./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2036257571

<...>
[   19.473238][ T4669] dhcpcd-run-hook (4669) used greatest stack depth: 22296 bytes left
forked to background, child pid 4665
[   20.454524][ T4666] 8021q: adding VLAN 0 to HW filter on device bond0
[   20.463146][ T4666] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.130' (ECDSA) to the list of known hosts.
execve("./syz-executor2036257571", ["./syz-executor2036257571"], 0x7ffc60210280 /* 10 vars */) = 0
brk(NULL)                               = 0x555556dbc000
brk(0x555556dbcc40)                     = 0x555556dbcc40
arch_prctl(ARCH_SET_FS, 0x555556dbc300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2036257571", 4096) = 28
brk(0x555556dddc40)                     = 0x555556dddc40
brk(0x555556dde000)                     = 0x555556dde000
mprotect(0x7f7b49b01000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 4996
mkdir("./syzkaller.mdOfr0", 0700)       = 0
chmod("./syzkaller.mdOfr0", 0777)       = 0
chdir("./syzkaller.mdOfr0")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556dbc5d0) = 4997
./strace-static-x86_64: Process 4997 attached
[pid  4997] chdir("./0")                = 0
[pid  4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4997] setpgid(0, 0)               = 0
[pid  4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4997] write(3, "1000", 4)         = 4
[pid  4997] close(3)                    = 0
[pid  4997] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4997] memfd_create("syzkaller", 0) = 3
[pid  4997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7b41646000
[pid  4997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 21030) = 21030
[pid  4997] munmap(0x7f7b41646000, 21030) = 0
[pid  4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4997] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4997] close(3)                    = 0
[pid  4997] mkdir("./file0", 0777)      = 0
syzkaller login: [   43.778392][ T4997] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4997 'syz-executor203'
[   43.792935][ T4997] loop0: detected capacity change from 0 to 41
[   43.803352][ T4997] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[   43.813066][ T4997] NILFS (loop0): mounting unchecked fs
[   43.822050][ T4997] NILFS (loop0): recovery complete
[pid  4997] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_RELATIME, "") = 0
[pid  4997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4997] chdir("./file0")            = 0
[pid  4997] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4997] close(4)                    = 0
[pid  4997] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 ENOMEM (Cannot allocate memory)
[pid  4997] exit_group(0)               = ?
[pid  4997] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556dbd620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   43.828209][ T4999] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   70.487697][   T26] cfg80211: failed to load regulatory.db
[  285.515730][   T28] INFO: task syz-executor203:4996 blocked for more than 143 seconds.
[  285.523911][   T28]       Not tainted 6.4.0-rc2-syzkaller #0
[  285.530198][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.539084][   T28] task:syz-executor203 state:D stack:24808 pid:4996  ppid:4993   flags:0x00004002
[  285.548472][   T28] Call Trace:
[  285.551752][   T28]  <TASK>
[  285.554696][   T28]  __schedule+0xc9a/0x5880
[  285.559431][   T28]  ? find_held_lock+0x2d/0x110
[  285.564211][   T28]  ? io_schedule_timeout+0x150/0x150
[  285.569713][   T28]  ? mark_held_locks+0x9f/0xe0
[  285.574492][   T28]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[  285.580539][   T28]  ? lockdep_hardirqs_on+0x7d/0x100
[  285.586096][   T28]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[  285.591923][   T28]  schedule+0xde/0x1a0
[  285.596232][   T28]  wb_wait_for_completion+0x182/0x240
[  285.601628][   T28]  ? wb_writeback+0xa50/0xa50
[  285.606522][   T28]  ? prepare_to_swait_exclusive+0x240/0x240
[  285.612431][   T28]  ? rwsem_down_write_slowpath+0x1220/0x1220
[  285.618636][   T28]  ? nilfs_sync_fs+0x34a/0x580
[  285.623407][   T28]  ? I_BDEV+0xd/0x20
[  285.627512][   T28]  sync_inodes_sb+0x1aa/0xa60
[  285.632209][   T28]  ? try_to_writeback_inodes_sb+0xc0/0xc0
[  285.638169][   T28]  ? get_nr_dirty_inodes+0x60/0x1d0
[  285.643390][   T28]  sync_filesystem.part.0+0xe6/0x1d0
[  285.648894][   T28]  sync_filesystem+0x8f/0xc0
[  285.653496][   T28]  generic_shutdown_super+0x74/0x480
[  285.659007][   T28]  kill_block_super+0xa1/0x100
[  285.663789][   T28]  deactivate_locked_super+0x98/0x160
[  285.669373][   T28]  deactivate_super+0xb1/0xd0
[  285.674062][   T28]  cleanup_mnt+0x2ae/0x3d0
[  285.678700][   T28]  task_work_run+0x16f/0x270
[  285.683299][   T28]  ? task_work_cancel+0x30/0x30
[  285.688361][   T28]  ? __x64_sys_umount+0x118/0x190
[  285.693399][   T28]  ptrace_notify+0x118/0x140
[  285.698422][   T28]  syscall_exit_to_user_mode_prepare+0x129/0x220
[  285.704769][   T28]  syscall_exit_to_user_mode+0xd/0x50
[  285.710364][   T28]  do_syscall_64+0x46/0xb0
[  285.714804][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  285.720932][   T28] RIP: 0033:0x7f7b49a94c97
[  285.725353][   T28] RSP: 002b:00007ffd7de03a98 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  285.733981][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7b49a94c97
[  285.742328][   T28] RDX: 00007ffd7de03b59 RSI: 000000000000000a RDI: 00007ffd7de03b50
[  285.750456][   T28] RBP: 00007ffd7de03b50 R08: 00000000ffffffff R09: 00007ffd7de03930
[  285.758641][   T28] R10: 0000555556dbd653 R11: 0000000000000202 R12: 00007ffd7de04bb0
[  285.766777][   T28] R13: 0000555556dbd5f0 R14: 00007ffd7de03ac0 R15: 0000000000000001
[  285.774777][   T28]  </TASK>
[  285.778050][   T28] 
[  285.778050][   T28] Showing all locks held in the system:
[  285.785979][   T28] 2 locks held by kworker/u4:1/12:
[  285.791089][   T28]  #0: ffff88801967e938 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x883/0x15e0
[  285.801987][   T28]  #1: ffffc90000117db0 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x8b7/0x15e0
[  285.814246][   T28] 1 lock held by rcu_tasks_kthre/13:
[  285.819679][   T28]  #0: ffffffff8c798430 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80
[  285.830305][   T28] 1 lock held by rcu_tasks_trace/14:
[  285.835765][   T28]  #0: ffffffff8c798130 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80
[  285.846947][   T28] 1 lock held by khungtaskd/28:
[  285.851799][   T28]  #0: ffffffff8c799040 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[  285.862106][   T28] 2 locks held by getty/4748:
[  285.866949][   T28]  #0: ffff888027dc3098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80
[  285.876892][   T28]  #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0
[  285.887158][   T28] 2 locks held by syz-executor203/4996:
[  285.892730][   T28]  #0: ffff88802b31a0e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0
[  285.903134][   T28]  #1: ffff88801ee6c7d0 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x190/0xa60
[  285.913416][   T28] 3 locks held by segctord/4999:
[  285.918706][   T28] 
[  285.921035][   T28] =============================================
[  285.921035][   T28] 
[  285.929784][   T28] NMI backtrace for cpu 0
[  285.934115][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-syzkaller #0
[  285.942180][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[  285.952233][   T28] Call Trace:
[  285.955515][   T28]  <TASK>
[  285.958449][   T28]  dump_stack_lvl+0xd9/0x150
[  285.963059][   T28]  nmi_cpu_backtrace+0x29c/0x350
[  285.968470][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  285.973689][   T28]  nmi_trigger_cpumask_backtrace+0x2a4/0x300
[  285.979694][   T28]  watchdog+0xe16/0x1090
[  285.983951][   T28]  ? proc_dohung_task_timeout_secs+0x80/0x80
[  285.989944][   T28]  kthread+0x344/0x440
[  285.994016][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  285.999656][   T28]  ret_from_fork+0x1f/0x30
[  286.004092][   T28]  </TASK>
[  286.007211][   T28] Sending NMI from CPU 0 to CPUs 1:
[  286.012424][    C1] NMI backtrace for cpu 1
[  286.012432][    C1] CPU: 1 PID: 12 Comm: kworker/u4:1 Not tainted 6.4.0-rc2-syzkaller #0
[  286.012445][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[  286.012453][    C1] Workqueue: writeback wb_workfn (flush-7:0)
[  286.012476][    C1] RIP: 0010:__lock_acquire+0x711/0x5df0
[  286.012495][    C1] Code: 20 66 81 e2 ff 1f 0f b7 da be 08 00 00 00 48 89 d8 48 c1 e8 06 48 8d 3c c5 00 8d 52 91 e8 67 8e 71 00 48 0f a3 1d bf 0a ed 0f <0f> 82 3f ff ff ff 48 c7 c0 00 74 df 91 48 c1 e8 03 42 0f b6 14 38
[  286.012506][    C1] RSP: 0018:ffffc90000117280 EFLAGS: 00000047
[  286.012515][    C1] RAX: 0000000000000001 RBX: 00000000000005b0 RCX: ffffffff81658239
[  286.012523][    C1] RDX: fffffbfff22a51b7 RSI: 0000000000000008 RDI: ffffffff91528db0
[  286.012531][    C1] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffffff91528db7
[  286.012538][    C1] R10: fffffbfff22a51b6 R11: 0000000000000000 R12: 0000000000000000
[  286.012546][    C1] R13: ffff888014a65940 R14: ffff888014a66408 R15: dffffc0000000000
[  286.012556][    C1] FS:  0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[  286.012568][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.012576][    C1] CR2: 000055b7a9ec0690 CR3: 000000000c571000 CR4: 0000000000350ee0
[  286.012584][    C1] Call Trace:
[  286.012588][    C1]  <TASK>
[  286.012595][    C1]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  286.012613][    C1]  ? print_usage_bug.part.0+0x660/0x660
[  286.012629][    C1]  ? mark_lock.part.0+0xee/0x1970
[  286.012646][    C1]  lock_acquire+0x1b1/0x520
[  286.012662][    C1]  ? __folio_mark_dirty+0x2b/0xdf0
[  286.012678][    C1]  ? lock_sync+0x190/0x190
[  286.012693][    C1]  ? folio_memcg_lock+0x133/0x640
[  286.012712][    C1]  ? lock_downgrade+0x690/0x690
[  286.012729][    C1]  ? _raw_spin_lock_irqsave+0x52/0x60
[  286.012748][    C1]  _raw_spin_lock_irqsave+0x3d/0x60
[  286.012765][    C1]  ? __folio_mark_dirty+0x2b/0xdf0
[  286.012778][    C1]  __folio_mark_dirty+0x2b/0xdf0
[  286.012793][    C1]  filemap_dirty_folio+0xa0/0x130
[  286.012812][    C1]  folio_redirty_for_writepage+0xdc/0x120
[  286.012828][    C1]  nilfs_mdt_write_page+0xd3/0x280
[  286.012842][    C1]  writepage_cb+0x64/0x180
[  286.012855][    C1]  write_cache_pages+0x4a2/0xd30
[  286.012868][    C1]  ? dirty_background_bytes_handler+0x80/0x80
[  286.012883][    C1]  ? folio_clear_dirty_for_io+0x770/0x770
[  286.012898][    C1]  ? lockdep_hardirqs_on+0x7d/0x100
[  286.012912][    C1]  ? drop_slab+0x2a0/0x2a0
[  286.012926][    C1]  ? prepare_to_swait_exclusive+0x240/0x240
[  286.012943][    C1]  ? blk_finish_plug+0xe/0x170
[  286.012959][    C1]  ? blk_finish_plug+0xe/0x170
[  286.012974][    C1]  do_writepages+0x2b1/0x640
[  286.012988][    C1]  ? writeback_set_ratelimit+0x150/0x150
[  286.013002][    C1]  ? lock_downgrade+0x690/0x690
[  286.013019][    C1]  ? writeback_sb_inodes+0x3b6/0xe70
[  286.013036][    C1]  ? lock_downgrade+0x690/0x690
[  286.013052][    C1]  ? do_raw_spin_lock+0x124/0x2b0
[  286.013071][    C1]  __writeback_single_inode+0x121/0xdb0
[  286.013088][    C1]  ? wbc_attach_and_unlock_inode+0x4d0/0x910
[  286.013107][    C1]  writeback_sb_inodes+0x54d/0xe70
[  286.013127][    C1]  ? sync_inode_metadata+0xe0/0xe0
[  286.013146][    C1]  ? rcu_is_watching+0x12/0xb0
[  286.013166][    C1]  ? queue_io+0x386/0x4e0
[  286.013182][    C1]  wb_writeback+0x294/0xa50
[  286.013200][    C1]  ? __writeback_inodes_wb+0x280/0x280
[  286.013218][    C1]  ? lock_downgrade+0x690/0x690
[  286.013235][    C1]  ? mark_held_locks+0x9f/0xe0
[  286.013250][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.013268][    C1]  wb_workfn+0x2a5/0xfc0
[  286.013287][    C1]  ? inode_wait_for_writeback+0x40/0x40
[  286.013311][    C1]  ? lock_sync+0x190/0x190
[  286.013326][    C1]  ? lock_downgrade+0x690/0x690
[  286.013344][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.013361][    C1]  process_one_work+0x99a/0x15e0
[  286.013381][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  286.013399][    C1]  ? spin_bug+0x1c0/0x1c0
[  286.013415][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  286.013432][    C1]  worker_thread+0x67d/0x10c0
[  286.013451][    C1]  ? process_one_work+0x15e0/0x15e0
[  286.013469][    C1]  kthread+0x344/0x440
[  286.013482][    C1]  ? kthread_complete_and_exit+0x40/0x40
[  286.013498][    C1]  ret_from_fork+0x1f/0x30
[  286.013518][    C1]  </TASK>
[  286.013523][    C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.098 msecs
[  286.014835][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  286.438894][   T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-syzkaller #0
[  286.446962][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[  286.457017][   T28] Call Trace:
[  286.460289][   T28]  <TASK>
[  286.463219][   T28]  dump_stack_lvl+0xd9/0x150
[  286.467829][   T28]  panic+0x686/0x730
[  286.471734][   T28]  ? panic_smp_self_stop+0xa0/0xa0
[  286.476863][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  286.482062][   T28]  ? preempt_schedule_thunk+0x1a/0x20
[  286.487449][   T28]  ? watchdog+0xbe8/0x1090
[  286.491879][   T28]  watchdog+0xbf9/0x1090
[  286.496173][   T28]  ? proc_dohung_task_timeout_secs+0x80/0x80
[  286.502161][   T28]  kthread+0x344/0x440
[  286.506319][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  286.511960][   T28]  ret_from_fork+0x1f/0x30
[  286.516391][   T28]  </TASK>
[  286.520440][   T28] Kernel Offset: disabled
[  286.524838][   T28] Rebooting in 86400 seconds..