./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor786133748

<...>
Warning: Permanently added '10.128.0.151' (ECDSA) to the list of known hosts.
execve("./syz-executor786133748", ["./syz-executor786133748"], 0x7ffd2380dee0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555c23000
brk(0x555555c23c40)                     = 0x555555c23c40
arch_prctl(ARCH_SET_FS, 0x555555c23300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor786133748", 4096) = 27
brk(0x555555c44c40)                     = 0x555555c44c40
brk(0x555555c45000)                     = 0x555555c45000
mprotect(0x7f8f95299000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 5062
mkdir("./syzkaller.HWAnLY", 0700)       = 0
chmod("./syzkaller.HWAnLY", 0777)       = 0
chdir("./syzkaller.HWAnLY")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555c235d0) = 5063
./strace-static-x86_64: Process 5063 attached
[pid  5063] chdir("./0")                = 0
[pid  5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5063] setpgid(0, 0)               = 0
[pid  5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5063] write(3, "1000", 4)         = 4
[pid  5063] close(3)                    = 0
[pid  5063] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5063] memfd_create("syzkaller", 0) = 3
[pid  5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8cdcc000
[pid  5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5063] munmap(0x7f8f8cdcc000, 16777216) = 0
[pid  5063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5063] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5063] close(3)                    = 0
[pid  5063] mkdir("./file1", 0777)      = 0
syzkaller login: [   51.338694][ T5063] loop0: detected capacity change from 0 to 32768
[   51.352536][ T5063] gfs2: fsid=mounts: Trying to join cluster "lock_nolock", "mounts"
[   51.360817][ T5063] gfs2: fsid=mounts: Now mounting FS (format 1801)...
[   51.373833][ T5063] gfs2: fsid=mounts.0: journal 0 mapped with 5 extents in 0ms
[   51.383151][  T893] gfs2: fsid=mounts.0: jid=0, already locked for use
[   51.390016][  T893] gfs2: fsid=mounts.0: jid=0: Looking at journal...
[   51.425242][  T893] gfs2: fsid=mounts.0: jid=0: Journal head lookup took 35ms
[pid  5063] mount("/dev/loop0", "./file1", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_NODIRATIME|MS_LAZYTIME, "hostdata=:,noacl,quota_quantum=0x000000000000001f,locktable=mounts") = 0
[pid  5063] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3
[pid  5063] chdir("./file1")            = 0
[pid  5063] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5063] close(4)                    = 0
[pid  5063] fspick(AT_FDCWD, ".", 0)    = 4
[   51.434325][  T893] gfs2: fsid=mounts.0: jid=0: Done
[   51.439962][ T5063] gfs2: fsid=mounts.0: first mount done, others may mount
[pid  5063] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid  5063] exit_group(0)               = ?
[pid  5063] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=27 /* 0.27 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555c24620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   51.559845][ T5063] gfs2: fsid=mounts.0: found 1 quota changes
[   75.808725][    T7] cfg80211: failed to load regulatory.db
[  285.727066][   T27] INFO: task syz-executor786:5062 blocked for more than 143 seconds.
[  285.735232][   T27]       Not tainted 6.1.0-syzkaller-13052-ged56954cf5a8 #0
[  285.742491][   T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.751274][   T27] task:syz-executor786 state:D stack:26624 pid:5062  ppid:5059   flags:0x00004002
[  285.760590][   T27] Call Trace:
[  285.763873][   T27]  <TASK>
[  285.766801][   T27]  __schedule+0xb8a/0x5450
[  285.771310][   T27]  ? mark_held_locks+0x9f/0xe0
[  285.776063][   T27]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[  285.781933][   T27]  ? __mod_timer+0x8d9/0xe80
[  285.786549][   T27]  ? io_schedule_timeout+0x150/0x150
[  285.791957][   T27]  ? enqueue_timer+0x660/0x660
[  285.796764][   T27]  ? debug_object_free+0x360/0x360
[  285.801943][   T27]  schedule+0xde/0x1b0
[  285.806024][   T27]  schedule_timeout+0x14e/0x2a0
[  285.810913][   T27]  ? usleep_range_state+0x1b0/0x1b0
[  285.816131][   T27]  ? collect_expired_timers+0x200/0x200
[  285.821720][   T27]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[  285.827604][   T27]  ? prepare_to_wait_event+0xd0/0x6a0
[  285.832970][   T27]  gfs2_gl_hash_clear+0x247/0x270
[  285.838034][   T27]  ? gfs2_gl_dq_holders+0x240/0x240
[  285.843250][   T27]  ? gfs2_jindex_free+0x3c1/0x560
[  285.848333][   T27]  ? prepare_to_wait_exclusive+0x2c0/0x2c0
[  285.854158][   T27]  ? gfs2_clear_rgrpd+0x52/0x330
[  285.859367][   T27]  gfs2_put_super+0x497/0x670
[  285.864088][   T27]  ? free_local_statfs_inodes+0x370/0x370
[  285.869887][   T27]  generic_shutdown_super+0x158/0x410
[  285.875483][   T27]  kill_block_super+0x9b/0xf0
[  285.880243][   T27]  gfs2_kill_sb+0x108/0x170
[  285.884767][   T27]  deactivate_locked_super+0x98/0x160
[  285.890204][   T27]  deactivate_super+0xb1/0xd0
[  285.894990][   T27]  cleanup_mnt+0x2ae/0x3d0
[  285.899454][   T27]  task_work_run+0x16f/0x270
[  285.904089][   T27]  ? task_work_cancel+0x30/0x30
[  285.909020][   T27]  ? __x64_sys_umount+0x118/0x190
[  285.914082][   T27]  ptrace_notify+0x118/0x140
[  285.918735][   T27]  syscall_exit_to_user_mode_prepare+0x129/0x280
[  285.925096][   T27]  syscall_exit_to_user_mode+0xd/0x50
[  285.930510][   T27]  do_syscall_64+0x46/0xb0
[  285.934965][   T27]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  285.940908][   T27] RIP: 0033:0x7f8f9521acf7
[  285.945332][   T27] RSP: 002b:00007ffe972267b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  285.953970][   T27] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8f9521acf7
[  285.962022][   T27] RDX: 00007ffe97226879 RSI: 000000000000000a RDI: 00007ffe97226870
[  285.970134][   T27] RBP: 00007ffe97226870 R08: 00000000ffffffff R09: 00007ffe97226650
[  285.978194][   T27] R10: 0000555555c24653 R11: 0000000000000206 R12: 00007ffe972278e0
[  285.986203][   T27] R13: 0000555555c245f0 R14: 00007ffe972267e0 R15: 0000000000000001
[  285.994245][   T27]  </TASK>
[  285.997336][   T27] 
[  285.997336][   T27] Showing all locks held in the system:
[  286.005060][   T27] 1 lock held by rcu_tasks_kthre/12:
[  286.010371][   T27]  #0: ffffffff8c590b70 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[  286.020910][   T27] 1 lock held by rcu_tasks_trace/13:
[  286.026285][   T27]  #0: ffffffff8c590870 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[  286.037285][   T27] 1 lock held by khungtaskd/27:
[  286.042133][   T27]  #0: ffffffff8c5916c0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264
[  286.052046][   T27] 2 locks held by getty/4739:
[  286.056753][   T27]  #0: ffff888029b60098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80
[  286.066734][   T27]  #1: ffffc900015a02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0
[  286.076894][   T27] 1 lock held by syz-executor786/5062:
[  286.082360][   T27]  #0: ffff8880294f80e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0
[  286.092583][   T27] 
[  286.094922][   T27] =============================================
[  286.094922][   T27] 
[  286.103466][   T27] NMI backtrace for cpu 0
[  286.107791][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.1.0-syzkaller-13052-ged56954cf5a8 #0
[  286.117249][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  286.127286][   T27] Call Trace:
[  286.130569][   T27]  <TASK>
[  286.133487][   T27]  dump_stack_lvl+0xd1/0x138
[  286.138085][   T27]  nmi_cpu_backtrace.cold+0x24/0x18a
[  286.143555][   T27]  nmi_trigger_cpumask_backtrace+0x333/0x3c0
[  286.149528][   T27]  ? lapic_can_unplug_cpu+0x80/0x80
[  286.154714][   T27]  watchdog+0xc75/0xfc0
[  286.158870][   T27]  ? proc_dohung_task_timeout_secs+0x80/0x80
[  286.164873][   T27]  kthread+0x2e8/0x3a0
[  286.168937][   T27]  ? kthread_complete_and_exit+0x40/0x40
[  286.174566][   T27]  ret_from_fork+0x1f/0x30
[  286.179097][   T27]  </TASK>
[  286.182194][   T27] Sending NMI from CPU 0 to CPUs 1:
[  286.187513][    C1] NMI backtrace for cpu 1
[  286.187522][    C1] CPU: 1 PID: 46 Comm: kworker/u4:3 Not tainted 6.1.0-syzkaller-13052-ged56954cf5a8 #0
[  286.187537][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  286.187546][    C1] Workqueue: events_unbound toggle_allocation_gate
[  286.187567][    C1] RIP: 0010:__default_send_IPI_dest_field+0x80/0x130
[  286.187591][    C1] Code: 00 c3 5f ff f6 c4 10 75 e2 44 89 e7 c1 e7 18 89 3c 25 10 c3 5f ff 89 f0 09 d8 80 cf 04 83 fe 02 0f 44 c3 89 04 25 00 c3 5f ff <48> 83 c4 08 5b 5d 41 5c c3 48 c7 c0 40 bd f2 8b 48 ba 00 00 00 00
[  286.187603][    C1] RSP: 0018:ffffc90000b778a8 EFLAGS: 00000006
[  286.187612][    C1] RAX: 00000000000008fb RBX: 0000000000000c00 RCX: 0000000000000001
[  286.187620][    C1] RDX: 0000000000000800 RSI: 00000000000000fb RDI: 0000000001000000
[  286.187628][    C1] RBP: fffffbffffebf860 R08: 0000000000000005 R09: 0000000000000001
[  286.187636][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001
[  286.187644][    C1] R13: ffffc90000b77910 R14: 0000000000000002 R15: dffffc0000000000
[  286.187656][    C1] FS:  0000000000000000(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
[  286.187668][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.187677][    C1] CR2: 000055bed656a680 CR3: 000000000c28e000 CR4: 0000000000350ee0
[  286.187686][    C1] Call Trace:
[  286.187689][    C1]  <TASK>
[  286.187693][    C1]  ? trace_hardirqs_off+0x12/0x170
[  286.187707][    C1]  _flat_send_IPI_mask+0x4e/0x60
[  286.187725][    C1]  send_call_function_single_ipi+0x1ed/0x3b0
[  286.187741][    C1]  ? sched_ttwu_pending+0x550/0x550
[  286.187754][    C1]  ? __bitmap_and+0x18c/0x210
[  286.187774][    C1]  ? _find_next_bit+0x11b/0x140
[  286.187790][    C1]  smp_call_function_many_cond+0xe64/0x10a0
[  286.187811][    C1]  ? optimize_nops+0x2d0/0x2d0
[  286.187828][    C1]  ? smp_call_on_cpu+0x250/0x250
[  286.187845][    C1]  ? perf_event_bpf_event+0x4d0/0x4d0
[  286.187861][    C1]  ? text_poke_memset+0x60/0x60
[  286.187877][    C1]  ? optimize_nops+0x2d0/0x2d0
[  286.187892][    C1]  on_each_cpu_cond_mask+0x5a/0xa0
[  286.187909][    C1]  ? __kmem_cache_alloc_node+0x132/0x430
[  286.187923][    C1]  text_poke_bp_batch+0x3f1/0x6b0
[  286.187940][    C1]  ? do_sync_core+0x30/0x30
[  286.187957][    C1]  ? __jump_label_update+0x296/0x410
[  286.187978][    C1]  text_poke_finish+0x1a/0x30
[  286.187994][    C1]  arch_jump_label_transform_apply+0x17/0x30
[  286.188007][    C1]  jump_label_update+0x32f/0x410
[  286.188028][    C1]  static_key_disable_cpuslocked+0x156/0x1b0
[  286.188050][    C1]  static_key_disable+0x1a/0x20
[  286.188070][    C1]  toggle_allocation_gate+0x143/0x230
[  286.188088][    C1]  ? wake_up_kfence_timer+0x30/0x30
[  286.188109][    C1]  process_one_work+0x9bf/0x1710
[  286.188128][    C1]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  286.188145][    C1]  ? rwlock_bug.part.0+0x90/0x90
[  286.188158][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  286.188178][    C1]  worker_thread+0x669/0x1090
[  286.188202][    C1]  ? process_one_work+0x1710/0x1710
[  286.188218][    C1]  kthread+0x2e8/0x3a0
[  286.188230][    C1]  ? kthread_complete_and_exit+0x40/0x40
[  286.188245][    C1]  ret_from_fork+0x1f/0x30
[  286.188266][    C1]  </TASK>
[  286.188508][   T27] Kernel panic - not syncing: hung_task: blocked tasks
[  286.499353][   T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 6.1.0-syzkaller-13052-ged56954cf5a8 #0
[  286.508805][   T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  286.518851][   T27] Call Trace:
[  286.522124][   T27]  <TASK>
[  286.525051][   T27]  dump_stack_lvl+0xd1/0x138
[  286.529840][   T27]  panic+0x2cc/0x626
[  286.533731][   T27]  ? panic_print_sys_info.part.0+0x110/0x110
[  286.539717][   T27]  ? irq_work_claim+0x76/0x90
[  286.544395][   T27]  ? irq_work_queue+0x2d/0x80
[  286.549071][   T27]  ? watchdog.cold+0x130/0x158
[  286.553841][   T27]  watchdog.cold+0x141/0x158
[  286.558445][   T27]  ? proc_dohung_task_timeout_secs+0x80/0x80
[  286.564433][   T27]  kthread+0x2e8/0x3a0
[  286.568497][   T27]  ? kthread_complete_and_exit+0x40/0x40
[  286.574128][   T27]  ret_from_fork+0x1f/0x30
[  286.578555][   T27]  </TASK>
[  286.582405][   T27] Kernel Offset: disabled
[  286.586726][   T27] Rebooting in 86400 seconds..