./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor398576026
<...>
DUID 00:04:a3:03:08:15:93:78:e3:1f:4c:1c:fb:56:e6:f5:4b:05
forked to background, child pid 4670
[ 31.666631][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[ 31.676755][ T4671] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.233' (ECDSA) to the list of known hosts.
execve("./syz-executor398576026", ["./syz-executor398576026"], 0x7ffe28db1a80 /* 10 vars */) = 0
brk(NULL) = 0x5555563d3000
brk(0x5555563d3c40) = 0x5555563d3c40
arch_prctl(ARCH_SET_FS, 0x5555563d3300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor398576026", 4096) = 27
brk(0x5555563f4c40) = 0x5555563f4c40
brk(0x5555563f5000) = 0x5555563f5000
mprotect(0x7fe659376000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 5001
mkdir("./syzkaller.ZBN4Uk", 0700) = 0
chmod("./syzkaller.ZBN4Uk", 0777) = 0
chdir("./syzkaller.ZBN4Uk") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d35d0) = 5002
./strace-static-x86_64: Process 5002 attached
[pid 5002] chdir("./0") = 0
[pid 5002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5002] setpgid(0, 0) = 0
[pid 5002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5002] write(3, "1000", 4) = 4
[pid 5002] close(3) = 0
[pid 5002] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5002] memfd_create("syzkaller", 0) = 3
[pid 5002] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe650ebb000
[pid 5002] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 21030) = 21030
[pid 5002] munmap(0x7fe650ebb000, 21030) = 0
[pid 5002] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5002] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5002] close(3) = 0
[pid 5002] mkdir("./file0", 0777) = 0
syzkaller login: [ 56.419768][ T5002] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5002 'syz-executor398'
[ 56.435287][ T5002] loop0: detected capacity change from 0 to 41
[ 56.450795][ T5002] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[ 56.460847][ T5002] NILFS (loop0): mounting unchecked fs
[pid 5002] mount("/dev/loop0", "./file0", "nilfs2", MS_NOEXEC|MS_SYNCHRONOUS|MS_RELATIME, "") = 0
[pid 5002] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5002] chdir("./file0") = 0
[pid 5002] ioctl(4, LOOP_CLR_FD) = 0
[pid 5002] close(4) = 0
[pid 5002] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = -1 ENOMEM (Cannot allocate memory)
[pid 5002] exit_group(0) = ?
[pid 5002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5002, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x5555563d4620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 56.472151][ T5002] NILFS (loop0): recovery complete
[ 56.479416][ T5004] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 76.563963][ T9] cfg80211: failed to load regulatory.db
[ 286.492331][ T28] INFO: task syz-executor398:5001 blocked for more than 143 seconds.
[ 286.500556][ T28] Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 286.508166][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 286.517213][ T28] task:syz-executor398 state:D stack:24808 pid:5001 ppid:4998 flags:0x00004002
[ 286.526723][ T28] Call Trace:
[ 286.530034][ T28]
[ 286.533358][ T28] __schedule+0x1d15/0x5790
[ 286.538023][ T28] ? print_usage_bug.part.0+0x660/0x660
[ 286.543991][ T28] ? find_held_lock+0x2d/0x110
[ 286.548807][ T28] ? io_schedule_timeout+0x150/0x150
[ 286.554545][ T28] ? mark_held_locks+0x9f/0xe0
[ 286.559358][ T28] ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 286.565543][ T28] ? lockdep_hardirqs_on+0x7d/0x100
[ 286.570779][ T28] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 286.577694][ T28] schedule+0xde/0x1a0
[ 286.581814][ T28] wb_wait_for_completion+0x182/0x240
[ 286.587602][ T28] ? wb_writeback+0xa40/0xa40
[ 286.592607][ T28] ? prepare_to_swait_exclusive+0x240/0x240
[ 286.598546][ T28] ? down_write_killable_nested+0x250/0x250
[ 286.604840][ T28] ? nilfs_sync_fs+0x34a/0x580
[ 286.609687][ T28] ? I_BDEV+0xd/0x20
[ 286.614063][ T28] sync_inodes_sb+0x1aa/0xa60
[ 286.618780][ T28] ? try_to_writeback_inodes_sb+0xc0/0xc0
[ 286.624891][ T28] ? get_nr_dirty_inodes+0x60/0x1d0
[ 286.630146][ T28] sync_filesystem.part.0+0xe6/0x1d0
[ 286.635913][ T28] sync_filesystem+0x8f/0xc0
[ 286.640545][ T28] generic_shutdown_super+0x74/0x480
[ 286.646217][ T28] kill_block_super+0xa1/0x100
[ 286.651054][ T28] deactivate_locked_super+0x98/0x160
[ 286.656943][ T28] deactivate_super+0xb1/0xd0
[ 286.661667][ T28] cleanup_mnt+0x2ae/0x3d0
[ 286.666478][ T28] task_work_run+0x16f/0x270
[ 286.671134][ T28] ? task_work_cancel+0x30/0x30
[ 286.676435][ T28] ? __x64_sys_umount+0x118/0x190
[ 286.681595][ T28] ptrace_notify+0x118/0x140
[ 286.686571][ T28] syscall_exit_to_user_mode_prepare+0x129/0x220
[ 286.693305][ T28] syscall_exit_to_user_mode+0xd/0x50
[ 286.698723][ T28] do_syscall_64+0x46/0xb0
[ 286.703582][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 286.709586][ T28] RIP: 0033:0x7fe659309c97
[ 286.714415][ T28] RSP: 002b:00007ffeab64cbb8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 286.723154][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe659309c97
[ 286.731152][ T28] RDX: 00007ffeab64cc79 RSI: 000000000000000a RDI: 00007ffeab64cc70
[ 286.739554][ T28] RBP: 00007ffeab64cc70 R08: 00000000ffffffff R09: 00007ffeab64ca50
[ 286.747807][ T28] R10: 00005555563d4653 R11: 0000000000000206 R12: 00007ffeab64dcd0
[ 286.756080][ T28] R13: 00005555563d45f0 R14: 00007ffeab64cbe0 R15: 0000000000000001
[ 286.764339][ T28]
[ 286.767431][ T28]
[ 286.767431][ T28] Showing all locks held in the system:
[ 286.775627][ T28] 1 lock held by rcu_tasks_kthre/13:
[ 286.780937][ T28] #0: ffffffff8c798530 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80
[ 286.791833][ T28] 1 lock held by rcu_tasks_trace/14:
[ 286.797422][ T28] #0: ffffffff8c798230 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x31/0xd80
[ 286.808739][ T28] 1 lock held by khungtaskd/28:
[ 286.813882][ T28] #0: ffffffff8c799140 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x390
[ 286.824060][ T28] 2 locks held by kworker/u4:3/51:
[ 286.829223][ T28] 2 locks held by getty/4756:
[ 286.834276][ T28] #0: ffff88802c662098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x26/0x80
[ 286.844395][ T28] #1: ffffc900015902f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xef4/0x13e0
[ 286.854858][ T28] 2 locks held by syz-executor398/5001:
[ 286.860423][ T28] #0: ffff88807a3000e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xa9/0xd0
[ 286.871076][ T28] #1: ffff88801eadc7d0 (&bdi->wb_switch_rwsem){+.+.}-{3:3}, at: sync_inodes_sb+0x190/0xa60
[ 286.881586][ T28] 1 lock held by segctord/5004:
[ 286.886693][ T28]
[ 286.889037][ T28] =============================================
[ 286.889037][ T28]
[ 286.897920][ T28] NMI backtrace for cpu 0
[ 286.902263][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 286.911564][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 286.921633][ T28] Call Trace:
[ 286.924922][ T28]
[ 286.927897][ T28] dump_stack_lvl+0xd9/0x150
[ 286.932619][ T28] nmi_cpu_backtrace+0x29c/0x350
[ 286.937602][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 286.942827][ T28] nmi_trigger_cpumask_backtrace+0x2a4/0x300
[ 286.948844][ T28] watchdog+0xe16/0x1090
[ 286.953151][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80
[ 286.959167][ T28] kthread+0x344/0x440
[ 286.963265][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.968933][ T28] ret_from_fork+0x1f/0x30
[ 286.973419][ T28]
[ 286.976582][ T28] Sending NMI from CPU 0 to CPUs 1:
[ 286.981811][ C1] NMI backtrace for cpu 1
[ 286.981821][ C1] CPU: 1 PID: 5004 Comm: segctord Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 286.981840][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 286.981849][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp4+0x8/0x20
[ 286.981884][ C1] Code: 00 00 f3 0f 1e fa 48 8b 0c 24 0f b7 d6 0f b7 f7 bf 03 00 00 00 e9 b8 fe ff ff 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 8b 0c 24 <89> f2 89 fe bf 05 00 00 00 e9 9a fe ff ff 66 2e 0f 1f 84 00 00 00
[ 286.981901][ C1] RSP: 0018:ffffc900038ff4a8 EFLAGS: 00000246
[ 286.981915][ C1] RAX: 0000000000000007 RBX: ffffea0001e9f274 RCX: ffffffff832d7cb1
[ 286.981927][ C1] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000000
[ 286.981938][ C1] RBP: ffff8880739cf2b8 R08: 0000000000000000 R09: fffff940003d3e4e
[ 286.981949][ C1] R10: ffffea0001e9f277 R11: 0000000000094001 R12: ffffea0001e9f240
[ 286.981961][ C1] R13: 0000000000000003 R14: 0000000000000002 R15: 00000000ffffffef
[ 286.981972][ C1] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 286.981990][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.982002][ C1] CR2: 0000558e5e8f9600 CR3: 000000000c571000 CR4: 00000000003506e0
[ 286.982014][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 286.982024][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 286.982035][ C1] Call Trace:
[ 286.982039][ C1]
[ 286.982044][ C1] nilfs_mdt_submit_block+0x4d1/0x9d0
[ 286.982075][ C1] ? __lock_acquire+0x1987/0x5f30
[ 286.982102][ C1] ? nilfs_mdt_write_page+0x280/0x280
[ 286.982136][ C1] nilfs_mdt_read_block+0x92/0x3c0
[ 286.982163][ C1] ? nilfs_mdt_submit_block+0x9d0/0x9d0
[ 286.982193][ C1] ? print_usage_bug.part.0+0x660/0x660
[ 286.982229][ C1] nilfs_mdt_get_block+0xe5/0xcf0
[ 286.982261][ C1] ? nilfs_mdt_read_block+0x3c0/0x3c0
[ 286.982288][ C1] ? do_raw_spin_lock+0x124/0x2b0
[ 286.982314][ C1] ? spin_bug+0x1c0/0x1c0
[ 286.982341][ C1] ? lock_acquire+0x32/0xc0
[ 286.982366][ C1] ? nilfs_palloc_get_block+0x3a/0x2b0
[ 286.982386][ C1] nilfs_palloc_get_block+0xc4/0x2b0
[ 286.982406][ C1] nilfs_palloc_get_entry_block+0x16b/0x1d0
[ 286.982428][ C1] nilfs_dat_mark_dirty+0x7c/0x140
[ 286.982449][ C1] ? nilfs_dat_abort_update+0x70/0x70
[ 286.982472][ C1] ? folio_flags.constprop.0+0x53/0x150
[ 286.982490][ C1] ? nilfs_bmap_data_get_key+0x2ba/0x4c0
[ 286.982509][ C1] nilfs_direct_propagate+0x14e/0x320
[ 286.982531][ C1] ? nilfs_direct_lookup_contig+0x310/0x310
[ 286.982552][ C1] ? lock_acquire+0x32/0xc0
[ 286.982575][ C1] ? nilfs_bmap_propagate+0x25/0x170
[ 286.982595][ C1] ? down_write+0x14f/0x200
[ 286.982617][ C1] ? down_write_killable_nested+0x250/0x250
[ 286.982640][ C1] ? folio_mark_accessed+0x1f4/0xb50
[ 286.982696][ C1] nilfs_bmap_propagate+0x77/0x170
[ 286.982715][ C1] nilfs_collect_file_data+0x49/0xd0
[ 286.982744][ C1] nilfs_segctor_apply_buffers+0x14a/0x470
[ 286.982772][ C1] ? nilfs_collect_file_bmap+0x90/0x90
[ 286.982801][ C1] nilfs_segctor_scan_file+0x3f4/0x6f0
[ 286.982830][ C1] ? nilfs_collect_file_data+0xd0/0xd0
[ 286.982859][ C1] ? nilfs_segbuf_reset+0x16e/0x1d0
[ 286.982885][ C1] nilfs_segctor_do_construct+0x267f/0x7200
[ 286.982924][ C1] ? nilfs_segctor_abort_construction+0xe20/0xe20
[ 286.982953][ C1] ? do_raw_spin_lock+0x124/0x2b0
[ 286.982981][ C1] ? spin_bug+0x1c0/0x1c0
[ 286.983009][ C1] ? lock_acquire+0x32/0xc0
[ 286.983033][ C1] ? nilfs_segctor_confirm+0xd4/0x190
[ 286.983060][ C1] ? do_raw_spin_unlock+0x175/0x230
[ 286.983089][ C1] ? _raw_spin_unlock+0x28/0x40
[ 286.983115][ C1] nilfs_segctor_construct+0x8e3/0xb30
[ 286.983142][ C1] ? rcu_is_watching+0x12/0xb0
[ 286.983160][ C1] ? trace_nilfs2_transaction_transition+0x17d/0x1c0
[ 286.983190][ C1] nilfs_segctor_thread+0x3c7/0xf30
[ 286.983226][ C1] ? nilfs_segctor_construct+0xb30/0xb30
[ 286.983258][ C1] ? prepare_to_swait_exclusive+0x240/0x240
[ 286.983286][ C1] ? __kthread_parkme+0x163/0x220
[ 286.983308][ C1] ? nilfs_segctor_construct+0xb30/0xb30
[ 286.983338][ C1] kthread+0x344/0x440
[ 286.983359][ C1] ? kthread_complete_and_exit+0x40/0x40
[ 286.983384][ C1] ret_from_fork+0x1f/0x30
[ 286.983415][ C1]
[ 286.983422][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.611 msecs
[ 286.990841][ T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 286.990855][ T28] CPU: 0 PID: 28 Comm: khungtaskd Not tainted 6.4.0-rc2-next-20230515-syzkaller #0
[ 286.990879][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 286.990891][ T28] Call Trace:
[ 286.990896][ T28]
[ 286.990904][ T28] dump_stack_lvl+0xd9/0x150
[ 286.990946][ T28] panic+0x686/0x730
[ 286.990980][ T28] ? panic_smp_self_stop+0xa0/0xa0
[ 286.991017][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 286.991043][ T28] ? preempt_schedule_thunk+0x1a/0x20
[ 286.991080][ T28] ? watchdog+0xbe8/0x1090
[ 286.991119][ T28] watchdog+0xbf9/0x1090
[ 286.991154][ T28] ? proc_dohung_task_timeout_secs+0x80/0x80
[ 286.991192][ T28] kthread+0x344/0x440
[ 286.991219][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.991253][ T28] ret_from_fork+0x1f/0x30
[ 286.991296][ T28]
[ 286.997283][ T28] Kernel Offset: disabled
[ 287.496572][ T28] Rebooting in 86400 seconds..