./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3644447501
<...>
Warning: Permanently added '10.128.0.28' (ECDSA) to the list of known hosts.
execve("./syz-executor3644447501", ["./syz-executor3644447501"], 0x7ffe7dd13520 /* 10 vars */) = 0
brk(NULL) = 0x55555638e000
brk(0x55555638ec40) = 0x55555638ec40
arch_prctl(ARCH_SET_FS, 0x55555638e300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3644447501", 4096) = 28
brk(0x5555563afc40) = 0x5555563afc40
brk(0x5555563b0000) = 0x5555563b0000
mprotect(0x7f3b288e6000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5081
mkdir("./syzkaller.5R8rAp", 0700) = 0
chmod("./syzkaller.5R8rAp", 0777) = 0
chdir("./syzkaller.5R8rAp") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./0") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[ 77.486365][ T5082] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5082 'syz-executor364'
[pid 5082] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5082] munmap(0x7f3b20420000, 33554432) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[ 77.887140][ T5082] loop0: detected capacity change from 0 to 65536
[ 77.908902][ T5082] XFS (loop0): Deprecated V4 format (crc=0) will not be supported after September 2030.
[ 77.920211][ T5082] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[pid 5082] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=37 /* 0.37 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 77.962516][ T5082] XFS (loop0): Starting recovery (logdev: internal)
[ 77.980243][ T5082] XFS (loop0): Ending recovery (logdev: internal)
[ 77.987423][ T5082] xfs filesystem being mounted at /root/syzkaller.5R8rAp/0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 78.050235][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5092 attached
, child_tidptr=0x55555638e5d0) = 5092
[pid 5092] chdir("./1") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5092] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5092] munmap(0x7f3b20420000, 33554432) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[ 78.668090][ T5092] loop0: detected capacity change from 0 to 65536
[ 78.683928][ T5092] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 78.720444][ T5092] XFS (loop0): Starting recovery (logdev: internal)
[ 78.731453][ T5092] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 78.741342][ T5092] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5092, name: syz-executor364
[ 78.751110][ T5092] preempt_count: 0, expected: 0
[ 78.756200][ T5092] RCU nest depth: 1, expected: 0
[ 78.761168][ T5092] 2 locks held by syz-executor364/5092:
[ 78.766973][ T5092] #0: ffff8880759980e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb60
[ 78.777386][ T5092] #1: ffffffff8c796440 (rcu_read_lock){....}-{1:2}, at: vm_map_ram+0x7a/0xcf0
[ 78.787079][ T5092] CPU: 0 PID: 5092 Comm: syz-executor364 Not tainted 6.3.0-rc3-next-20230320-syzkaller #0
[ 78.797038][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 78.807161][ T5092] Call Trace:
[ 78.810464][ T5092]
[ 78.813408][ T5092] dump_stack_lvl+0x136/0x150
[ 78.818205][ T5092] __might_resched+0x358/0x580
[ 78.823036][ T5092] __mutex_lock+0x9f/0x1350
[ 78.827638][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 78.832217][ T5092] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 78.837824][ T5092] ? lock_sync+0x190/0x190
[ 78.842306][ T5092] ? rcu_is_watching+0x12/0xb0
[ 78.847157][ T5092] ? trace_lock_acquire+0x12d/0x180
[ 78.852484][ T5092] ? vm_map_ram+0x7a/0xcf0
[ 78.856926][ T5092] ? lock_acquire+0x32/0xc0
[ 78.861456][ T5092] ? vm_map_ram+0x7a/0xcf0
[ 78.865953][ T5092] vm_map_ram+0x13d/0xcf0
[ 78.870338][ T5092] ? lock_downgrade+0x690/0x690
[ 78.875281][ T5092] _xfs_buf_map_pages+0x158/0x3a0
[ 78.880375][ T5092] xfs_buf_get_map+0x1cb8/0x2fd0
[ 78.885381][ T5092] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 78.890566][ T5092] ? queue_work_on+0xde/0x110
[ 78.895296][ T5092] ? queue_work_on+0xb7/0x110
[ 78.900012][ T5092] xfs_buf_read_map+0xce/0xb10
[ 78.904849][ T5092] ? xfs_buf_readahead_map+0x4/0xc0
[ 78.910103][ T5092] ? xfs_buf_read_map+0xe4/0xb10
[ 78.915080][ T5092] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 78.920344][ T5092] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 78.925499][ T5092] xfs_buf_readahead_map+0x8c/0xc0
[ 78.930641][ T5092] ? xfs_buf_readahead_map+0x4/0xc0
[ 78.935872][ T5092] ? xfs_buf_read_map+0xb10/0xb10
[ 78.940936][ T5092] ? xfs_buf_readahead_map+0x8c/0xc0
[ 78.946278][ T5092] ? xfs_buf_read_map+0xb10/0xb10
[ 78.951395][ T5092] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 78.957208][ T5092] xlog_buf_readahead+0x121/0x140
[ 78.962296][ T5092] ? xlog_recover_iget+0x1a0/0x1a0
[ 78.967447][ T5092] ? xlog_buf_readahead+0x97/0x140
[ 78.972622][ T5092] ? xlog_recover_iget+0x1a0/0x1a0
[ 78.977782][ T5092] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 78.983622][ T5092] xlog_recover_commit_trans+0x266/0x960
[ 78.989296][ T5092] ? xfs_recover_inode_owner_change+0x210/0x210
[ 78.995589][ T5092] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 79.001688][ T5092] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 79.007529][ T5092] xlog_recovery_process_trans+0x19d/0x1c0
[ 79.013461][ T5092] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 79.019225][ T5092] xlog_recover_process_data+0x1f3/0x3d0
[ 79.024901][ T5092] xlog_recover_process+0x257/0x2e0
[ 79.030157][ T5092] xlog_do_recovery_pass+0x90c/0xd80
[ 79.035534][ T5092] ? xlog_recover_process+0x2e0/0x2e0
[ 79.040964][ T5092] ? kasan_set_track+0x25/0x30
[ 79.045840][ T5092] ? __kasan_kmalloc+0xa2/0xb0
[ 79.050665][ T5092] xlog_do_log_recovery+0x85/0xb0
[ 79.055752][ T5092] xlog_do_recover+0xdf/0x580
[ 79.060462][ T5092] xlog_recover+0x2a8/0x500
[ 79.065021][ T5092] ? xlog_buf_readahead+0x140/0x140
[ 79.070301][ T5092] xfs_log_mount+0x36e/0x700
[ 79.074935][ T5092] xfs_mountfs+0x11e1/0x1f60
[ 79.079585][ T5092] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 79.085368][ T5092] ? init_timer_key+0xe4/0x120
[ 79.090191][ T5092] ? xfs_mru_cache_create+0x48a/0x590
[ 79.095649][ T5092] xfs_fs_fill_super+0x1412/0x1f30
[ 79.100815][ T5092] get_tree_bdev+0x444/0x760
[ 79.105484][ T5092] ? xfs_finish_flags+0x390/0x390
[ 79.110560][ T5092] vfs_get_tree+0x8d/0x350
[ 79.115023][ T5092] path_mount+0x134b/0x1e40
[ 79.119574][ T5092] ? kmem_cache_free+0xe9/0x480
[ 79.124476][ T5092] ? finish_automount+0x9b0/0x9b0
[ 79.129574][ T5092] ? putname+0x102/0x140
[ 79.133856][ T5092] __x64_sys_mount+0x283/0x300
[ 79.138664][ T5092] ? copy_mnt_ns+0xb30/0xb30
[ 79.143295][ T5092] ? lockdep_hardirqs_on+0x7d/0x100
[ 79.148565][ T5092] ? _raw_spin_unlock_irq+0x2e/0x50
[ 79.153788][ T5092] ? ptrace_notify+0xfe/0x140
[ 79.158504][ T5092] do_syscall_64+0x39/0xb0
[ 79.162944][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.168876][ T5092] RIP: 0033:0x7f3b2886ed8a
[ 79.173306][ T5092] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.193011][ T5092] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 79.201505][ T5092] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 79.209527][ T5092] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 79.217525][ T5092] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 79.225542][ T5092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 79.233554][ T5092] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 79.241591][ T5092]
[ 79.249308][ T5092]
[ 79.251667][ T5092] =============================
[ 79.256514][ T5092] [ BUG: Invalid wait context ]
[ 79.261371][ T5092] 6.3.0-rc3-next-20230320-syzkaller #0 Tainted: G W
[ 79.269439][ T5092] -----------------------------
[ 79.274307][ T5092] syz-executor364/5092 is trying to lock:
[ 79.280057][ T5092] ffff88802181f868 (&vb->lock){+.+.}-{3:3}, at: vm_map_ram+0x13d/0xcf0
[ 79.288544][ T5092] other info that might help us debug this:
[ 79.294436][ T5092] context-{4:4}
[ 79.297911][ T5092] 2 locks held by syz-executor364/5092:
[ 79.303467][ T5092] #0: ffff8880759980e0 (&type->s_umount_key#41/1){+.+.}-{3:3}, at: alloc_super+0x22e/0xb60
[ 79.313681][ T5092] #1: ffffffff8c796440 (rcu_read_lock){....}-{1:2}, at: vm_map_ram+0x7a/0xcf0
[ 79.322724][ T5092] stack backtrace:
[ 79.326458][ T5092] CPU: 0 PID: 5092 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 79.338036][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 79.348109][ T5092] Call Trace:
[ 79.351413][ T5092]
[ 79.354358][ T5092] dump_stack_lvl+0xd9/0x150
[ 79.358999][ T5092] __lock_acquire+0x159e/0x5df0
[ 79.363885][ T5092] ? io_schedule_timeout+0x150/0x150
[ 79.369209][ T5092] ? print_usage_bug.part.0+0x660/0x660
[ 79.374781][ T5092] ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 79.380795][ T5092] ? mark_held_locks+0x9f/0xe0
[ 79.385585][ T5092] lock_acquire.part.0+0x11c/0x370
[ 79.390809][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 79.395333][ T5092] ? lock_sync+0x190/0x190
[ 79.399775][ T5092] ? rcu_is_watching+0x12/0xb0
[ 79.404571][ T5092] ? trace_lock_acquire+0x12d/0x180
[ 79.409793][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 79.414330][ T5092] ? lock_acquire+0x32/0xc0
[ 79.418855][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 79.423508][ T5092] __mutex_lock+0x12f/0x1350
[ 79.428147][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 79.432668][ T5092] ? vm_map_ram+0x13d/0xcf0
[ 79.437193][ T5092] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 79.442781][ T5092] ? lock_sync+0x190/0x190
[ 79.447223][ T5092] ? rcu_is_watching+0x12/0xb0
[ 79.452019][ T5092] ? trace_lock_acquire+0x12d/0x180
[ 79.457243][ T5092] ? vm_map_ram+0x7a/0xcf0
[ 79.461674][ T5092] ? lock_acquire+0x32/0xc0
[ 79.466199][ T5092] ? vm_map_ram+0x7a/0xcf0
[ 79.470648][ T5092] vm_map_ram+0x13d/0xcf0
[ 79.474995][ T5092] ? lock_downgrade+0x690/0x690
[ 79.479879][ T5092] _xfs_buf_map_pages+0x158/0x3a0
[ 79.484949][ T5092] xfs_buf_get_map+0x1cb8/0x2fd0
[ 79.489922][ T5092] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 79.495063][ T5092] ? queue_work_on+0xde/0x110
[ 79.499769][ T5092] ? queue_work_on+0xb7/0x110
[ 79.504479][ T5092] xfs_buf_read_map+0xce/0xb10
[ 79.509269][ T5092] ? xfs_buf_readahead_map+0x4/0xc0
[ 79.514498][ T5092] ? xfs_buf_read_map+0xe4/0xb10
[ 79.519462][ T5092] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 79.524611][ T5092] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 79.529771][ T5092] xfs_buf_readahead_map+0x8c/0xc0
[ 79.534924][ T5092] ? xfs_buf_readahead_map+0x4/0xc0
[ 79.540157][ T5092] ? xfs_buf_read_map+0xb10/0xb10
[ 79.545218][ T5092] ? xfs_buf_readahead_map+0x8c/0xc0
[ 79.550536][ T5092] ? xfs_buf_read_map+0xb10/0xb10
[ 79.555775][ T5092] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 79.561537][ T5092] xlog_buf_readahead+0x121/0x140
[ 79.566604][ T5092] ? xlog_recover_iget+0x1a0/0x1a0
[ 79.571834][ T5092] ? xlog_buf_readahead+0x97/0x140
[ 79.576980][ T5092] ? xlog_recover_iget+0x1a0/0x1a0
[ 79.582141][ T5092] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 79.587977][ T5092] xlog_recover_commit_trans+0x266/0x960
[ 79.593647][ T5092] ? xfs_recover_inode_owner_change+0x210/0x210
[ 79.599919][ T5092] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 79.606021][ T5092] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 79.611869][ T5092] xlog_recovery_process_trans+0x19d/0x1c0
[ 79.617709][ T5092] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 79.623462][ T5092] xlog_recover_process_data+0x1f3/0x3d0
[ 79.629135][ T5092] xlog_recover_process+0x257/0x2e0
[ 79.634371][ T5092] xlog_do_recovery_pass+0x90c/0xd80
[ 79.639707][ T5092] ? xlog_recover_process+0x2e0/0x2e0
[ 79.645119][ T5092] ? kasan_set_track+0x25/0x30
[ 79.649911][ T5092] ? __kasan_kmalloc+0xa2/0xb0
[ 79.654705][ T5092] xlog_do_log_recovery+0x85/0xb0
[ 79.659771][ T5092] xlog_do_recover+0xdf/0x580
[ 79.664482][ T5092] xlog_recover+0x2a8/0x500
[ 79.669018][ T5092] ? xlog_buf_readahead+0x140/0x140
[ 79.674272][ T5092] xfs_log_mount+0x36e/0x700
[ 79.678928][ T5092] xfs_mountfs+0x11e1/0x1f60
[ 79.683568][ T5092] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 79.689416][ T5092] ? init_timer_key+0xe4/0x120
[ 79.694220][ T5092] ? xfs_mru_cache_create+0x48a/0x590
[ 79.699629][ T5092] xfs_fs_fill_super+0x1412/0x1f30
[ 79.704770][ T5092] get_tree_bdev+0x444/0x760
[ 79.709397][ T5092] ? xfs_finish_flags+0x390/0x390
[ 79.714446][ T5092] vfs_get_tree+0x8d/0x350
[ 79.718899][ T5092] path_mount+0x134b/0x1e40
[ 79.723441][ T5092] ? kmem_cache_free+0xe9/0x480
[ 79.728314][ T5092] ? finish_automount+0x9b0/0x9b0
[ 79.733379][ T5092] ? putname+0x102/0x140
[ 79.737671][ T5092] __x64_sys_mount+0x283/0x300
[ 79.743949][ T5092] ? copy_mnt_ns+0xb30/0xb30
[ 79.748574][ T5092] ? lockdep_hardirqs_on+0x7d/0x100
[ 79.753808][ T5092] ? _raw_spin_unlock_irq+0x2e/0x50
[ 79.759021][ T5092] ? ptrace_notify+0xfe/0x140
[ 79.763727][ T5092] do_syscall_64+0x39/0xb0
[ 79.768170][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 79.774107][ T5092] RIP: 0033:0x7f3b2886ed8a
[ 79.778575][ T5092] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 79.798202][ T5092] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 79.806637][ T5092] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 79.814625][ T5092] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 79.822614][ T5092] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 79.830602][ T5092] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 79.838593][ T5092] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 79.846592][ T5092]
[ 79.859567][ T5092] XFS (loop0): Ending recovery (logdev: internal)
[pid 5092] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] exit_group(0) = ?
[pid 5092] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5092, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=46 /* 0.46 s */} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 79.866434][ T5092] xfs filesystem being mounted at /root/syzkaller.5R8rAp/1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 79.907262][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5101
./strace-static-x86_64: Process 5101 attached
[pid 5101] chdir("./2") = 0
[pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5101] setpgid(0, 0) = 0
[pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5101] write(3, "1000", 4) = 4
[pid 5101] close(3) = 0
[pid 5101] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5101] memfd_create("syzkaller", 0) = 3
[pid 5101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5101] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5101] munmap(0x7f3b20420000, 33554432) = 0
[pid 5101] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5101] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5101] close(3) = 0
[pid 5101] mkdir("./file0", 0777) = 0
[ 80.348687][ T5101] loop0: detected capacity change from 0 to 65536
[ 80.361937][ T5101] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 80.394805][ T5101] XFS (loop0): Starting recovery (logdev: internal)
[ 80.404530][ T5101] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 80.413944][ T5101] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5101, name: syz-executor364
[ 80.423535][ T5101] preempt_count: 0, expected: 0
[ 80.428612][ T5101] RCU nest depth: 1, expected: 0
[ 80.433575][ T5101] INFO: lockdep is turned off.
[ 80.438405][ T5101] CPU: 0 PID: 5101 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 80.449822][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 80.459913][ T5101] Call Trace:
[ 80.463215][ T5101]
[ 80.466170][ T5101] dump_stack_lvl+0x136/0x150
[ 80.470922][ T5101] __might_resched+0x358/0x580
[ 80.475733][ T5101] ? __x64_sys_mount+0x283/0x300
[ 80.480712][ T5101] ? do_syscall_64+0x39/0xb0
[ 80.485340][ T5101] __mutex_lock+0x9f/0x1350
[ 80.489888][ T5101] ? __alloc_pages_bulk+0x7de/0x1350
[ 80.495210][ T5101] ? vm_map_ram+0x13d/0xcf0
[ 80.499730][ T5101] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 80.505314][ T5101] ? rcu_is_watching+0x12/0xb0
[ 80.510114][ T5101] ? trace_lock_acquire+0x12d/0x180
[ 80.515337][ T5101] ? fs_reclaim_acquire+0xb6/0x160
[ 80.520473][ T5101] ? vm_map_ram+0x7a/0xcf0
[ 80.524997][ T5101] ? lock_acquire+0x32/0xc0
[ 80.529528][ T5101] ? vm_map_ram+0x7a/0xcf0
[ 80.533969][ T5101] vm_map_ram+0x13d/0xcf0
[ 80.538331][ T5101] ? lock_downgrade+0x690/0x690
[ 80.543221][ T5101] ? trace_lock_acquire+0x12d/0x180
[ 80.548453][ T5101] _xfs_buf_map_pages+0x158/0x3a0
[ 80.553507][ T5101] xfs_buf_get_map+0x1cb8/0x2fd0
[ 80.558574][ T5101] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 80.563719][ T5101] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 80.569836][ T5101] xfs_buf_read_map+0xce/0xb10
[ 80.574634][ T5101] ? xfs_buf_readahead_map+0x4/0xc0
[ 80.579886][ T5101] ? xfs_buf_read_map+0xe4/0xb10
[ 80.584861][ T5101] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 80.590008][ T5101] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 80.595155][ T5101] xfs_buf_readahead_map+0x8c/0xc0
[ 80.600380][ T5101] ? xfs_buf_readahead_map+0x4/0xc0
[ 80.605609][ T5101] ? xfs_buf_read_map+0xb10/0xb10
[ 80.610664][ T5101] ? xfs_buf_readahead_map+0x8c/0xc0
[ 80.615977][ T5101] ? xfs_buf_read_map+0xb10/0xb10
[ 80.621030][ T5101] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 80.626794][ T5101] xlog_buf_readahead+0x121/0x140
[ 80.631854][ T5101] ? xlog_recover_iget+0x1a0/0x1a0
[ 80.637019][ T5101] ? xlog_buf_readahead+0x97/0x140
[ 80.642163][ T5101] ? xlog_recover_iget+0x1a0/0x1a0
[ 80.647322][ T5101] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 80.653158][ T5101] xlog_recover_commit_trans+0x266/0x960
[ 80.658838][ T5101] ? xfs_recover_inode_owner_change+0x210/0x210
[ 80.665208][ T5101] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 80.671332][ T5101] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 80.677177][ T5101] xlog_recovery_process_trans+0x19d/0x1c0
[ 80.683106][ T5101] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 80.688869][ T5101] xlog_recover_process_data+0x1f3/0x3d0
[ 80.694550][ T5101] xlog_recover_process+0x257/0x2e0
[ 80.699803][ T5101] xlog_do_recovery_pass+0x90c/0xd80
[ 80.705131][ T5101] ? xlog_recover_process+0x2e0/0x2e0
[ 80.710544][ T5101] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 80.716562][ T5101] ? xlog_alloc_buf_cancel_table+0x94/0x130
[ 80.722477][ T5101] ? kcov_close+0x20/0x20
[ 80.726832][ T5101] xlog_do_log_recovery+0x85/0xb0
[ 80.731900][ T5101] xlog_do_recover+0xdf/0x580
[ 80.736616][ T5101] xlog_recover+0x2a8/0x500
[ 80.741153][ T5101] ? xlog_buf_readahead+0x140/0x140
[ 80.746391][ T5101] xfs_log_mount+0x36e/0x700
[ 80.751011][ T5101] xfs_mountfs+0x11e1/0x1f60
[ 80.755640][ T5101] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 80.761416][ T5101] ? init_timer_key+0xe4/0x120
[ 80.766218][ T5101] ? xfs_mru_cache_create+0x48a/0x590
[ 80.771628][ T5101] xfs_fs_fill_super+0x1412/0x1f30
[ 80.776780][ T5101] get_tree_bdev+0x444/0x760
[ 80.781409][ T5101] ? xfs_finish_flags+0x390/0x390
[ 80.786477][ T5101] vfs_get_tree+0x8d/0x350
[ 80.790942][ T5101] path_mount+0x134b/0x1e40
[ 80.795485][ T5101] ? kmem_cache_free+0xe9/0x480
[ 80.800362][ T5101] ? finish_automount+0x9b0/0x9b0
[ 80.805436][ T5101] ? putname+0x102/0x140
[ 80.809719][ T5101] __x64_sys_mount+0x283/0x300
[ 80.814529][ T5101] ? copy_mnt_ns+0xb30/0xb30
[ 80.819157][ T5101] ? _raw_spin_unlock_irq+0x2e/0x50
[ 80.824375][ T5101] ? ptrace_notify+0xfe/0x140
[ 80.829079][ T5101] do_syscall_64+0x39/0xb0
[ 80.833533][ T5101] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 80.839467][ T5101] RIP: 0033:0x7f3b2886ed8a
[ 80.843911][ T5101] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 80.863582][ T5101] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 80.872050][ T5101] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 80.880065][ T5101] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 80.888082][ T5101] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[pid 5101] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5101] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5101] chdir("./file0") = 0
[pid 5101] ioctl(4, LOOP_CLR_FD) = 0
[pid 5101] close(4) = 0
[pid 5101] exit_group(0) = ?
[pid 5101] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 80.896094][ T5101] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 80.904089][ T5101] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 80.912090][ T5101]
[ 80.917827][ T5101] XFS (loop0): Ending recovery (logdev: internal)
[ 80.924663][ T5101] xfs filesystem being mounted at /root/syzkaller.5R8rAp/2/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 80.966207][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5110
./strace-static-x86_64: Process 5110 attached
[pid 5110] chdir("./3") = 0
[pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5110] setpgid(0, 0) = 0
[pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5110] write(3, "1000", 4) = 4
[pid 5110] close(3) = 0
[pid 5110] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5110] memfd_create("syzkaller", 0) = 3
[pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5110] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5110] munmap(0x7f3b20420000, 33554432) = 0
[pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5110] close(3) = 0
[pid 5110] mkdir("./file0", 0777) = 0
[ 81.399023][ T5110] loop0: detected capacity change from 0 to 65536
[ 81.411129][ T5110] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 81.445507][ T5110] XFS (loop0): Starting recovery (logdev: internal)
[ 81.454828][ T5110] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 81.464345][ T5110] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5110, name: syz-executor364
[ 81.473915][ T5110] preempt_count: 0, expected: 0
[ 81.478854][ T5110] RCU nest depth: 1, expected: 0
[ 81.483820][ T5110] INFO: lockdep is turned off.
[ 81.488631][ T5110] CPU: 0 PID: 5110 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 81.500027][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 81.511149][ T5110] Call Trace:
[ 81.514451][ T5110]
[ 81.517394][ T5110] dump_stack_lvl+0x136/0x150
[ 81.522105][ T5110] __might_resched+0x358/0x580
[ 81.526916][ T5110] ? __x64_sys_mount+0x283/0x300
[ 81.531890][ T5110] ? do_syscall_64+0x39/0xb0
[ 81.536509][ T5110] __mutex_lock+0x9f/0x1350
[ 81.541047][ T5110] ? __alloc_pages_bulk+0x7de/0x1350
[ 81.546360][ T5110] ? vm_map_ram+0x13d/0xcf0
[ 81.550883][ T5110] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 81.556462][ T5110] ? rcu_is_watching+0x12/0xb0
[ 81.561258][ T5110] ? trace_lock_acquire+0x12d/0x180
[ 81.566481][ T5110] ? fs_reclaim_acquire+0xb6/0x160
[ 81.571620][ T5110] ? vm_map_ram+0x7a/0xcf0
[ 81.576054][ T5110] ? lock_acquire+0x32/0xc0
[ 81.580579][ T5110] ? vm_map_ram+0x7a/0xcf0
[ 81.585017][ T5110] vm_map_ram+0x13d/0xcf0
[ 81.589409][ T5110] ? lock_downgrade+0x690/0x690
[ 81.594292][ T5110] ? trace_lock_acquire+0x12d/0x180
[ 81.599517][ T5110] _xfs_buf_map_pages+0x158/0x3a0
[ 81.604571][ T5110] xfs_buf_get_map+0x1cb8/0x2fd0
[ 81.609547][ T5110] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 81.614689][ T5110] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 81.620716][ T5110] xfs_buf_read_map+0xce/0xb10
[ 81.625519][ T5110] ? xfs_buf_readahead_map+0x4/0xc0
[ 81.630761][ T5110] ? xfs_buf_read_map+0xe4/0xb10
[ 81.635753][ T5110] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 81.640907][ T5110] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 81.646051][ T5110] xfs_buf_readahead_map+0x8c/0xc0
[ 81.651204][ T5110] ? xfs_buf_readahead_map+0x4/0xc0
[ 81.656437][ T5110] ? xfs_buf_read_map+0xb10/0xb10
[ 81.661501][ T5110] ? xfs_buf_readahead_map+0x8c/0xc0
[ 81.666816][ T5110] ? xfs_buf_read_map+0xb10/0xb10
[ 81.672051][ T5110] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 81.677834][ T5110] xlog_buf_readahead+0x121/0x140
[ 81.682927][ T5110] ? xlog_recover_iget+0x1a0/0x1a0
[ 81.688254][ T5110] ? xlog_buf_readahead+0x97/0x140
[ 81.693407][ T5110] ? xlog_recover_iget+0x1a0/0x1a0
[ 81.698564][ T5110] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 81.704398][ T5110] xlog_recover_commit_trans+0x266/0x960
[ 81.710079][ T5110] ? xfs_recover_inode_owner_change+0x210/0x210
[ 81.716346][ T5110] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 81.722457][ T5110] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 81.728302][ T5110] xlog_recovery_process_trans+0x19d/0x1c0
[ 81.734141][ T5110] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 81.739906][ T5110] xlog_recover_process_data+0x1f3/0x3d0
[ 81.745575][ T5110] xlog_recover_process+0x257/0x2e0
[ 81.750826][ T5110] xlog_do_recovery_pass+0x90c/0xd80
[ 81.756149][ T5110] ? xlog_alloc_buf_cancel_table+0x47/0x130
[ 81.762073][ T5110] ? xlog_recover_process+0x2e0/0x2e0
[ 81.767488][ T5110] ? kasan_set_track+0x25/0x30
[ 81.772364][ T5110] ? __kasan_kmalloc+0xa2/0xb0
[ 81.777261][ T5110] xlog_do_log_recovery+0x85/0xb0
[ 81.782320][ T5110] xlog_do_recover+0xdf/0x580
[ 81.787035][ T5110] xlog_recover+0x2a8/0x500
[ 81.791573][ T5110] ? xlog_buf_readahead+0x140/0x140
[ 81.797092][ T5110] xfs_log_mount+0x36e/0x700
[ 81.801716][ T5110] xfs_mountfs+0x11e1/0x1f60
[ 81.806345][ T5110] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 81.812099][ T5110] ? init_timer_key+0xe4/0x120
[ 81.816906][ T5110] ? xfs_mru_cache_create+0x48a/0x590
[ 81.823287][ T5110] xfs_fs_fill_super+0x1412/0x1f30
[ 81.828452][ T5110] get_tree_bdev+0x444/0x760
[ 81.833262][ T5110] ? xfs_finish_flags+0x390/0x390
[ 81.838344][ T5110] vfs_get_tree+0x8d/0x350
[ 81.842795][ T5110] path_mount+0x134b/0x1e40
[ 81.847343][ T5110] ? kmem_cache_free+0xe9/0x480
[ 81.852219][ T5110] ? finish_automount+0x9b0/0x9b0
[ 81.857282][ T5110] ? putname+0x102/0x140
[ 81.861567][ T5110] __x64_sys_mount+0x283/0x300
[ 81.866367][ T5110] ? copy_mnt_ns+0xb30/0xb30
[ 81.870991][ T5110] ? _raw_spin_unlock_irq+0x2e/0x50
[ 81.876292][ T5110] ? ptrace_notify+0xfe/0x140
[ 81.880990][ T5110] do_syscall_64+0x39/0xb0
[ 81.885450][ T5110] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 81.891394][ T5110] RIP: 0033:0x7f3b2886ed8a
[ 81.895839][ T5110] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 81.915471][ T5110] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 81.923925][ T5110] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 81.931948][ T5110] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 81.939937][ T5110] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[pid 5110] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5110] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5110] chdir("./file0") = 0
[pid 5110] ioctl(4, LOOP_CLR_FD) = 0
[pid 5110] close(4) = 0
[pid 5110] exit_group(0) = ?
[pid 5110] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=29 /* 0.29 s */} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs") = 0
[ 81.947932][ T5110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 81.955916][ T5110] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 81.963910][ T5110]
[ 81.971638][ T5110] XFS (loop0): Ending recovery (logdev: internal)
[ 81.978547][ T5110] xfs filesystem being mounted at /root/syzkaller.5R8rAp/3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 82.035649][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5119
./strace-static-x86_64: Process 5119 attached
[pid 5119] chdir("./4") = 0
[pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5119] setpgid(0, 0) = 0
[pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5119] write(3, "1000", 4) = 4
[pid 5119] close(3) = 0
[pid 5119] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5119] memfd_create("syzkaller", 0) = 3
[pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5119] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5119] munmap(0x7f3b20420000, 33554432) = 0
[pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5119] close(3) = 0
[pid 5119] mkdir("./file0", 0777) = 0
[ 82.452552][ T5119] loop0: detected capacity change from 0 to 65536
[ 82.465691][ T5119] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 82.499092][ T5119] XFS (loop0): Starting recovery (logdev: internal)
[ 82.508401][ T5119] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 82.517799][ T5119] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5119, name: syz-executor364
[ 82.527339][ T5119] preempt_count: 0, expected: 0
[ 82.532237][ T5119] RCU nest depth: 1, expected: 0
[ 82.537261][ T5119] INFO: lockdep is turned off.
[ 82.542049][ T5119] CPU: 0 PID: 5119 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 82.553464][ T5119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 82.563549][ T5119] Call Trace:
[ 82.566834][ T5119]
[ 82.569772][ T5119] dump_stack_lvl+0x136/0x150
[ 82.574474][ T5119] __might_resched+0x358/0x580
[ 82.579270][ T5119] ? __x64_sys_mount+0x283/0x300
[ 82.584248][ T5119] ? do_syscall_64+0x39/0xb0
[ 82.588859][ T5119] __mutex_lock+0x9f/0x1350
[ 82.593406][ T5119] ? __alloc_pages_bulk+0x7de/0x1350
[ 82.598714][ T5119] ? vm_map_ram+0x13d/0xcf0
[ 82.603332][ T5119] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 82.608918][ T5119] ? rcu_is_watching+0x12/0xb0
[ 82.613714][ T5119] ? trace_lock_acquire+0x12d/0x180
[ 82.618940][ T5119] ? fs_reclaim_acquire+0xb6/0x160
[ 82.624077][ T5119] ? vm_map_ram+0x7a/0xcf0
[ 82.628513][ T5119] ? lock_acquire+0x32/0xc0
[ 82.633055][ T5119] ? vm_map_ram+0x7a/0xcf0
[ 82.637505][ T5119] vm_map_ram+0x13d/0xcf0
[ 82.641855][ T5119] ? lock_downgrade+0x690/0x690
[ 82.646738][ T5119] ? trace_lock_acquire+0x12d/0x180
[ 82.653183][ T5119] _xfs_buf_map_pages+0x158/0x3a0
[ 82.658247][ T5119] xfs_buf_get_map+0x1cb8/0x2fd0
[ 82.663232][ T5119] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 82.668376][ T5119] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 82.674574][ T5119] xfs_buf_read_map+0xce/0xb10
[ 82.679366][ T5119] ? xfs_buf_readahead_map+0x4/0xc0
[ 82.684693][ T5119] ? xfs_buf_read_map+0xe4/0xb10
[ 82.689661][ T5119] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 82.694809][ T5119] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 82.699962][ T5119] xfs_buf_readahead_map+0x8c/0xc0
[ 82.705101][ T5119] ? xfs_buf_readahead_map+0x4/0xc0
[ 82.710342][ T5119] ? xfs_buf_read_map+0xb10/0xb10
[ 82.715395][ T5119] ? xfs_buf_readahead_map+0x8c/0xc0
[ 82.720716][ T5119] ? xfs_buf_read_map+0xb10/0xb10
[ 82.725780][ T5119] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 82.731564][ T5119] xlog_buf_readahead+0x121/0x140
[ 82.736630][ T5119] ? xlog_recover_iget+0x1a0/0x1a0
[ 82.741773][ T5119] ? xlog_buf_readahead+0x97/0x140
[ 82.746916][ T5119] ? xlog_recover_iget+0x1a0/0x1a0
[ 82.752063][ T5119] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 82.757897][ T5119] xlog_recover_commit_trans+0x266/0x960
[ 82.763562][ T5119] ? xfs_recover_inode_owner_change+0x210/0x210
[ 82.770005][ T5119] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 82.776107][ T5119] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 82.781949][ T5119] xlog_recovery_process_trans+0x19d/0x1c0
[ 82.787792][ T5119] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 82.793551][ T5119] xlog_recover_process_data+0x1f3/0x3d0
[ 82.799237][ T5119] xlog_recover_process+0x257/0x2e0
[ 82.804484][ T5119] xlog_do_recovery_pass+0x90c/0xd80
[ 82.809803][ T5119] ? kstrtoul_from_user+0x40/0x40
[ 82.814871][ T5119] ? xlog_recover_process+0x2e0/0x2e0
[ 82.820277][ T5119] ? fs_reclaim_acquire+0xb6/0x160
[ 82.825424][ T5119] ? lock_acquire+0x32/0xc0
[ 82.829967][ T5119] ? kasan_set_track+0x25/0x30
[ 82.834767][ T5119] ? __kasan_kmalloc+0xa2/0xb0
[ 82.839562][ T5119] xlog_do_log_recovery+0x85/0xb0
[ 82.844640][ T5119] xlog_do_recover+0xdf/0x580
[ 82.849375][ T5119] xlog_recover+0x2a8/0x500
[ 82.854013][ T5119] ? xlog_buf_readahead+0x140/0x140
[ 82.859263][ T5119] xfs_log_mount+0x36e/0x700
[ 82.863889][ T5119] xfs_mountfs+0x11e1/0x1f60
[ 82.868526][ T5119] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 82.874295][ T5119] ? init_timer_key+0xe4/0x120
[ 82.879095][ T5119] ? xfs_mru_cache_create+0x48a/0x590
[ 82.884597][ T5119] xfs_fs_fill_super+0x1412/0x1f30
[ 82.889742][ T5119] get_tree_bdev+0x444/0x760
[ 82.894401][ T5119] ? xfs_finish_flags+0x390/0x390
[ 82.899468][ T5119] vfs_get_tree+0x8d/0x350
[ 82.903936][ T5119] path_mount+0x134b/0x1e40
[ 82.908501][ T5119] ? kmem_cache_free+0xe9/0x480
[ 82.913489][ T5119] ? finish_automount+0x9b0/0x9b0
[ 82.918597][ T5119] ? putname+0x102/0x140
[ 82.922912][ T5119] __x64_sys_mount+0x283/0x300
[ 82.927731][ T5119] ? copy_mnt_ns+0xb30/0xb30
[ 82.932392][ T5119] ? _raw_spin_unlock_irq+0x2e/0x50
[ 82.937629][ T5119] ? ptrace_notify+0xfe/0x140
[ 82.942354][ T5119] do_syscall_64+0x39/0xb0
[ 82.946804][ T5119] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 82.952745][ T5119] RIP: 0033:0x7f3b2886ed8a
[ 82.957181][ T5119] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 82.976820][ T5119] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 82.985252][ T5119] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 82.993267][ T5119] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 83.001262][ T5119] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 83.009267][ T5119] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 83.017277][ T5119] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 83.025298][ T5119]
[ 83.034230][ T5119] XFS (loop0): Ending recovery (logdev: internal)
[pid 5119] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5119] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5119] chdir("./file0") = 0
[pid 5119] ioctl(4, LOOP_CLR_FD) = 0
[pid 5119] close(4) = 0
[pid 5119] exit_group(0) = ?
[pid 5119] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=24 /* 0.24 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs") = 0
[ 83.041186][ T5119] xfs filesystem being mounted at /root/syzkaller.5R8rAp/4/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 83.081993][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5128
./strace-static-x86_64: Process 5128 attached
[pid 5128] chdir("./5") = 0
[pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5128] setpgid(0, 0) = 0
[pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5128] write(3, "1000", 4) = 4
[pid 5128] close(3) = 0
[pid 5128] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5128] memfd_create("syzkaller", 0) = 3
[pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5128] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5128] munmap(0x7f3b20420000, 33554432) = 0
[pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5128] close(3) = 0
[pid 5128] mkdir("./file0", 0777) = 0
[ 83.500015][ T5128] loop0: detected capacity change from 0 to 65536
[ 83.511933][ T5128] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 83.544591][ T5128] XFS (loop0): Starting recovery (logdev: internal)
[ 83.554329][ T5128] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 83.563774][ T5128] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5128, name: syz-executor364
[ 83.573360][ T5128] preempt_count: 0, expected: 0
[ 83.578282][ T5128] RCU nest depth: 1, expected: 0
[ 83.583243][ T5128] INFO: lockdep is turned off.
[ 83.588070][ T5128] CPU: 0 PID: 5128 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 83.599598][ T5128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 83.609682][ T5128] Call Trace:
[ 83.612972][ T5128]
[ 83.615919][ T5128] dump_stack_lvl+0x136/0x150
[ 83.620624][ T5128] __might_resched+0x358/0x580
[ 83.625427][ T5128] ? __x64_sys_mount+0x283/0x300
[ 83.630452][ T5128] ? do_syscall_64+0x39/0xb0
[ 83.635063][ T5128] __mutex_lock+0x9f/0x1350
[ 83.639602][ T5128] ? __alloc_pages_bulk+0x7de/0x1350
[ 83.644916][ T5128] ? vm_map_ram+0x13d/0xcf0
[ 83.649456][ T5128] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 83.655039][ T5128] ? rcu_is_watching+0x12/0xb0
[ 83.659846][ T5128] ? trace_lock_acquire+0x12d/0x180
[ 83.665152][ T5128] ? fs_reclaim_acquire+0xb6/0x160
[ 83.670283][ T5128] ? vm_map_ram+0x7a/0xcf0
[ 83.674816][ T5128] ? lock_acquire+0x32/0xc0
[ 83.679346][ T5128] ? vm_map_ram+0x7a/0xcf0
[ 83.683813][ T5128] vm_map_ram+0x13d/0xcf0
[ 83.688159][ T5128] ? lock_downgrade+0x690/0x690
[ 83.693038][ T5128] ? trace_lock_acquire+0x12d/0x180
[ 83.698264][ T5128] _xfs_buf_map_pages+0x158/0x3a0
[ 83.703315][ T5128] xfs_buf_get_map+0x1cb8/0x2fd0
[ 83.708291][ T5128] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 83.713437][ T5128] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 83.719455][ T5128] xfs_buf_read_map+0xce/0xb10
[ 83.724257][ T5128] ? xfs_buf_readahead_map+0x4/0xc0
[ 83.729487][ T5128] ? xfs_buf_read_map+0xe4/0xb10
[ 83.734466][ T5128] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 83.739612][ T5128] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 83.744751][ T5128] xfs_buf_readahead_map+0x8c/0xc0
[ 83.749889][ T5128] ? xfs_buf_readahead_map+0x4/0xc0
[ 83.755114][ T5128] ? xfs_buf_read_map+0xb10/0xb10
[ 83.760168][ T5128] ? xfs_buf_readahead_map+0x8c/0xc0
[ 83.765491][ T5128] ? xfs_buf_read_map+0xb10/0xb10
[ 83.770574][ T5128] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 83.776333][ T5128] xlog_buf_readahead+0x121/0x140
[ 83.781406][ T5128] ? xlog_recover_iget+0x1a0/0x1a0
[ 83.786574][ T5128] ? xlog_buf_readahead+0x97/0x140
[ 83.791721][ T5128] ? xlog_recover_iget+0x1a0/0x1a0
[ 83.797139][ T5128] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 83.802972][ T5128] xlog_recover_commit_trans+0x266/0x960
[ 83.808640][ T5128] ? xfs_recover_inode_owner_change+0x210/0x210
[ 83.815092][ T5128] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 83.821195][ T5128] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 83.827042][ T5128] xlog_recovery_process_trans+0x19d/0x1c0
[ 83.832885][ T5128] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 83.838664][ T5128] xlog_recover_process_data+0x1f3/0x3d0
[ 83.844426][ T5128] xlog_recover_process+0x257/0x2e0
[ 83.849667][ T5128] xlog_do_recovery_pass+0x90c/0xd80
[ 83.855011][ T5128] ? xlog_alloc_buf_cancel_table+0x47/0x130
[ 83.860961][ T5128] ? xlog_recover_process+0x2e0/0x2e0
[ 83.866410][ T5128] ? kasan_set_track+0x25/0x30
[ 83.871272][ T5128] ? __kasan_kmalloc+0xa2/0xb0
[ 83.876093][ T5128] xlog_do_log_recovery+0x85/0xb0
[ 83.881185][ T5128] xlog_do_recover+0xdf/0x580
[ 83.885922][ T5128] xlog_recover+0x2a8/0x500
[ 83.890562][ T5128] ? xlog_buf_readahead+0x140/0x140
[ 83.895817][ T5128] xfs_log_mount+0x36e/0x700
[ 83.900464][ T5128] xfs_mountfs+0x11e1/0x1f60
[ 83.905118][ T5128] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 83.910916][ T5128] ? init_timer_key+0xe4/0x120
[ 83.915864][ T5128] ? xfs_mru_cache_create+0x48a/0x590
[ 83.921308][ T5128] xfs_fs_fill_super+0x1412/0x1f30
[ 83.926456][ T5128] get_tree_bdev+0x444/0x760
[ 83.931094][ T5128] ? xfs_finish_flags+0x390/0x390
[ 83.936150][ T5128] vfs_get_tree+0x8d/0x350
[ 83.940610][ T5128] path_mount+0x134b/0x1e40
[ 83.945155][ T5128] ? kmem_cache_free+0xe9/0x480
[ 83.950034][ T5128] ? finish_automount+0x9b0/0x9b0
[ 83.955099][ T5128] ? putname+0x102/0x140
[ 83.959381][ T5128] __x64_sys_mount+0x283/0x300
[ 83.964185][ T5128] ? copy_mnt_ns+0xb30/0xb30
[ 83.968811][ T5128] ? _raw_spin_unlock_irq+0x2e/0x50
[ 83.974039][ T5128] ? ptrace_notify+0xfe/0x140
[ 83.978757][ T5128] do_syscall_64+0x39/0xb0
[ 83.983201][ T5128] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 83.989133][ T5128] RIP: 0033:0x7f3b2886ed8a
[ 83.993567][ T5128] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.013290][ T5128] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 84.021730][ T5128] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 84.029753][ T5128] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 84.037740][ T5128] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[pid 5128] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5128] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5128] chdir("./file0") = 0
[pid 5128] ioctl(4, LOOP_CLR_FD) = 0
[pid 5128] close(4) = 0
[pid 5128] exit_group(0) = ?
[pid 5128] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=30 /* 0.30 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs") = 0
[ 84.045728][ T5128] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 84.053830][ T5128] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 84.061840][ T5128]
[ 84.067695][ T5128] XFS (loop0): Ending recovery (logdev: internal)
[ 84.074522][ T5128] xfs filesystem being mounted at /root/syzkaller.5R8rAp/5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 84.111179][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5137
./strace-static-x86_64: Process 5137 attached
[pid 5137] chdir("./6") = 0
[pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5137] setpgid(0, 0) = 0
[pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5137] write(3, "1000", 4) = 4
[pid 5137] close(3) = 0
[pid 5137] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5137] memfd_create("syzkaller", 0) = 3
[pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5137] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5137] munmap(0x7f3b20420000, 33554432) = 0
[pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5137] close(3) = 0
[pid 5137] mkdir("./file0", 0777) = 0
[ 84.523603][ T5137] loop0: detected capacity change from 0 to 65536
[ 84.536157][ T5137] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 84.564491][ T5137] XFS (loop0): Starting recovery (logdev: internal)
[ 84.573790][ T5137] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 84.583392][ T5137] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5137, name: syz-executor364
[ 84.593062][ T5137] preempt_count: 0, expected: 0
[ 84.598083][ T5137] RCU nest depth: 1, expected: 0
[ 84.603042][ T5137] INFO: lockdep is turned off.
[ 84.608051][ T5137] CPU: 0 PID: 5137 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 84.619436][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 84.629518][ T5137] Call Trace:
[ 84.632803][ T5137]
[ 84.635746][ T5137] dump_stack_lvl+0x136/0x150
[ 84.640453][ T5137] __might_resched+0x358/0x580
[ 84.645245][ T5137] ? __x64_sys_mount+0x283/0x300
[ 84.650218][ T5137] ? do_syscall_64+0x39/0xb0
[ 84.655011][ T5137] __mutex_lock+0x9f/0x1350
[ 84.659554][ T5137] ? __alloc_pages_bulk+0x7de/0x1350
[ 84.664883][ T5137] ? vm_map_ram+0x13d/0xcf0
[ 84.669422][ T5137] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 84.675008][ T5137] ? rcu_is_watching+0x12/0xb0
[ 84.679803][ T5137] ? trace_lock_acquire+0x12d/0x180
[ 84.685021][ T5137] ? fs_reclaim_acquire+0xb6/0x160
[ 84.690192][ T5137] ? vm_map_ram+0x7a/0xcf0
[ 84.694627][ T5137] ? lock_acquire+0x32/0xc0
[ 84.699169][ T5137] ? vm_map_ram+0x7a/0xcf0
[ 84.703647][ T5137] vm_map_ram+0x13d/0xcf0
[ 84.708015][ T5137] ? lock_downgrade+0x690/0x690
[ 84.712918][ T5137] ? trace_lock_acquire+0x12d/0x180
[ 84.718153][ T5137] _xfs_buf_map_pages+0x158/0x3a0
[ 84.723211][ T5137] xfs_buf_get_map+0x1cb8/0x2fd0
[ 84.728188][ T5137] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 84.733346][ T5137] ? rcu_is_watching+0x86/0xb0
[ 84.738166][ T5137] ? queue_work_on+0xb7/0x110
[ 84.742883][ T5137] xfs_buf_read_map+0xce/0xb10
[ 84.747684][ T5137] ? xfs_buf_readahead_map+0x4/0xc0
[ 84.752917][ T5137] ? xfs_buf_read_map+0xe4/0xb10
[ 84.757890][ T5137] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 84.763032][ T5137] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 84.768173][ T5137] xfs_buf_readahead_map+0x8c/0xc0
[ 84.773317][ T5137] ? xfs_buf_readahead_map+0x4/0xc0
[ 84.778546][ T5137] ? xfs_buf_read_map+0xb10/0xb10
[ 84.783599][ T5137] ? xfs_buf_readahead_map+0x8c/0xc0
[ 84.788909][ T5137] ? xfs_buf_read_map+0xb10/0xb10
[ 84.793958][ T5137] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 84.799719][ T5137] xlog_buf_readahead+0x121/0x140
[ 84.804778][ T5137] ? xlog_recover_iget+0x1a0/0x1a0
[ 84.809917][ T5137] ? xlog_buf_readahead+0x97/0x140
[ 84.815059][ T5137] ? xlog_recover_iget+0x1a0/0x1a0
[ 84.820204][ T5137] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 84.826037][ T5137] xlog_recover_commit_trans+0x266/0x960
[ 84.831700][ T5137] ? xfs_recover_inode_owner_change+0x210/0x210
[ 84.837977][ T5137] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 84.844098][ T5137] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 84.849951][ T5137] xlog_recovery_process_trans+0x19d/0x1c0
[ 84.855803][ T5137] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 84.861561][ T5137] xlog_recover_process_data+0x1f3/0x3d0
[ 84.867244][ T5137] xlog_recover_process+0x257/0x2e0
[ 84.872479][ T5137] xlog_do_recovery_pass+0x90c/0xd80
[ 84.877795][ T5137] ? kstrtoul_from_user+0x40/0x40
[ 84.882857][ T5137] ? xlog_recover_process+0x2e0/0x2e0
[ 84.888260][ T5137] ? fs_reclaim_acquire+0xb6/0x160
[ 84.893483][ T5137] ? lock_acquire+0x32/0xc0
[ 84.898019][ T5137] ? kasan_set_track+0x25/0x30
[ 84.902810][ T5137] ? __kasan_kmalloc+0xa2/0xb0
[ 84.907603][ T5137] xlog_do_log_recovery+0x85/0xb0
[ 84.912659][ T5137] xlog_do_recover+0xdf/0x580
[ 84.917373][ T5137] xlog_recover+0x2a8/0x500
[ 84.921907][ T5137] ? xlog_buf_readahead+0x140/0x140
[ 84.927145][ T5137] xfs_log_mount+0x36e/0x700
[ 84.931766][ T5137] xfs_mountfs+0x11e1/0x1f60
[ 84.936408][ T5137] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 84.942162][ T5137] ? init_timer_key+0xe4/0x120
[ 84.946960][ T5137] ? xfs_mru_cache_create+0x48a/0x590
[ 84.952382][ T5137] xfs_fs_fill_super+0x1412/0x1f30
[ 84.957522][ T5137] get_tree_bdev+0x444/0x760
[ 84.962147][ T5137] ? xfs_finish_flags+0x390/0x390
[ 84.967194][ T5137] vfs_get_tree+0x8d/0x350
[ 84.971644][ T5137] path_mount+0x134b/0x1e40
[ 84.976183][ T5137] ? kmem_cache_free+0xe9/0x480
[ 84.981057][ T5137] ? finish_automount+0x9b0/0x9b0
[ 84.986117][ T5137] ? putname+0x102/0x140
[ 84.990401][ T5137] __x64_sys_mount+0x283/0x300
[ 84.995200][ T5137] ? copy_mnt_ns+0xb30/0xb30
[ 84.999825][ T5137] ? _raw_spin_unlock_irq+0x2e/0x50
[ 85.005050][ T5137] ? ptrace_notify+0xfe/0x140
[ 85.009762][ T5137] do_syscall_64+0x39/0xb0
[ 85.014200][ T5137] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.020132][ T5137] RIP: 0033:0x7f3b2886ed8a
[ 85.024563][ T5137] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.044187][ T5137] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 85.052620][ T5137] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 85.060608][ T5137] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 85.068767][ T5137] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 85.076752][ T5137] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 85.084734][ T5137] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 85.092750][ T5137]
[ 85.103133][ T5137] XFS (loop0): Ending recovery (logdev: internal)
[pid 5137] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5137] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5137] chdir("./file0") = 0
[pid 5137] ioctl(4, LOOP_CLR_FD) = 0
[pid 5137] close(4) = 0
[pid 5137] exit_group(0) = ?
[pid 5137] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=31 /* 0.31 s */} ---
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs") = 0
[ 85.110042][ T5137] xfs filesystem being mounted at /root/syzkaller.5R8rAp/6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 85.147671][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5146
./strace-static-x86_64: Process 5146 attached
[pid 5146] chdir("./7") = 0
[pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5146] setpgid(0, 0) = 0
[pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5146] write(3, "1000", 4) = 4
[pid 5146] close(3) = 0
[pid 5146] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5146] memfd_create("syzkaller", 0) = 3
[pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5146] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5146] munmap(0x7f3b20420000, 33554432) = 0
[pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5146] close(3) = 0
[pid 5146] mkdir("./file0", 0777) = 0
[ 85.545943][ T5146] loop0: detected capacity change from 0 to 65536
[ 85.557179][ T5146] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 85.589959][ T5146] XFS (loop0): Starting recovery (logdev: internal)
[ 85.599760][ T5146] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 85.609292][ T5146] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5146, name: syz-executor364
[ 85.619076][ T5146] preempt_count: 0, expected: 0
[ 85.623937][ T5146] RCU nest depth: 1, expected: 0
[ 85.629131][ T5146] INFO: lockdep is turned off.
[ 85.633897][ T5146] CPU: 0 PID: 5146 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 85.645336][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 85.655452][ T5146] Call Trace:
[ 85.658749][ T5146]
[ 85.661686][ T5146] dump_stack_lvl+0x136/0x150
[ 85.666412][ T5146] __might_resched+0x358/0x580
[ 85.671238][ T5146] ? __x64_sys_mount+0x283/0x300
[ 85.676291][ T5146] ? do_syscall_64+0x39/0xb0
[ 85.680919][ T5146] __mutex_lock+0x9f/0x1350
[ 85.685456][ T5146] ? __alloc_pages_bulk+0x7de/0x1350
[ 85.690780][ T5146] ? vm_map_ram+0x13d/0xcf0
[ 85.695321][ T5146] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 85.700926][ T5146] ? rcu_is_watching+0x12/0xb0
[ 85.705749][ T5146] ? trace_lock_acquire+0x12d/0x180
[ 85.710976][ T5146] ? fs_reclaim_acquire+0xb6/0x160
[ 85.716115][ T5146] ? vm_map_ram+0x7a/0xcf0
[ 85.720553][ T5146] ? lock_acquire+0x32/0xc0
[ 85.725104][ T5146] ? vm_map_ram+0x7a/0xcf0
[ 85.729549][ T5146] vm_map_ram+0x13d/0xcf0
[ 85.733906][ T5146] ? lock_downgrade+0x690/0x690
[ 85.738785][ T5146] ? trace_lock_acquire+0x12d/0x180
[ 85.744010][ T5146] _xfs_buf_map_pages+0x158/0x3a0
[ 85.749082][ T5146] xfs_buf_get_map+0x1cb8/0x2fd0
[ 85.754055][ T5146] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 85.759201][ T5146] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 85.765217][ T5146] xfs_buf_read_map+0xce/0xb10
[ 85.770040][ T5146] ? xfs_buf_readahead_map+0x4/0xc0
[ 85.775287][ T5146] ? xfs_buf_read_map+0xe4/0xb10
[ 85.780260][ T5146] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 85.785406][ T5146] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 85.790555][ T5146] xfs_buf_readahead_map+0x8c/0xc0
[ 85.795709][ T5146] ? xfs_buf_readahead_map+0x4/0xc0
[ 85.800943][ T5146] ? xfs_buf_read_map+0xb10/0xb10
[ 85.806006][ T5146] ? xfs_buf_readahead_map+0x8c/0xc0
[ 85.811404][ T5146] ? xfs_buf_read_map+0xb10/0xb10
[ 85.816453][ T5146] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 85.822227][ T5146] xlog_buf_readahead+0x121/0x140
[ 85.827290][ T5146] ? xlog_recover_iget+0x1a0/0x1a0
[ 85.832438][ T5146] ? xlog_buf_readahead+0x97/0x140
[ 85.837601][ T5146] ? xlog_recover_iget+0x1a0/0x1a0
[ 85.842744][ T5146] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 85.848578][ T5146] xlog_recover_commit_trans+0x266/0x960
[ 85.854264][ T5146] ? xfs_recover_inode_owner_change+0x210/0x210
[ 85.860574][ T5146] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 85.866678][ T5146] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 85.872524][ T5146] xlog_recovery_process_trans+0x19d/0x1c0
[ 85.878371][ T5146] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 85.884216][ T5146] xlog_recover_process_data+0x1f3/0x3d0
[ 85.889890][ T5146] xlog_recover_process+0x257/0x2e0
[ 85.895138][ T5146] xlog_do_recovery_pass+0x90c/0xd80
[ 85.900615][ T5146] ? kstrtoul_from_user+0x40/0x40
[ 85.905687][ T5146] ? xlog_recover_process+0x2e0/0x2e0
[ 85.911108][ T5146] ? fs_reclaim_acquire+0xb6/0x160
[ 85.916342][ T5146] ? lock_acquire+0x32/0xc0
[ 85.920885][ T5146] ? kasan_set_track+0x25/0x30
[ 85.925685][ T5146] ? __kasan_kmalloc+0xa2/0xb0
[ 85.930568][ T5146] xlog_do_log_recovery+0x85/0xb0
[ 85.935647][ T5146] xlog_do_recover+0xdf/0x580
[ 85.940454][ T5146] xlog_recover+0x2a8/0x500
[ 85.944995][ T5146] ? xlog_buf_readahead+0x140/0x140
[ 85.950231][ T5146] xfs_log_mount+0x36e/0x700
[ 85.954851][ T5146] xfs_mountfs+0x11e1/0x1f60
[ 85.959480][ T5146] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 85.965254][ T5146] ? init_timer_key+0xe4/0x120
[ 85.970067][ T5146] ? xfs_mru_cache_create+0x48a/0x590
[ 85.975496][ T5146] xfs_fs_fill_super+0x1412/0x1f30
[ 85.980635][ T5146] get_tree_bdev+0x444/0x760
[ 85.985269][ T5146] ? xfs_finish_flags+0x390/0x390
[ 85.990322][ T5146] vfs_get_tree+0x8d/0x350
[ 85.994774][ T5146] path_mount+0x134b/0x1e40
[ 85.999322][ T5146] ? kmem_cache_free+0xe9/0x480
[ 86.004211][ T5146] ? finish_automount+0x9b0/0x9b0
[ 86.009424][ T5146] ? putname+0x102/0x140
[ 86.013720][ T5146] __x64_sys_mount+0x283/0x300
[ 86.018549][ T5146] ? copy_mnt_ns+0xb30/0xb30
[ 86.023209][ T5146] ? _raw_spin_unlock_irq+0x2e/0x50
[ 86.028448][ T5146] ? ptrace_notify+0xfe/0x140
[ 86.033298][ T5146] do_syscall_64+0x39/0xb0
[ 86.037747][ T5146] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.043782][ T5146] RIP: 0033:0x7f3b2886ed8a
[ 86.048308][ T5146] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.067950][ T5146] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 86.076562][ T5146] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 86.084657][ T5146] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 86.092654][ T5146] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 86.100666][ T5146] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 86.108680][ T5146] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 86.116689][ T5146]
[ 86.128359][ T5146] XFS (loop0): Ending recovery (logdev: internal)
[pid 5146] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5146] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5146] chdir("./file0") = 0
[pid 5146] ioctl(4, LOOP_CLR_FD) = 0
[pid 5146] close(4) = 0
[pid 5146] exit_group(0) = ?
[pid 5146] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=27 /* 0.27 s */} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs") = 0
[ 86.135278][ T5146] xfs filesystem being mounted at /root/syzkaller.5R8rAp/7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 86.163654][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5155
./strace-static-x86_64: Process 5155 attached
[pid 5155] chdir("./8") = 0
[pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5155] setpgid(0, 0) = 0
[pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5155] write(3, "1000", 4) = 4
[pid 5155] close(3) = 0
[pid 5155] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5155] memfd_create("syzkaller", 0) = 3
[pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5155] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5155] munmap(0x7f3b20420000, 33554432) = 0
[pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5155] close(3) = 0
[pid 5155] mkdir("./file0", 0777) = 0
[ 86.575318][ T5155] loop0: detected capacity change from 0 to 65536
[ 86.588214][ T5155] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 86.621865][ T5155] XFS (loop0): Starting recovery (logdev: internal)
[ 86.633237][ T5155] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 86.642913][ T5155] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5155, name: syz-executor364
[ 86.653285][ T5155] preempt_count: 0, expected: 0
[ 86.658950][ T5155] RCU nest depth: 1, expected: 0
[ 86.666445][ T5155] INFO: lockdep is turned off.
[ 86.671470][ T5155] CPU: 0 PID: 5155 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 86.682880][ T5155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 86.693065][ T5155] Call Trace:
[ 86.696371][ T5155]
[ 86.699336][ T5155] dump_stack_lvl+0x136/0x150
[ 86.704062][ T5155] __might_resched+0x358/0x580
[ 86.708893][ T5155] ? __x64_sys_mount+0x283/0x300
[ 86.713903][ T5155] ? do_syscall_64+0x39/0xb0
[ 86.718548][ T5155] __mutex_lock+0x9f/0x1350
[ 86.723104][ T5155] ? __alloc_pages_bulk+0x7de/0x1350
[ 86.728450][ T5155] ? vm_map_ram+0x13d/0xcf0
[ 86.732999][ T5155] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 86.738599][ T5155] ? rcu_is_watching+0x12/0xb0
[ 86.743413][ T5155] ? trace_lock_acquire+0x12d/0x180
[ 86.748853][ T5155] ? fs_reclaim_acquire+0xb6/0x160
[ 86.754027][ T5155] ? vm_map_ram+0x7a/0xcf0
[ 86.758523][ T5155] ? lock_acquire+0x32/0xc0
[ 86.763073][ T5155] ? vm_map_ram+0x7a/0xcf0
[ 86.767525][ T5155] vm_map_ram+0x13d/0xcf0
[ 86.771867][ T5155] ? lock_downgrade+0x690/0x690
[ 86.776733][ T5155] ? trace_lock_acquire+0x12d/0x180
[ 86.781943][ T5155] _xfs_buf_map_pages+0x158/0x3a0
[ 86.786984][ T5155] xfs_buf_get_map+0x1cb8/0x2fd0
[ 86.791958][ T5155] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 86.797092][ T5155] ? rcu_is_watching+0x86/0xb0
[ 86.801881][ T5155] ? queue_work_on+0xb7/0x110
[ 86.806663][ T5155] xfs_buf_read_map+0xce/0xb10
[ 86.811458][ T5155] ? xfs_buf_readahead_map+0x4/0xc0
[ 86.816949][ T5155] ? xfs_buf_read_map+0xe4/0xb10
[ 86.821911][ T5155] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 86.827050][ T5155] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 86.832185][ T5155] xfs_buf_readahead_map+0x8c/0xc0
[ 86.837329][ T5155] ? xfs_buf_readahead_map+0x4/0xc0
[ 86.842557][ T5155] ? xfs_buf_read_map+0xb10/0xb10
[ 86.847779][ T5155] ? xfs_buf_readahead_map+0x8c/0xc0
[ 86.853222][ T5155] ? xfs_buf_read_map+0xb10/0xb10
[ 86.858370][ T5155] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 86.864676][ T5155] xlog_buf_readahead+0x121/0x140
[ 86.869753][ T5155] ? xlog_recover_iget+0x1a0/0x1a0
[ 86.874901][ T5155] ? xlog_buf_readahead+0x97/0x140
[ 86.880056][ T5155] ? xlog_recover_iget+0x1a0/0x1a0
[ 86.885216][ T5155] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 86.891058][ T5155] xlog_recover_commit_trans+0x266/0x960
[ 86.896739][ T5155] ? xfs_recover_inode_owner_change+0x210/0x210
[ 86.903011][ T5155] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 86.909112][ T5155] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 86.914960][ T5155] xlog_recovery_process_trans+0x19d/0x1c0
[ 86.920804][ T5155] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 86.926581][ T5155] xlog_recover_process_data+0x1f3/0x3d0
[ 86.932248][ T5155] xlog_recover_process+0x257/0x2e0
[ 86.937497][ T5155] xlog_do_recovery_pass+0x90c/0xd80
[ 86.942816][ T5155] ? kstrtoul_from_user+0x40/0x40
[ 86.947872][ T5155] ? xlog_recover_process+0x2e0/0x2e0
[ 86.953263][ T5155] ? fs_reclaim_acquire+0xb6/0x160
[ 86.958398][ T5155] ? lock_acquire+0x32/0xc0
[ 86.962962][ T5155] ? __kasan_kmalloc+0x86/0xb0
[ 86.967758][ T5155] xlog_do_log_recovery+0x85/0xb0
[ 86.972824][ T5155] xlog_do_recover+0xdf/0x580
[ 86.977532][ T5155] xlog_recover+0x2a8/0x500
[ 86.982144][ T5155] ? xlog_buf_readahead+0x140/0x140
[ 86.987372][ T5155] xfs_log_mount+0x36e/0x700
[ 86.992002][ T5155] xfs_mountfs+0x11e1/0x1f60
[ 86.996621][ T5155] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 87.002381][ T5155] ? init_timer_key+0xe4/0x120
[ 87.007199][ T5155] ? xfs_mru_cache_create+0x48a/0x590
[ 87.012606][ T5155] xfs_fs_fill_super+0x1412/0x1f30
[ 87.017940][ T5155] get_tree_bdev+0x444/0x760
[ 87.022567][ T5155] ? xfs_finish_flags+0x390/0x390
[ 87.027631][ T5155] vfs_get_tree+0x8d/0x350
[ 87.032128][ T5155] path_mount+0x134b/0x1e40
[ 87.036700][ T5155] ? kmem_cache_free+0xe9/0x480
[ 87.041580][ T5155] ? finish_automount+0x9b0/0x9b0
[ 87.046660][ T5155] ? putname+0x102/0x140
[ 87.050940][ T5155] __x64_sys_mount+0x283/0x300
[ 87.056092][ T5155] ? copy_mnt_ns+0xb30/0xb30
[ 87.060731][ T5155] ? _raw_spin_unlock_irq+0x2e/0x50
[ 87.065941][ T5155] ? ptrace_notify+0xfe/0x140
[ 87.070635][ T5155] do_syscall_64+0x39/0xb0
[ 87.075065][ T5155] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 87.080983][ T5155] RIP: 0033:0x7f3b2886ed8a
[ 87.085405][ T5155] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 87.105040][ T5155] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 87.113636][ T5155] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 87.121618][ T5155] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 87.129599][ T5155] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 87.137667][ T5155] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 87.148256][ T5155] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 87.156328][ T5155]
[ 87.163371][ T5155] XFS (loop0): Ending recovery (logdev: internal)
[pid 5155] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5155] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5155] chdir("./file0") = 0
[pid 5155] ioctl(4, LOOP_CLR_FD) = 0
[pid 5155] close(4) = 0
[pid 5155] exit_group(0) = ?
[pid 5155] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=7 /* 0.07 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs") = 0
[ 87.170093][ T5155] xfs filesystem being mounted at /root/syzkaller.5R8rAp/8/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 87.193161][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555638e5d0) = 5164
./strace-static-x86_64: Process 5164 attached
[pid 5164] chdir("./9") = 0
[pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5164] setpgid(0, 0) = 0
[pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5164] write(3, "1000", 4) = 4
[pid 5164] close(3) = 0
[pid 5164] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5164] memfd_create("syzkaller", 0) = 3
[pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5164] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5164] munmap(0x7f3b20420000, 33554432) = 0
[pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5164] close(3) = 0
[pid 5164] mkdir("./file0", 0777) = 0
[ 87.599532][ T5164] loop0: detected capacity change from 0 to 65536
[ 87.612337][ T5164] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 87.646790][ T5164] XFS (loop0): Starting recovery (logdev: internal)
[ 87.656096][ T5164] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 87.665582][ T5164] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5164, name: syz-executor364
[ 87.675195][ T5164] preempt_count: 0, expected: 0
[ 87.680094][ T5164] RCU nest depth: 1, expected: 0
[ 87.685060][ T5164] INFO: lockdep is turned off.
[ 87.689888][ T5164] CPU: 0 PID: 5164 Comm: syz-executor364 Tainted: G W 6.3.0-rc3-next-20230320-syzkaller #0
[ 87.701309][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 87.711402][ T5164] Call Trace:
[ 87.714688][ T5164]
[ 87.717732][ T5164] dump_stack_lvl+0x136/0x150
[ 87.722447][ T5164] __might_resched+0x358/0x580
[ 87.727273][ T5164] ? __x64_sys_mount+0x283/0x300
[ 87.732235][ T5164] ? do_syscall_64+0x39/0xb0
[ 87.736846][ T5164] __mutex_lock+0x9f/0x1350
[ 87.741377][ T5164] ? __alloc_pages_bulk+0x7de/0x1350
[ 87.746690][ T5164] ? vm_map_ram+0x13d/0xcf0
[ 87.751265][ T5164] ? mutex_lock_io_nested+0x11a0/0x11a0
[ 87.757713][ T5164] ? rcu_is_watching+0x12/0xb0
[ 87.762508][ T5164] ? trace_lock_acquire+0x12d/0x180
[ 87.767743][ T5164] ? fs_reclaim_acquire+0xb6/0x160
[ 87.772877][ T5164] ? vm_map_ram+0x7a/0xcf0
[ 87.777314][ T5164] ? lock_acquire+0x32/0xc0
[ 87.781852][ T5164] ? vm_map_ram+0x7a/0xcf0
[ 87.786309][ T5164] vm_map_ram+0x13d/0xcf0
[ 87.790678][ T5164] ? lock_downgrade+0x690/0x690
[ 87.795557][ T5164] ? trace_lock_acquire+0x12d/0x180
[ 87.800779][ T5164] _xfs_buf_map_pages+0x158/0x3a0
[ 87.805834][ T5164] xfs_buf_get_map+0x1cb8/0x2fd0
[ 87.810894][ T5164] ? xfs_buf_find_lock+0x4f0/0x4f0
[ 87.816034][ T5164] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 87.822057][ T5164] xfs_buf_read_map+0xce/0xb10
[ 87.826950][ T5164] ? xfs_buf_readahead_map+0x4/0xc0
[ 87.832184][ T5164] ? xfs_buf_read_map+0xe4/0xb10
[ 87.837165][ T5164] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 87.842750][ T5164] ? xfs_buf_get_map+0x2fd0/0x2fd0
[ 87.847897][ T5164] xfs_buf_readahead_map+0x8c/0xc0
[ 87.853065][ T5164] ? xfs_buf_readahead_map+0x4/0xc0
[ 87.858302][ T5164] ? xfs_buf_read_map+0xb10/0xb10
[ 87.863401][ T5164] ? xfs_buf_readahead_map+0x8c/0xc0
[ 87.868825][ T5164] ? xfs_buf_read_map+0xb10/0xb10
[ 87.873883][ T5164] ? xlog_is_buffer_cancelled+0x12b/0x170
[ 87.879735][ T5164] xlog_buf_readahead+0x121/0x140
[ 87.884880][ T5164] ? xlog_recover_iget+0x1a0/0x1a0
[ 87.890026][ T5164] ? xlog_buf_readahead+0x97/0x140
[ 87.895380][ T5164] ? xlog_recover_iget+0x1a0/0x1a0
[ 87.900627][ T5164] xlog_recover_inode_ra_pass2+0x1cb/0x230
[ 87.906466][ T5164] xlog_recover_commit_trans+0x266/0x960
[ 87.912128][ T5164] ? xfs_recover_inode_owner_change+0x210/0x210
[ 87.918401][ T5164] ? xlog_recover_reorder_trans+0x14f0/0x14f0
[ 87.924504][ T5164] ? xlog_recover_add_to_trans+0x368/0x8a0
[ 87.930351][ T5164] xlog_recovery_process_trans+0x19d/0x1c0
[ 87.936193][ T5164] xlog_recover_process_ophdr+0x1e5/0x3f0
[ 87.942033][ T5164] xlog_recover_process_data+0x1f3/0x3d0
[ 87.947702][ T5164] xlog_recover_process+0x257/0x2e0
[ 87.952934][ T5164] xlog_do_recovery_pass+0x90c/0xd80
[ 87.958274][ T5164] ? kstrtoul_from_user+0x40/0x40
[ 87.963356][ T5164] ? xlog_recover_process+0x2e0/0x2e0
[ 87.968763][ T5164] ? fs_reclaim_acquire+0xb6/0x160
[ 87.973901][ T5164] ? lock_acquire+0x32/0xc0
[ 87.978524][ T5164] ? kasan_set_track+0x25/0x30
[ 87.983402][ T5164] ? __kasan_kmalloc+0xa2/0xb0
[ 87.988194][ T5164] xlog_do_log_recovery+0x85/0xb0
[ 87.993254][ T5164] xlog_do_recover+0xdf/0x580
[ 87.997965][ T5164] xlog_recover+0x2a8/0x500
[ 88.002598][ T5164] ? xlog_buf_readahead+0x140/0x140
[ 88.007922][ T5164] xfs_log_mount+0x36e/0x700
[ 88.012544][ T5164] xfs_mountfs+0x11e1/0x1f60
[ 88.017174][ T5164] ? xfs_mount_reset_sbqflags+0x140/0x140
[ 88.022939][ T5164] ? init_timer_key+0xe4/0x120
[ 88.027917][ T5164] ? xfs_mru_cache_create+0x48a/0x590
[ 88.033339][ T5164] xfs_fs_fill_super+0x1412/0x1f30
[ 88.038480][ T5164] get_tree_bdev+0x444/0x760
[ 88.043109][ T5164] ? xfs_finish_flags+0x390/0x390
[ 88.048162][ T5164] vfs_get_tree+0x8d/0x350
[ 88.052625][ T5164] path_mount+0x134b/0x1e40
[ 88.057167][ T5164] ? kmem_cache_free+0xe9/0x480
[ 88.062038][ T5164] ? finish_automount+0x9b0/0x9b0
[ 88.067102][ T5164] ? putname+0x102/0x140
[ 88.071395][ T5164] __x64_sys_mount+0x283/0x300
[ 88.076196][ T5164] ? copy_mnt_ns+0xb30/0xb30
[ 88.080820][ T5164] ? _raw_spin_unlock_irq+0x2e/0x50
[ 88.086048][ T5164] ? ptrace_notify+0xfe/0x140
[ 88.090750][ T5164] do_syscall_64+0x39/0xb0
[ 88.095217][ T5164] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 88.101321][ T5164] RIP: 0033:0x7f3b2886ed8a
[ 88.105752][ T5164] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 88.125638][ T5164] RSP: 002b:00007ffd50e43ef8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 88.134084][ T5164] RAX: ffffffffffffffda RBX: 00646975756f6e2c RCX: 00007f3b2886ed8a
[ 88.142074][ T5164] RDX: 000000002000bb00 RSI: 000000002000bb40 RDI: 00007ffd50e43f10
[ 88.150060][ T5164] RBP: 00007ffd50e43f10 R08: 00007ffd50e43f50 R09: 000000000000bb6a
[ 88.158052][ T5164] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004
[ 88.166038][ T5164] R13: 000055555638e2c0 R14: 0000000000000000 R15: 00007ffd50e43f50
[ 88.174036][ T5164]
[ 88.180628][ T5164] XFS (loop0): Ending recovery (logdev: internal)
[pid 5164] mount("/dev/loop0", "./file0", "xfs", 0, "noalign,nouuid,inode32,,nouuid") = 0
[pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5164] chdir("./file0") = 0
[pid 5164] ioctl(4, LOOP_CLR_FD) = 0
[pid 5164] close(4) = 0
[pid 5164] exit_group(0) = ?
[pid 5164] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=29 /* 0.29 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555638f620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs") = 0
[ 88.187720][ T5164] xfs filesystem being mounted at /root/syzkaller.5R8rAp/9/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 88.223632][ T5081] XFS (loop0): Unmounting Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556397660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556397660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x55555638f620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5173 attached
, child_tidptr=0x55555638e5d0) = 5173
[pid 5173] chdir("./10") = 0
[pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5173] setpgid(0, 0) = 0
[pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5173] write(3, "1000", 4) = 4
[pid 5173] close(3) = 0
[pid 5173] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5173] memfd_create("syzkaller", 0) = 3
[pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3b20420000
[pid 5173] write(3, "\x58\x46\x53\x42\x00\x00\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x5e\x62\x73\xb8\x21\x67\x42\xbb\x91\x1b\x41\x8a\xa1\x4a\x12\x61\x00\x00\x00\x00\x00\x00\x80\x40\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x00\x00\x00\x00\x22\x00\x00\x00\x08\x00\x00\x80\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x0b\x40"..., 33554432) = 33554432
[pid 5173] munmap(0x7f3b20420000, 33554432) = 0
[pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5173] close(3) = 0
[pid 5173] mkdir("./file0", 0777) = 0
[ 88.670030][ T5173] loop0: detected capacity change from 0 to 65536
[ 88.681810][ T5173] XFS (loop0): Mounting V4 Filesystem 5e6273b8-2167-42bb-911b-418aa14a1261
[ 88.714870][ T5173] XFS (loop0): Starting recovery (logdev: internal)
[ 88.724204][ T5173] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
[ 88.733616][ T5173] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5173, name: syz-executor364
[ 88.743135][ T5173] preempt_count: 0, expected: 0
[ 88.748042][ T5173] RCU nest depth: 1, expected: 0
[ 88.753962][ T5173] INFO: lockdep is turned off.