./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2977699992
<...>
Warning: Permanently added '10.128.1.134' (ECDSA) to the list of known hosts.
execve("./syz-executor2977699992", ["./syz-executor2977699992"], 0x7ffde0d3da90 /* 10 vars */) = 0
brk(NULL) = 0x555556cfe000
brk(0x555556cfec40) = 0x555556cfec40
arch_prctl(ARCH_SET_FS, 0x555556cfe300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2977699992", 4096) = 28
brk(0x555556d1fc40) = 0x555556d1fc40
brk(0x555556d20000) = 0x555556d20000
mprotect(0x7fcf439f8000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5064
mkdir("./syzkaller.SUCrg7", 0700) = 0
chmod("./syzkaller.SUCrg7", 0777) = 0
chdir("./syzkaller.SUCrg7") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556cfe5d0) = 5066
./strace-static-x86_64: Process 5066 attached
[pid 5066] chdir("./0") = 0
[pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5066] setpgid(0, 0) = 0
[pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5066] write(3, "1000", 4) = 4
[pid 5066] close(3) = 0
[pid 5066] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5066] memfd_create("syzkaller", 0) = 3
[pid 5066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcf3b532000
[pid 5066] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00"..., 33554432) = 33554432
[pid 5066] munmap(0x7fcf3b532000, 33554432) = 0
[pid 5066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5066] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5066] close(3) = 0
[pid 5066] mkdir("./file0", 0777) = 0
syzkaller login: [ 53.176333][ T5066] loop0: detected capacity change from 0 to 65536
[ 53.191008][ T5066] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 53.201401][ T5066] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 53.211422][ T5066] XFS (loop0): Log size 256 blocks too small, minimum size is 2880 blocks
[ 53.219970][ T5066] XFS (loop0): Log size out of supported range.
[ 53.226311][ T5066] XFS (loop0): Continuing onwards, but if log hangs are experienced then please report this message in the bug report.
[pid 5066] mount("/dev/loop0", "./file0", "xfs", MS_RDONLY|MS_NOSUID, ",nouuid") = 0
[pid 5066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5066] chdir("./file0") = 0
[pid 5066] ioctl(4, LOOP_CLR_FD) = 0
[pid 5066] close(4) = 0
[pid 5066] exit_group(0) = ?
[pid 5066] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=31 /* 0.31 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556cff620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 53.271906][ T5066] XFS (loop0): Starting recovery (logdev: internal)
[ 53.284677][ T5066] XFS (loop0): Ending recovery (logdev: internal)
[ 53.316498][ T5064] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 75.746553][ T1539] cfg80211: failed to load regulatory.db
[ 285.665309][ T27] INFO: task syz-executor297:5064 blocked for more than 143 seconds.
[ 285.673492][ T27] Not tainted 6.2.0-rc7-syzkaller-00002-gd2d11f342b17 #0
[ 285.681110][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 285.689883][ T27] task:syz-executor297 state:D stack:26552 pid:5064 ppid:5061 flags:0x00004002
[ 285.699166][ T27] Call Trace:
[ 285.702452][ T27]
[ 285.705430][ T27] __schedule+0xb8a/0x5450
[ 285.709903][ T27] ? find_held_lock+0x2d/0x110
[ 285.714667][ T27] ? io_schedule_timeout+0x150/0x150
[ 285.719988][ T27] ? xlog_grant_head_wait+0x332/0xe00
[ 285.725413][ T27] schedule+0xde/0x1b0
[ 285.729475][ T27] xlog_grant_head_wait+0x159/0xe00
[ 285.734661][ T27] xlog_grant_head_check+0x3d9/0x420
[ 285.739978][ T27] ? xlog_grant_head_wait+0xe00/0xe00
[ 285.745395][ T27] xfs_log_reserve+0x39d/0xb50
[ 285.750152][ T27] ? xlog_ticket_alloc+0x2b0/0x2b0
[ 285.755301][ T27] xfs_trans_reserve+0x479/0x670
[ 285.760263][ T27] xfs_trans_alloc+0x336/0x9b0
[ 285.765019][ T27] xfs_sync_sb+0x83/0x140
[ 285.769416][ T27] ? xfs_log_sb+0x230/0x230
[ 285.773912][ T27] ? do_raw_spin_unlock+0x175/0x230
[ 285.779141][ T27] ? _raw_spin_unlock+0x28/0x40
[ 285.784002][ T27] ? xfs_log_need_covered.isra.0+0x2e/0x1d0
[ 285.789942][ T27] xfs_log_quiesce+0x24d/0x320
[ 285.794732][ T27] xfs_log_unmount+0x22/0x270
[ 285.799721][ T27] xfs_unmountfs+0x151/0x290
[ 285.804344][ T27] ? xfs_default_resblks+0x60/0x60
[ 285.809513][ T27] ? kvfree+0x46/0x50
[ 285.813522][ T27] ? xfs_mru_cache_destroy+0x172/0x200
[ 285.819056][ T27] xfs_fs_put_super+0x7b/0x3b0
[ 285.823929][ T27] ? xfs_fs_free+0xc0/0xc0
[ 285.828396][ T27] generic_shutdown_super+0x158/0x410
[ 285.833790][ T27] kill_block_super+0x9b/0xf0
[ 285.838544][ T27] deactivate_locked_super+0x98/0x160
[ 285.843946][ T27] deactivate_super+0xb1/0xd0
[ 285.848676][ T27] cleanup_mnt+0x2ae/0x3d0
[ 285.853115][ T27] task_work_run+0x16f/0x270
[ 285.857788][ T27] ? task_work_cancel+0x30/0x30
[ 285.862680][ T27] ? __x64_sys_umount+0x118/0x190
[ 285.867757][ T27] ptrace_notify+0x118/0x140
[ 285.872370][ T27] syscall_exit_to_user_mode_prepare+0x129/0x280
[ 285.878769][ T27] syscall_exit_to_user_mode+0xd/0x50
[ 285.884178][ T27] do_syscall_64+0x46/0xb0
[ 285.888651][ T27] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 285.894569][ T27] RIP: 0033:0x7fcf43980c47
[ 285.899244][ T27] RSP: 002b:00007ffde0b82d28 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 285.907731][ T27] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fcf43980c47
[ 285.915846][ T27] RDX: 00007ffde0b82de9 RSI: 000000000000000a RDI: 00007ffde0b82de0
[ 285.923842][ T27] RBP: 00007ffde0b82de0 R08: 00000000ffffffff R09: 00007ffde0b82bc0
[ 285.931898][ T27] R10: 0000555556cff653 R11: 0000000000000206 R12: 00007ffde0b83e40
[ 285.939947][ T27] R13: 0000555556cff5f0 R14: 00007ffde0b82d50 R15: 0000000000000001
[ 285.948001][ T27]
[ 285.951055][ T27]
[ 285.951055][ T27] Showing all locks held in the system:
[ 285.958866][ T27] 1 lock held by rcu_tasks_kthre/12:
[ 285.964155][ T27] #0: ffffffff8c78f7b0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[ 285.974650][ T27] 1 lock held by rcu_tasks_trace/13:
[ 285.979968][ T27] #0: ffffffff8c78f4b0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x26/0xc70
[ 285.990994][ T27] 1 lock held by khungtaskd/27:
[ 285.995871][ T27] #0: ffffffff8c790300 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x57/0x264
[ 286.005796][ T27] 2 locks held by getty/4748:
[ 286.010490][ T27] #0: ffff88802c15b098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80
[ 286.020264][ T27] #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0
[ 286.030441][ T27] 1 lock held by syz-executor297/5064:
[ 286.035932][ T27] #0: ffff88802a9080e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0
[ 286.046387][ T27]
[ 286.048710][ T27] =============================================
[ 286.048710][ T27]
[ 286.057139][ T27] NMI backtrace for cpu 1
[ 286.061467][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.2.0-rc7-syzkaller-00002-gd2d11f342b17 #0
[ 286.071262][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 286.081307][ T27] Call Trace:
[ 286.084576][ T27]
[ 286.087500][ T27] dump_stack_lvl+0xd1/0x138
[ 286.092087][ T27] nmi_cpu_backtrace.cold+0x24/0x18a
[ 286.097374][ T27] nmi_trigger_cpumask_backtrace+0x333/0x3c0
[ 286.103358][ T27] ? lapic_can_unplug_cpu+0x80/0x80
[ 286.108561][ T27] watchdog+0xc75/0xfc0
[ 286.112720][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80
[ 286.118704][ T27] kthread+0x2e8/0x3a0
[ 286.122764][ T27] ? kthread_complete_and_exit+0x40/0x40
[ 286.128428][ T27] ret_from_fork+0x1f/0x30
[ 286.132854][ T27]
[ 286.135963][ T27] Sending NMI from CPU 1 to CPUs 0:
[ 286.141192][ C0] NMI backtrace for cpu 0
[ 286.141201][ C0] CPU: 0 PID: 2805 Comm: kworker/u4:5 Not tainted 6.2.0-rc7-syzkaller-00002-gd2d11f342b17 #0
[ 286.141216][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 286.141224][ C0] Workqueue: 0x0 (events_unbound)
[ 286.141241][ C0] RIP: 0010:load_balance+0x167f/0x2e30
[ 286.141264][ C0] Code: 9d a0 00 00 00 e9 b5 f9 ff ff 83 a4 24 48 01 00 00 fe c7 84 24 c0 00 00 00 00 00 00 00 e9 9d f9 ff ff 4c 8b ac 24 10 01 00 00 62 f6 ff ff 49 8d 7c 24 50 48 89 f8 48 c1 e8 03 42 80 3c 30 00
[ 286.141277][ C0] RSP: 0018:ffffc9000b687930 EFLAGS: 00000002
[ 286.141286][ C0] RAX: 0000000000000001 RBX: ffff8880b993b580 RCX: 0000000000000001
[ 286.141295][ C0] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[ 286.141302][ C0] RBP: ffffc9000b687b10 R08: ffff8880b993bfc8 R09: ffff8880b993c000
[ 286.141311][ C0] R10: fffffbfff1ce6772 R11: ffff8880b993c158 R12: ffff8880b993b580
[ 286.141320][ C0] R13: ffff8880b993b580 R14: dffffc0000000000 R15: ffff8880126bea20
[ 286.141332][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 286.141345][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.141354][ C0] CR2: 000055d9772caa40 CR3: 000000000c48e000 CR4: 0000000000350ef0
[ 286.141363][ C0] Call Trace:
[ 286.141367][ C0]
[ 286.141377][ C0] ? find_busiest_group+0x9f0/0x9f0
[ 286.141403][ C0] newidle_balance+0x72b/0x11d0
[ 286.141426][ C0] ? load_balance+0x2e30/0x2e30
[ 286.141448][ C0] pick_next_task_fair+0x9a/0x12e0
[ 286.141470][ C0] __schedule+0x405/0x5450
[ 286.141491][ C0] ? find_held_lock+0x2d/0x110
[ 286.141510][ C0] ? io_schedule_timeout+0x150/0x150
[ 286.141528][ C0] ? worker_thread+0x15b/0x1090
[ 286.141543][ C0] ? lock_downgrade+0x6e0/0x6e0
[ 286.141564][ C0] ? rwlock_bug.part.0+0x90/0x90
[ 286.141578][ C0] schedule+0xde/0x1b0
[ 286.141595][ C0] worker_thread+0x160/0x1090
[ 286.141612][ C0] ? __kthread_parkme+0x163/0x220
[ 286.141632][ C0] ? process_one_work+0x1710/0x1710
[ 286.141647][ C0] kthread+0x2e8/0x3a0
[ 286.141658][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 286.141672][ C0] ret_from_fork+0x1f/0x30
[ 286.141693][ C0]
[ 286.142215][ T27] Kernel panic - not syncing: hung_task: blocked tasks
[ 286.363687][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 6.2.0-rc7-syzkaller-00002-gd2d11f342b17 #0
[ 286.373483][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[ 286.383527][ T27] Call Trace:
[ 286.386799][ T27]
[ 286.389723][ T27] dump_stack_lvl+0xd1/0x138
[ 286.394318][ T27] panic+0x2cc/0x626
[ 286.398211][ T27] ? panic_print_sys_info.part.0+0x110/0x110
[ 286.404188][ T27] ? preempt_schedule_thunk+0x1a/0x20
[ 286.409564][ T27] ? watchdog.cold+0x130/0x158
[ 286.414335][ T27] watchdog.cold+0x141/0x158
[ 286.418928][ T27] ? proc_dohung_task_timeout_secs+0x80/0x80
[ 286.424912][ T27] kthread+0x2e8/0x3a0
[ 286.428973][ T27] ? kthread_complete_and_exit+0x40/0x40
[ 286.434599][ T27] ret_from_fork+0x1f/0x30
[ 286.439023][ T27]
[ 286.443023][ T27] Kernel Offset: disabled
[ 286.447344][ T27] Rebooting in 86400 seconds..