./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1422506775

<...>
Warning: Permanently added '10.128.0.249' (ED25519) to the list of known hosts.
execve("./syz-executor1422506775", ["./syz-executor1422506775"], 0x7fff1ba787b0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555ef5000
brk(0x555555ef5d00)                     = 0x555555ef5d00
arch_prctl(ARCH_SET_FS, 0x555555ef5380) = 0
set_tid_address(0x555555ef5650)         = 5013
set_robust_list(0x555555ef5660, 24)     = 0
rseq(0x555555ef5ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1422506775", 4096) = 28
getrandom("\xa3\xc8\xba\x3f\xf4\xbd\x15\x82", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555ef5d00
brk(0x555555f16d00)                     = 0x555555f16d00
brk(0x555555f17000)                     = 0x555555f17000
mprotect(0x7f91c4f09000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.tnNR8U", 0700)       = 0
chmod("./syzkaller.tnNR8U", 0777)       = 0
chdir("./syzkaller.tnNR8U")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555ef5650) = 5014
./strace-static-x86_64: Process 5014 attached
[pid  5014] set_robust_list(0x555555ef5660, 24) = 0
[pid  5014] chdir("./0")                = 0
[pid  5014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5014] setpgid(0, 0)               = 0
[pid  5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5014] write(3, "1000", 4)         = 4
[pid  5014] close(3)                    = 0
[pid  5014] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5014] memfd_create("syzkaller", 0) = 3
[pid  5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f91bca44000
[   67.764492][ T5014] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5014 'syz-executor142'
[pid  5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5014] munmap(0x7f91bca44000, 16777216) = 0
[pid  5014] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5014] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5014] close(3)                    = 0
[pid  5014] mkdir("./file0", 0777)      = 0
[   68.048469][ T5014] loop0: detected capacity change from 0 to 32768
[   68.064645][ T5014] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   68.073434][ T5014] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   68.088630][ T5014] gfs2: fsid=syz:syz.0: journal 0 mapped with 12 extents in 0ms
[   68.098660][ T2933] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   68.105790][ T2933] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  5014] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_STRICTATIME|MS_LAZYTIME, "") = 0
[pid  5014] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5014] chdir("./file0")            = 0
[pid  5014] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5014] close(4)                    = 0
[pid  5014] fspick(AT_FDCWD, ".", 0)    = 4
[   68.150577][ T2933] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 44ms
[   68.160668][ T2933] gfs2: fsid=syz:syz.0: jid=0: Done
[   68.166269][ T5014] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  5014] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid  5014] exit_group(0)               = ?
[pid  5014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=38 /* 0.38 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555555ef66f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
[   68.323478][ T5014] gfs2: fsid=syz:syz.0: found 1 quota changes
[   81.659199][    T9] cfg80211: failed to load regulatory.db
[  286.456768][   T28] INFO: task syz-executor142:5013 blocked for more than 143 seconds.
[  286.465008][   T28]       Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[  286.472739][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.481604][   T28] task:syz-executor142 state:D stack:24456 pid:5013  ppid:5010   flags:0x00004002
[  286.490922][   T28] Call Trace:
[  286.494224][   T28]  <TASK>
[  286.497217][   T28]  __schedule+0x1873/0x48f0
[  286.501904][   T28]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  286.507913][   T28]  ? release_firmware_map_entry+0x190/0x190
[  286.513845][   T28]  ? __asan_memset+0x23/0x40
[  286.518547][   T28]  ? _raw_spin_unlock+0x40/0x40
[  286.523527][   T28]  schedule+0xc3/0x180
[  286.527694][   T28]  schedule_timeout+0x1bd/0x310
[  286.532595][   T28]  ? console_conditional_schedule+0x40/0x40
[  286.538643][   T28]  ? update_process_times+0x1b0/0x1b0
[  286.544095][   T28]  ? prepare_to_wait_event+0x3b2/0x3f0
[  286.549643][   T28]  gfs2_gl_hash_clear+0x1a3/0x310
[  286.554789][   T28]  ? gfs2_jindex_free+0x46c/0x500
[  286.559902][   T28]  ? withdraw_dq+0x250/0x250
[  286.564536][   T28]  ? gfs2_jindex_free+0x499/0x500
[  286.569627][   T28]  ? wake_bit_function+0x220/0x220
[  286.574957][   T28]  ? gfs2_setbit+0x630/0x630
[  286.579635][   T28]  ? gfs2_clear_rgrpd+0x6a0/0x6c0
[  286.584785][   T28]  gfs2_put_super+0x833/0x8a0
[  286.589565][   T28]  ? gfs2_evict_inode+0x12c0/0x12c0
[  286.594813][   T28]  generic_shutdown_super+0x134/0x340
[  286.600296][   T28]  kill_block_super+0x68/0xa0
[  286.605277][   T28]  deactivate_locked_super+0xa4/0x110
[  286.610736][   T28]  cleanup_mnt+0x426/0x4c0
[  286.615182][   T28]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.620454][   T28]  task_work_run+0x24a/0x300
[  286.625112][   T28]  ? dput+0x3a1/0x420
[  286.629148][   T28]  ? task_work_cancel+0x2b0/0x2b0
[  286.634210][   T28]  ? __x64_sys_umount+0x126/0x170
[  286.639309][   T28]  ptrace_notify+0x2cd/0x380
[  286.643928][   T28]  ? do_notify_parent+0xf50/0xf50
[  286.649004][   T28]  ? user_path_at_empty+0x12f/0x180
[  286.654234][   T28]  ? __x64_sys_umount+0x126/0x170
[  286.659325][   T28]  ? path_umount+0xf40/0xf40
[  286.663939][   T28]  ? syscall_enter_from_user_mode+0x32/0x230
[  286.670071][   T28]  syscall_exit_to_user_mode+0x157/0x280
[  286.675732][   T28]  do_syscall_64+0x4d/0xc0
[  286.680218][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  286.686235][   T28] RIP: 0033:0x7f91c4e84347
[  286.690696][   T28] RSP: 002b:00007ffea5b020b8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  286.699176][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f91c4e84347
[  286.707211][   T28] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffea5b02170
[  286.715209][   T28] RBP: 00007ffea5b02170 R08: 0000000000000000 R09: 0000000000000000
[  286.723336][   T28] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffea5b031d0
[  286.731380][   T28] R13: 0000555555ef66c0 R14: 0000000000000001 R15: 431bde82d7b634db
[  286.739539][   T28]  </TASK>
[  286.742589][   T28] 
[  286.742589][   T28] Showing all locks held in the system:
[  286.750362][   T28] 1 lock held by rcu_tasks_kthre/13:
[  286.755668][   T28]  #0: ffffffff8d328af0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20
[  286.766291][   T28] 1 lock held by rcu_tasks_trace/14:
[  286.771628][   T28]  #0: ffffffff8d328eb0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x29/0xd20
[  286.782669][   T28] 1 lock held by khungtaskd/28:
[  286.787592][   T28]  #0: ffffffff8d328920 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30
[  286.797126][   T28] 2 locks held by getty/4766:
[  286.801818][   T28]  #0: ffff888028a55098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  286.811760][   T28]  #1: ffffc900015c02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b1/0x1dc0
[  286.821936][   T28] 1 lock held by syz-executor142/5013:
[  286.827436][   T28]  #0: ffff88801eb9c0e0 (&type->s_umount_key#43){+.+.}-{3:3}, at: deactivate_super+0xad/0xf0
[  286.837749][   T28] 
[  286.840132][   T28] =============================================
[  286.840132][   T28] 
[  286.848617][   T28] NMI backtrace for cpu 1
[  286.852968][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[  286.862770][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[  286.872864][   T28] Call Trace:
[  286.876142][   T28]  <TASK>
[  286.879092][   T28]  dump_stack_lvl+0x1e7/0x2d0
[  286.883787][   T28]  ? nf_tcp_handle_invalid+0x650/0x650
[  286.889284][   T28]  ? panic+0x770/0x770
[  286.893384][   T28]  ? __irq_work_queue_local+0x137/0x3e0
[  286.899019][   T28]  nmi_cpu_backtrace+0x498/0x4d0
[  286.903980][   T28]  ? vprintk_emit+0x10d/0x1f0
[  286.908688][   T28]  ? nmi_trigger_cpumask_backtrace+0x300/0x300
[  286.914871][   T28]  ? _printk+0xd5/0x120
[  286.919065][   T28]  ? __wake_up_klogd+0xcc/0x100
[  286.923926][   T28]  ? panic+0x770/0x770
[  286.928026][   T28]  ? __wake_up_klogd+0xcc/0x100
[  286.932888][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  286.938992][   T28]  nmi_trigger_cpumask_backtrace+0x187/0x300
[  286.944985][   T28]  watchdog+0xec2/0xf00
[  286.949161][   T28]  kthread+0x2b8/0x350
[  286.953244][   T28]  ? hungtask_pm_notify+0x90/0x90
[  286.958275][   T28]  ? kthread_blkcg+0xd0/0xd0
[  286.962875][   T28]  ret_from_fork+0x1f/0x30
[  286.967342][   T28]  </TASK>
[  286.970454][   T28] Sending NMI from CPU 1 to CPUs 0:
[  286.975699][    C0] NMI backtrace for cpu 0
[  286.975711][    C0] CPU: 0 PID: 57 Comm: kworker/u4:4 Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[  286.975730][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[  286.975742][    C0] Workqueue: events_unbound toggle_allocation_gate
[  286.975775][    C0] RIP: 0010:insn_decode+0x4/0x500
[  286.975799][    C0] Code: ad 2a f7 e9 3c ff ff ff 44 89 f1 80 e1 07 38 c1 7c 8a 4c 89 f7 e8 3c ae 2a f7 eb 80 66 2e 0f 1f 84 00 00 00 00 00 66 0f 1f 00 <55> 41 57 41 56 41 55 41 54 53 48 83 ec 18 89 cb 89 d5 49 89 f4 49
[  286.975814][    C0] RSP: 0018:ffffc90001587958 EFLAGS: 00000246
[  286.975828][    C0] RAX: ffffc900015879a0 RBX: ffffc900015879a0 RCX: 0000000000000002
[  286.975841][    C0] RDX: 000000000000000f RSI: ffffffff81e3d4a2 RDI: ffffc900015879a0
[  286.975853][    C0] RBP: ffffc90001587a90 R08: ffffc90001587a0f R09: 0000000000000000
[  286.975865][    C0] R10: ffffc900015879a0 R11: fffff520002b0f42 R12: ffffffff81e3d4a2
[  286.975878][    C0] R13: ffffffff8cd08264 R14: fffffffff5135450 R15: dffffc0000000000
[  286.975891][    C0] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[  286.975906][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.975919][    C0] CR2: 000055ef1939d680 CR3: 000000000d130000 CR4: 00000000003506f0
[  286.975934][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  286.975945][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  286.975955][    C0] Call Trace:
[  286.975961][    C0]  <NMI>
[  286.975967][    C0]  ? nmi_cpu_backtrace+0x3be/0x4d0
[  286.975986][    C0]  ? read_lock_is_recursive+0x20/0x20
[  286.976012][    C0]  ? nmi_trigger_cpumask_backtrace+0x300/0x300
[  286.976031][    C0]  ? unknown_nmi_error+0xc0/0xc0
[  286.976063][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x10
[  286.976088][    C0]  ? nmi_handle+0xf7/0x370
[  286.976113][    C0]  ? insn_decode+0x4/0x500
[  286.976132][    C0]  ? default_do_nmi+0x62/0x150
[  286.976150][    C0]  ? exc_nmi+0x11e/0x1f0
[  286.976168][    C0]  ? end_repeat_nmi+0x16/0x31
[  286.976194][    C0]  ? kmem_cache_alloc+0x62/0x300
[  286.976223][    C0]  ? kmem_cache_alloc+0x62/0x300
[  286.976247][    C0]  ? insn_decode+0x4/0x500
[  286.976266][    C0]  ? insn_decode+0x4/0x500
[  286.976287][    C0]  ? insn_decode+0x4/0x500
[  286.976312][    C0]  </NMI>
[  286.976317][    C0]  <TASK>
[  286.976322][    C0]  __jump_label_patch+0xe8/0x440
[  286.976348][    C0]  ? kmem_cache_alloc+0x62/0x300
[  286.976373][    C0]  ? arch_jump_label_transform_queue+0xd0/0xd0
[  286.976399][    C0]  ? __mutex_lock_common+0x42d/0x2530
[  286.976428][    C0]  ? mutex_lock_io_nested+0x60/0x60
[  286.976450][    C0]  arch_jump_label_transform_queue+0x4e/0xd0
[  286.976481][    C0]  __jump_label_update+0x177/0x3a0
[  286.976518][    C0]  static_key_disable_cpuslocked+0xce/0x1b0
[  286.976538][    C0]  static_key_disable+0x1a/0x20
[  286.976554][    C0]  toggle_allocation_gate+0x1b8/0x250
[  286.976581][    C0]  ? show_object+0xa0/0xa0
[  286.976606][    C0]  ? print_irqtrace_events+0x220/0x220
[  286.976626][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  286.976656][    C0]  process_one_work+0x92c/0x12c0
[  286.976690][    C0]  ? worker_detach_from_pool+0x290/0x290
[  286.976716][    C0]  ? _raw_spin_lock_irqsave+0x120/0x120
[  286.976740][    C0]  ? wq_worker_running+0xa1/0x200
[  286.976760][    C0]  worker_thread+0xa63/0x1210
[  286.976789][    C0]  ? _raw_spin_unlock+0x40/0x40
[  286.976817][    C0]  kthread+0x2b8/0x350
[  286.976835][    C0]  ? pr_cont_work+0x5e0/0x5e0
[  286.976856][    C0]  ? kthread_blkcg+0xd0/0xd0
[  286.976875][    C0]  ret_from_fork+0x1f/0x30
[  286.976907][    C0]  </TASK>
[  286.976914][    C0] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.215 msecs
[  286.977705][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  286.977718][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc1-syzkaller-00006-g3f01e9fed845 #0
[  286.977741][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023
[  286.977752][   T28] Call Trace:
[  286.977759][   T28]  <TASK>
[  286.977767][   T28]  dump_stack_lvl+0x1e7/0x2d0
[  286.977814][   T28]  ? nf_tcp_handle_invalid+0x650/0x650
[  286.977850][   T28]  ? panic+0x770/0x770
[  286.977883][   T28]  ? vscnprintf+0x5d/0x80
[  286.977915][   T28]  panic+0x30f/0x770
[  286.977943][   T28]  ? nmi_trigger_cpumask_backtrace+0x233/0x300
[  286.977969][   T28]  ? __memcpy_flushcache+0x2b0/0x2b0
[  286.977995][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  286.978032][   T28]  ? nmi_trigger_cpumask_backtrace+0x233/0x300
[  286.978055][   T28]  ? nmi_trigger_cpumask_backtrace+0x2b4/0x300
[  286.978082][   T28]  ? nmi_trigger_cpumask_backtrace+0x2b9/0x300
[  286.978110][   T28]  watchdog+0xf00/0xf00
[  286.978143][   T28]  kthread+0x2b8/0x350
[  286.978165][   T28]  ? hungtask_pm_notify+0x90/0x90
[  286.978184][   T28]  ? kthread_blkcg+0xd0/0xd0
[  286.978210][   T28]  ret_from_fork+0x1f/0x30
[  286.978253][   T28]  </TASK>
[  286.981587][   T28] Kernel Offset: disabled
[  287.455128][   T28] Rebooting in 86400 seconds..