./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor66301388
<...>
Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts.
execve("./syz-executor66301388", ["./syz-executor66301388"], 0x7ffd5830d2d0 /* 10 vars */) = 0
brk(NULL) = 0x555555699000
brk(0x555555699d00) = 0x555555699d00
arch_prctl(ARCH_SET_FS, 0x555555699380) = 0
set_tid_address(0x555555699650) = 5020
set_robust_list(0x555555699660, 24) = 0
rseq(0x555555699ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor66301388", 4096) = 26
getrandom("\xd5\x6a\x55\x85\x8d\x3a\xed\x87", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x555555699d00
brk(0x5555556bad00) = 0x5555556bad00
brk(0x5555556bb000) = 0x5555556bb000
mprotect(0x7fe6b9894000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.efstIj", 0700) = 0
chmod("./syzkaller.efstIj", 0777) = 0
chdir("./syzkaller.efstIj") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555699650) = 5021
./strace-static-x86_64: Process 5021 attached
[pid 5021] set_robust_list(0x555555699660, 24) = 0
[pid 5021] chdir("./0") = 0
[pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5021] setpgid(0, 0) = 0
[pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5021] write(3, "1000", 4) = 4
[pid 5021] close(3) = 0
[pid 5021] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5021] memfd_create("syzkaller", 0) = 3
[pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6b13cf000
[ 47.361960][ T5021] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5021 'syz-executor663'
[pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5021] munmap(0x7fe6b13cf000, 16777216) = 0
[pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5021] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5021] close(3) = 0
[pid 5021] mkdir("./file0", 0777) = 0
[ 47.548168][ T5021] loop0: detected capacity change from 0 to 32768
[ 47.563521][ T5021] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 47.572012][ T5021] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 47.585514][ T5021] gfs2: fsid=syz:syz.0: journal 0 mapped with 12 extents in 0ms
[ 47.595865][ T912] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 47.602871][ T912] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 47.628664][ T912] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[ 47.636600][ T912] gfs2: fsid=syz:syz.0: jid=0: Done
[pid 5021] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_STRICTATIME|MS_LAZYTIME, "") = 0
[pid 5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5021] chdir("./file0") = 0
[pid 5021] ioctl(4, LOOP_CLR_FD) = 0
[pid 5021] close(4) = 0
[pid 5021] fspick(AT_FDCWD, ".", 0) = 4
[ 47.642467][ T5021] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5021] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid 5021] exit_group(0) = ?
[pid 5021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555569a6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 47.745254][ T5021] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 70.742401][ T7] cfg80211: failed to load regulatory.db
[ 285.776807][ T28] INFO: task syz-executor663:5020 blocked for more than 143 seconds.
[ 285.784996][ T28] Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[ 285.792591][ T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 285.801335][ T28] task:syz-executor663 state:D stack:27216 pid:5020 ppid:5017 flags:0x00004002
[ 285.810649][ T28] Call Trace:
[ 285.813938][ T28]
[ 285.816932][ T28] __schedule+0xee1/0x59f0
[ 285.821449][ T28] ? io_schedule_timeout+0x150/0x150
[ 285.826788][ T28] ? timer_fixup_activate+0x2b0/0x2b0
[ 285.832268][ T28] ? mark_held_locks+0x9f/0xe0
[ 285.837336][ T28] schedule+0xe7/0x1b0
[ 285.841432][ T28] schedule_timeout+0x157/0x2c0
[ 285.846289][ T28] ? usleep_range_state+0x1a0/0x1a0
[ 285.851547][ T28] ? destroy_timer_on_stack+0x20/0x20
[ 285.857004][ T28] ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 285.862831][ T28] ? prepare_to_wait_event+0xcf/0x690
[ 285.868340][ T28] gfs2_gl_hash_clear+0x210/0x290
[ 285.873395][ T28] ? gfs2_gl_dq_holders+0x250/0x250
[ 285.878713][ T28] ? gfs2_jindex_free+0x3c7/0x540
[ 285.883795][ T28] ? prepare_to_swait_exclusive+0x240/0x240
[ 285.889744][ T28] ? gfs2_clear_rgrpd+0x52/0x330
[ 285.894721][ T28] gfs2_put_super+0x4f5/0x690
[ 285.899477][ T28] ? free_local_statfs_inodes+0x350/0x350
[ 285.905241][ T28] generic_shutdown_super+0x158/0x480
[ 285.910657][ T28] kill_block_super+0x64/0xb0
[ 285.915359][ T28] gfs2_kill_sb+0x361/0x410
[ 285.919955][ T28] deactivate_locked_super+0x9a/0x170
[ 285.925382][ T28] deactivate_super+0xde/0x100
[ 285.930233][ T28] cleanup_mnt+0x222/0x3d0
[ 285.934681][ T28] task_work_run+0x14d/0x240
[ 285.939428][ T28] ? task_work_cancel+0x30/0x30
[ 285.944338][ T28] ptrace_notify+0x10c/0x130
[ 285.948974][ T28] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 285.955381][ T28] syscall_exit_to_user_mode+0xd/0x60
[ 285.960859][ T28] do_syscall_64+0x44/0xb0
[ 285.965307][ T28] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 285.971260][ T28] RIP: 0033:0x7fe6b980f347
[ 285.975689][ T28] RSP: 002b:00007ffecec90cb8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 285.984249][ T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe6b980f347
[ 285.992265][ T28] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffecec90d70
[ 286.000299][ T28] RBP: 00007ffecec90d70 R08: 0000000000000000 R09: 0000000000000000
[ 286.008310][ T28] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffecec91dd0
[ 286.016273][ T28] R13: 000055555569a6c0 R14: 0000000000000001 R15: 431bde82d7b634db
[ 286.024402][ T28]
[ 286.027476][ T28]
[ 286.027476][ T28] Showing all locks held in the system:
[ 286.035210][ T28] 1 lock held by rcu_tasks_kthre/13:
[ 286.040595][ T28] #0: ffffffff8c9a67f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 286.051165][ T28] 1 lock held by rcu_tasks_trace/14:
[ 286.056472][ T28] #0: ffffffff8c9a64f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[ 286.067552][ T28] 1 lock held by khungtaskd/28:
[ 286.072442][ T28] #0: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[ 286.082429][ T28] 2 locks held by getty/4772:
[ 286.087182][ T28] #0: ffff88814b6b8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[ 286.097087][ T28] #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480
[ 286.107357][ T28] 1 lock held by syz-executor663/5020:
[ 286.112824][ T28] #0: ffff88807e7500e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xd6/0x100
[ 286.123151][ T28]
[ 286.125482][ T28] =============================================
[ 286.125482][ T28]
[ 286.133955][ T28] NMI backtrace for cpu 1
[ 286.138391][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[ 286.148218][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 286.158281][ T28] Call Trace:
[ 286.161547][ T28]
[ 286.164469][ T28] dump_stack_lvl+0xd9/0x1b0
[ 286.169072][ T28] nmi_cpu_backtrace+0x277/0x380
[ 286.173997][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 286.179194][ T28] nmi_trigger_cpumask_backtrace+0x2ac/0x310
[ 286.185175][ T28] watchdog+0xf29/0x11b0
[ 286.189426][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.195421][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.201414][ T28] kthread+0x33a/0x430
[ 286.205481][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.211113][ T28] ret_from_fork+0x2c/0x70
[ 286.215532][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.221162][ T28] ret_from_fork_asm+0x11/0x20
[ 286.225941][ T28]
[ 286.229069][ T28] Sending NMI from CPU 1 to CPUs 0:
[ 286.234304][ C0] NMI backtrace for cpu 0
[ 286.234312][ C0] CPU: 0 PID: 47 Comm: kworker/u4:3 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[ 286.234325][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 286.234333][ C0] Workqueue: events_unbound toggle_allocation_gate
[ 286.234349][ C0] RIP: 0010:inat_get_opcode_attribute+0x37/0x50
[ 286.234365][ C0] Code: b6 db 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 9d 40 42 b0 8b 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 <7c> 04 84 d2 75 09 8b 04 9d 40 42 b0 8b 5b c3 e8 25 ef b2 f7 eb f0
[ 286.234376][ C0] RSP: 0018:ffffc90000b87820 EFLAGS: 00000202
[ 286.234385][ C0] RAX: 0000000000000007 RBX: 000000000000000f RCX: 0000000000000000
[ 286.234391][ C0] RDX: 0000000000000000 RSI: ffffffff8a272bfc RDI: ffffffff8bb0427c
[ 286.234399][ C0] RBP: ffffc90000b87ac3 R08: 0000000000000001 R09: 0000000000000000
[ 286.234406][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000000f
[ 286.234412][ C0] R13: 000000000000000f R14: 0000000000000001 R15: dffffc0000000000
[ 286.234422][ C0] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 286.234434][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 286.234442][ C0] CR2: 0000555c332aa780 CR3: 000000000c776000 CR4: 0000000000350ef0
[ 286.234449][ C0] Call Trace:
[ 286.234453][ C0]
[ 286.234457][ C0] ? nmi_cpu_backtrace+0x1d4/0x380
[ 286.234469][ C0] ? inat_get_opcode_attribute+0x37/0x50
[ 286.234482][ C0] ? nmi_cpu_backtrace_handler+0xc/0x10
[ 286.234499][ C0] ? nmi_handle+0x145/0x400
[ 286.234514][ C0] ? irqentry_nmi_enter+0x7f/0x90
[ 286.234530][ C0] ? inat_get_opcode_attribute+0x37/0x50
[ 286.234543][ C0] ? default_do_nmi+0x69/0x160
[ 286.234557][ C0] ? exc_nmi+0x171/0x1e0
[ 286.234569][ C0] ? end_repeat_nmi+0x16/0x31
[ 286.234586][ C0] ? inat_get_opcode_attribute+0xc/0x50
[ 286.234598][ C0] ? inat_get_opcode_attribute+0x37/0x50
[ 286.234611][ C0] ? inat_get_opcode_attribute+0x37/0x50
[ 286.234624][ C0] ? inat_get_opcode_attribute+0x37/0x50
[ 286.234636][ C0]
[ 286.234639][ C0]
[ 286.234642][ C0] insn_get_prefixes+0x60c/0x1120
[ 286.234658][ C0] insn_get_opcode+0x462/0xa30
[ 286.234673][ C0] insn_get_modrm+0x30e/0x730
[ 286.234685][ C0] ? kmem_cache_alloc_bulk+0x197/0x7c0
[ 286.234701][ C0] insn_get_sib+0x1ad/0x320
[ 286.234713][ C0] insn_get_displacement+0x23a/0x680
[ 286.234727][ C0] insn_get_immediate+0x550/0x1c50
[ 286.234739][ C0] ? kmem_cache_alloc_bulk+0x197/0x7c0
[ 286.234755][ C0] insn_decode+0x2ae/0x340
[ 286.234767][ C0] text_poke_loc_init+0xc2/0x4d0
[ 286.234778][ C0] ? kmem_cache_alloc_bulk+0x197/0x7c0
[ 286.234793][ C0] ? text_poke_memset+0x60/0x60
[ 286.234808][ C0] ? kmem_cache_alloc_bulk+0x197/0x7c0
[ 286.234822][ C0] ? __jump_label_patch+0x173/0x340
[ 286.234840][ C0] arch_jump_label_transform_queue+0x97/0x100
[ 286.234858][ C0] __jump_label_update+0x125/0x420
[ 286.234875][ C0] jump_label_update+0x32e/0x410
[ 286.234891][ C0] static_key_disable_cpuslocked+0x154/0x1b0
[ 286.234907][ C0] static_key_disable+0x1a/0x20
[ 286.234921][ C0] toggle_allocation_gate+0x13f/0x250
[ 286.234934][ C0] ? wake_up_kfence_timer+0x30/0x30
[ 286.234946][ C0] ? spin_bug+0x1d0/0x1d0
[ 286.234970][ C0] process_one_work+0xaa2/0x16f0
[ 286.234987][ C0] ? lock_sync+0x190/0x190
[ 286.235002][ C0] ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 286.235017][ C0] ? spin_bug+0x1d0/0x1d0
[ 286.235035][ C0] worker_thread+0x687/0x1110
[ 286.235053][ C0] ? process_one_work+0x16f0/0x16f0
[ 286.235067][ C0] kthread+0x33a/0x430
[ 286.235079][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 286.235092][ C0] ret_from_fork+0x2c/0x70
[ 286.235105][ C0] ? kthread_complete_and_exit+0x40/0x40
[ 286.235118][ C0] ret_from_fork_asm+0x11/0x20
[ 286.235139][ C0]
[ 286.235302][ T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 286.615415][ T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[ 286.625221][ T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 286.635267][ T28] Call Trace:
[ 286.638539][ T28]
[ 286.641467][ T28] dump_stack_lvl+0xd9/0x1b0
[ 286.646058][ T28] panic+0x6a4/0x750
[ 286.649963][ T28] ? panic_smp_self_stop+0xa0/0xa0
[ 286.655089][ T28] ? irq_work_claim+0x76/0x90
[ 286.659779][ T28] ? lapic_can_unplug_cpu+0xa0/0xa0
[ 286.664980][ T28] ? irq_work_queue+0x2a/0x70
[ 286.669657][ T28] ? __wake_up_klogd.part.0+0x99/0xf0
[ 286.675029][ T28] ? watchdog+0xce1/0x11b0
[ 286.679458][ T28] watchdog+0xcf2/0x11b0
[ 286.683735][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.689724][ T28] ? proc_dohung_task_timeout_secs+0x90/0x90
[ 286.695704][ T28] kthread+0x33a/0x430
[ 286.699766][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.705399][ T28] ret_from_fork+0x2c/0x70
[ 286.709822][ T28] ? kthread_complete_and_exit+0x40/0x40
[ 286.715453][ T28] ret_from_fork_asm+0x11/0x20
[ 286.720230][ T28]
[ 286.723836][ T28] Kernel Offset: disabled
[ 286.728155][ T28] Rebooting in 86400 seconds..