][ T28] kthread+0x266/0x300
[ 287.203035][ T28] ? hungtask_pm_notify+0x50/0x50
[ 287.208068][ T28] ? kthread_blkcg+0xd0/0xd0
[ 287.212674][ T28] ret_from_fork+0x1f/0x30
[ 287.217107][ T28]
[ 287.220276][ T28] Kernel Offset: disabled
[ 287.224603][ T28] Rebooting in 86400 seconds..