./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor337749383

<...>
DUID 00:04:7c:8f:25:e4:1e:61:d4:15:b8:1c:50:2a:7f:f5:0b:01
forked to background, child pid 3209
[   29.612953][ T3210] 8021q: adding VLAN 0 to HW filter on device bond0
[   29.622222][ T3210] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts.
execve("./syz-executor337749383", ["./syz-executor337749383"], 0x7ffe486f0390 /* 10 vars */) = 0
brk(NULL)                               = 0x55555635f000
brk(0x55555635fc40)                     = 0x55555635fc40
arch_prctl(ARCH_SET_FS, 0x55555635f300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
set_tid_address(0x55555635f5d0)         = 3630
set_robust_list(0x55555635f5e0, 24)     = 0
rt_sigaction(SIGRTMIN, {sa_handler=0x7fc8867c3430, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fc8867c3b00}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {sa_handler=0x7fc8867c34d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fc8867c3b00}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor337749383", 4096) = 27
brk(0x555556380c40)                     = 0x555556380c40
brk(0x555556381000)                     = 0x555556381000
mprotect(0x7fc886897000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid()                                = 3630
mkdir("./syzkaller.bRJiuG", 0700)       = 0
chmod("./syzkaller.bRJiuG", 0777)       = 0
chdir("./syzkaller.bRJiuG")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3631
./strace-static-x86_64: Process 3631 attached
[pid  3631] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3631] chdir("./0")                = 0
[pid  3631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3631] setpgid(0, 0)               = 0
[pid  3631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3631] write(3, "1000", 4)         = 4
[pid  3631] close(3)                    = 0
[pid  3631] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3631] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3631] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3631] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3633], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3633
[pid  3631] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3631] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3633 attached
 <unfinished ...>
[pid  3633] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3633] memfd_create("syzkaller", 0) = 3
[pid  3633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3633] munmap(0x7fc87e392000, 16777216) = 0
[pid  3633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3633] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3633] close(3)                    = 0
[pid  3633] mkdir("./file0", 0777)      = 0
syzkaller login: [   50.909102][ T3633] loop0: detected capacity change from 0 to 32768
[   50.921858][ T3633] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   50.930213][ T3633] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   50.943022][ T3633] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   50.952785][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   50.959609][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   50.994342][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[   51.002613][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[pid  3633] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3633] chdir("./file0")            = 0
[pid  3633] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3633] close(4)                    = 0
[pid  3633] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3631] <... futex resumed>)        = 0
[pid  3631] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3631] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3633] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3633] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3631] <... futex resumed>)        = 0
[pid  3631] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3631] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3633] <... futex resumed>)        = 1
[   51.008330][ T3633] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   51.032572][ T3633] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   51.041195][ T3633] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   51.041195][ T3633]   inode = 12 2341
[   51.041195][ T3633]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[pid  3633] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3631] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3631] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3631] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3631] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3634], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3634
[pid  3631] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3634 attached
[pid  3634] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3634] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3634] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   51.060319][ T3633] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   51.069500][ T3633] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3633 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   51.079722][ T3633] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   51.090877][ T3633] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   51.098787][ T3633] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   51.107691][ T3633] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   51.116215][ T3633] gfs2: fsid=syz:syz.0: File system withdrawn
[   51.122497][ T3633] CPU: 0 PID: 3633 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   51.132915][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   51.142962][ T3633] Call Trace:
[   51.146232][ T3633]  <TASK>
[   51.149171][ T3633]  dump_stack_lvl+0x1b1/0x28e
[   51.153860][ T3633]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   51.159333][ T3633]  ? panic+0x710/0x710
[   51.163418][ T3633]  ? kobject_uevent_env+0x46b/0x8e0
[   51.168628][ T3633]  gfs2_withdraw+0xf33/0x1540
[   51.173326][ T3633]  ? gfs2_lm+0x220/0x220
[   51.177583][ T3633]  ? gfs2_dirent_scan+0xb6/0x650
[   51.182533][ T3633]  ? panic+0x710/0x710
[   51.186591][ T3633]  ? gfs2_permission+0x2ff/0x430
[   51.191524][ T3633]  ? gfs2_consist_inode_i+0xf3/0x110
[   51.196808][ T3633]  gfs2_dirent_scan+0x535/0x650
[   51.201655][ T3633]  ? gfs2_dirent_search+0xb10/0xb10
[   51.206850][ T3633]  gfs2_dirent_search+0x2ea/0xb10
[   51.211872][ T3633]  ? gfs2_dirent_search+0xb10/0xb10
[   51.217067][ T3633]  ? gfs2_dir_search+0x2a0/0x2a0
[   51.222001][ T3633]  ? gfs2_permission+0x3bf/0x430
[   51.226937][ T3633]  gfs2_dir_search+0x8c/0x2a0
[   51.231610][ T3633]  ? do_filldir_main+0x530/0x530
[   51.236537][ T3633]  ? inode_go_held+0xe4/0x1f0
[   51.241210][ T3633]  ? gfs2_glock_wait+0x213/0x2a0
[   51.246139][ T3633]  gfs2_lookupi+0x465/0x650
[   51.250642][ T3633]  ? gfs2_lookup_simple+0x170/0x170
[   51.255834][ T3633]  ? __gfs2_lookup+0x8c/0x260
[   51.260509][ T3633]  __gfs2_lookup+0x8c/0x260
[   51.265007][ T3633]  ? gfs2_atomic_open+0x230/0x230
[   51.270029][ T3633]  ? __d_lookup+0x6a4/0x770
[   51.274535][ T3633]  ? d_hash_and_lookup+0x1c0/0x1c0
[   51.279635][ T3633]  gfs2_atomic_open+0xa4/0x230
[   51.284393][ T3633]  path_openat+0xf39/0x2df0
[   51.288894][ T3633]  ? gfs2_rename2+0x3000/0x3000
[   51.293751][ T3633]  ? do_filp_open+0x4f0/0x4f0
[   51.298432][ T3633]  do_filp_open+0x264/0x4f0
[   51.302924][ T3633]  ? vfs_tmpfile+0x490/0x490
[   51.307514][ T3633]  ? do_raw_spin_unlock+0x134/0x8a0
[   51.312710][ T3633]  ? _raw_spin_unlock+0x24/0x40
[   51.317554][ T3633]  ? alloc_fd+0x5a7/0x640
[   51.321896][ T3633]  do_sys_openat2+0x124/0x4e0
[   51.326568][ T3633]  ? print_irqtrace_events+0x220/0x220
[   51.332017][ T3633]  ? ptrace_stop+0x74d/0x970
[   51.336603][ T3633]  ? do_sys_open+0x220/0x220
[   51.341194][ T3633]  ? lockdep_hardirqs_on+0x8d/0x130
[   51.346385][ T3633]  ? _raw_spin_unlock_irq+0x2a/0x40
[   51.351578][ T3633]  ? ptrace_notify+0x245/0x340
[   51.356335][ T3633]  __x64_sys_openat+0x243/0x290
[   51.361186][ T3633]  ? __ia32_sys_open+0x270/0x270
[   51.366135][ T3633]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   51.372115][ T3633]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   51.378268][ T3633]  do_syscall_64+0x3d/0xb0
[   51.382686][ T3633]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   51.388575][ T3633] RIP: 0033:0x7fc8868064d9
[   51.392984][ T3633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   51.412581][ T3633] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   51.420987][ T3633] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   51.428951][ T3633] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   51.436916][ T3633] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   51.444877][ T3633] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   51.452838][ T3633] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[pid  3634] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3633] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3633] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3633] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3631] exit_group(0 <unfinished ...>
[pid  3634] <... futex resumed>)        = ?
[pid  3633] <... futex resumed>)        = ?
[pid  3631] <... exit_group resumed>)   = ?
[pid  3633] +++ exited with 0 +++
[pid  3634] +++ exited with 0 +++
[pid  3631] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3631, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs")                  = 0
[   51.460823][ T3633]  </TASK>
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./0/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./0")                            = 0
mkdir("./1", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3635
./strace-static-x86_64: Process 3635 attached
[pid  3635] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3635] chdir("./1")                = 0
[pid  3635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3635] setpgid(0, 0)               = 0
[pid  3635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3635] write(3, "1000", 4)         = 4
[pid  3635] close(3)                    = 0
[pid  3635] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3635] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3635] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3635] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3636 attached
, parent_tid=[3636], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3636
[pid  3635] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3635] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3636] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3636] memfd_create("syzkaller", 0) = 3
[pid  3636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3636] munmap(0x7fc87e392000, 16777216) = 0
[pid  3636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3636] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3636] close(3)                    = 0
[pid  3636] mkdir("./file0", 0777)      = 0
[   51.781396][ T3636] loop0: detected capacity change from 0 to 32768
[   51.791942][ T3636] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   51.800205][ T3636] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   51.811169][ T3636] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   51.819728][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   51.826910][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3636] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3636] chdir("./file0")            = 0
[pid  3636] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3636] close(4)                    = 0
[pid  3636] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3635] <... futex resumed>)        = 0
[pid  3635] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3635] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3636] <... futex resumed>)        = 1
[pid  3636] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3636] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3635] <... futex resumed>)        = 0
[pid  3635] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3635] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3636] <... futex resumed>)        = 1
[   51.865106][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   51.872696][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   51.877954][ T3636] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   51.895023][ T3636] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   51.903941][ T3636] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   51.903941][ T3636]   inode = 12 2341
[pid  3636] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3635] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3635] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[   51.903941][ T3636]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   51.924060][ T3636] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   51.934165][ T3636] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3636 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   51.944685][ T3636] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   51.953506][ T3636] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   51.961294][ T3636] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   51.970158][ T3636] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   51.976900][ T3636] gfs2: fsid=syz:syz.0: File system withdrawn
[   51.983453][ T3636] CPU: 0 PID: 3636 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   51.993865][ T3636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.003912][ T3636] Call Trace:
[   52.007195][ T3636]  <TASK>
[   52.010134][ T3636]  dump_stack_lvl+0x1b1/0x28e
[   52.014817][ T3636]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   52.020262][ T3636]  ? panic+0x710/0x710
[   52.024339][ T3636]  ? kobject_uevent_env+0x46b/0x8e0
[   52.029547][ T3636]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.034759][ T3636]  gfs2_withdraw+0xf33/0x1540
[   52.039447][ T3636]  ? gfs2_lm+0x220/0x220
[   52.043693][ T3636]  ? gfs2_dirent_scan+0xb6/0x650
[   52.048642][ T3636]  ? panic+0x710/0x710
[   52.052695][ T3636]  ? gfs2_permission+0x2ff/0x430
[   52.057638][ T3636]  ? gfs2_consist_inode_i+0xf3/0x110
[   52.062943][ T3636]  gfs2_dirent_scan+0x535/0x650
[   52.067809][ T3636]  ? gfs2_dirent_search+0xb10/0xb10
[   52.073000][ T3636]  gfs2_dirent_search+0x2ea/0xb10
[   52.078029][ T3636]  ? gfs2_dirent_search+0xb10/0xb10
[   52.083239][ T3636]  ? gfs2_dir_search+0x2a0/0x2a0
[   52.088166][ T3636]  ? gfs2_permission+0x3bf/0x430
[   52.093202][ T3636]  gfs2_dir_search+0x8c/0x2a0
[   52.097882][ T3636]  ? do_filldir_main+0x530/0x530
[   52.102814][ T3636]  ? inode_go_held+0xe4/0x1f0
[   52.107487][ T3636]  ? gfs2_glock_wait+0x213/0x2a0
[   52.112418][ T3636]  gfs2_lookupi+0x465/0x650
[   52.116923][ T3636]  ? gfs2_lookup_simple+0x170/0x170
[   52.122118][ T3636]  ? __gfs2_lookup+0x8c/0x260
[   52.126798][ T3636]  __gfs2_lookup+0x8c/0x260
[   52.131305][ T3636]  ? gfs2_atomic_open+0x230/0x230
[   52.136327][ T3636]  ? __d_lookup+0x6a4/0x770
[   52.140819][ T3636]  ? d_hash_and_lookup+0x1c0/0x1c0
[   52.145923][ T3636]  gfs2_atomic_open+0xa4/0x230
[   52.150681][ T3636]  path_openat+0xf39/0x2df0
[   52.155180][ T3636]  ? gfs2_rename2+0x3000/0x3000
[   52.160037][ T3636]  ? do_filp_open+0x4f0/0x4f0
[   52.164717][ T3636]  do_filp_open+0x264/0x4f0
[   52.169211][ T3636]  ? vfs_tmpfile+0x490/0x490
[   52.173803][ T3636]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.178999][ T3636]  ? _raw_spin_unlock+0x24/0x40
[   52.183844][ T3636]  ? alloc_fd+0x5a7/0x640
[   52.188172][ T3636]  do_sys_openat2+0x124/0x4e0
[   52.192840][ T3636]  ? print_irqtrace_events+0x220/0x220
[   52.198288][ T3636]  ? ptrace_stop+0x74d/0x970
[   52.202875][ T3636]  ? do_sys_open+0x220/0x220
[   52.207462][ T3636]  ? lockdep_hardirqs_on+0x8d/0x130
[   52.212655][ T3636]  ? _raw_spin_unlock_irq+0x2a/0x40
[   52.217849][ T3636]  ? ptrace_notify+0x245/0x340
[   52.222604][ T3636]  __x64_sys_openat+0x243/0x290
[   52.227450][ T3636]  ? __ia32_sys_open+0x270/0x270
[   52.232381][ T3636]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   52.238357][ T3636]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   52.244331][ T3636]  do_syscall_64+0x3d/0xb0
[   52.248738][ T3636]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   52.254636][ T3636] RIP: 0033:0x7fc8868064d9
[   52.259042][ T3636] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   52.278638][ T3636] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   52.287043][ T3636] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   52.295006][ T3636] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   52.302969][ T3636] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3635] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  3636] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3635] <... mprotect resumed>)     = 0
[pid  3636] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3635] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3636] <... futex resumed>)        = 0
[pid  3636] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3635] <... clone resumed>, parent_tid=[3637], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3637
[pid  3635] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3637 attached
[pid  3637] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3637] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3637] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3637] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3635] exit_group(0 <unfinished ...>
[pid  3637] <... futex resumed>)        = ?
[pid  3636] <... futex resumed>)        = ?
[pid  3635] <... exit_group resumed>)   = ?
[pid  3637] +++ exited with 0 +++
[pid  3636] +++ exited with 0 +++
[pid  3635] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3635, si_uid=0, si_status=0, si_utime=3, si_stime=25} ---
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs")                  = 0
[   52.310931][ T3636] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   52.318890][ T3636] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   52.326864][ T3636]  </TASK>
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./1/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./1")                            = 0
mkdir("./2", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3638
./strace-static-x86_64: Process 3638 attached
[pid  3638] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3638] chdir("./2")                = 0
[pid  3638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3638] setpgid(0, 0)               = 0
[pid  3638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3638] write(3, "1000", 4)         = 4
[pid  3638] close(3)                    = 0
[pid  3638] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3638] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3638] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3638] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3639 attached
, parent_tid=[3639], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3639
[pid  3639] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3638] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3639] <... set_robust_list resumed>) = 0
[pid  3638] <... futex resumed>)        = 0
[pid  3638] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3639] memfd_create("syzkaller", 0) = 3
[pid  3639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3639] munmap(0x7fc87e392000, 16777216) = 0
[pid  3639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3639] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3639] close(3)                    = 0
[pid  3639] mkdir("./file0", 0777)      = 0
[   52.641442][ T3639] loop0: detected capacity change from 0 to 32768
[   52.654927][ T3639] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   52.663234][ T3639] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   52.673142][ T3639] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   52.681735][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   52.688509][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3639] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3639] chdir("./file0")            = 0
[pid  3639] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3639] close(4)                    = 0
[pid  3639] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3638] <... futex resumed>)        = 0
[pid  3638] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3638] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3639] <... futex resumed>)        = 1
[pid  3639] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3639] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3638] <... futex resumed>)        = 0
[pid  3638] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3638] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3639] <... futex resumed>)        = 1
[   52.721734][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   52.731127][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   52.736350][ T3639] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3639] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3638] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3638] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3638] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   52.772025][ T3639] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   52.781415][ T3639] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   52.781415][ T3639]   inode = 12 2341
[   52.781415][ T3639]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   52.800247][ T3639] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   52.809788][ T3639] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3639 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3638] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3638] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3640], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3640
[pid  3638] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3640 attached
[pid  3640] set_robust_list(0x7fc87f3919e0, 24) = 0
[   52.820286][ T3639] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   52.829070][ T3640] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   52.829101][ T3640] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   52.829101][ T3640]   inode = 12 2341
[   52.829101][ T3640]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   52.829123][ T3640] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   52.829147][ T3640] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3639 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   52.829299][ T3640] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3640 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   52.829331][ T3640] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   52.829351][ T3640] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   52.829363][ T3640] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   52.829373][ T3640] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   52.830824][ T3640] gfs2: fsid=syz:syz.0: File system withdrawn
[   52.923046][ T3640] CPU: 0 PID: 3640 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   52.933462][ T3640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   52.943518][ T3640] Call Trace:
[   52.946802][ T3640]  <TASK>
[   52.949722][ T3640]  dump_stack_lvl+0x1b1/0x28e
[   52.954438][ T3640]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   52.959902][ T3640]  ? panic+0x710/0x710
[   52.963986][ T3640]  ? kobject_uevent_env+0x46b/0x8e0
[   52.969190][ T3640]  ? do_raw_spin_unlock+0x134/0x8a0
[   52.974387][ T3640]  gfs2_withdraw+0xf33/0x1540
[   52.979075][ T3640]  ? gfs2_lm+0x220/0x220
[   52.983314][ T3640]  ? gfs2_dirent_scan+0xb6/0x650
[   52.988249][ T3640]  ? panic+0x710/0x710
[   52.992334][ T3640]  ? lockdep_hardirqs_on_prepare+0x428/0x790
[   52.998312][ T3640]  ? gfs2_consist_inode_i+0xf3/0x110
[   53.003852][ T3640]  gfs2_dirent_scan+0x535/0x650
[   53.008702][ T3640]  ? gfs2_dirent_search+0xb10/0xb10
[   53.013897][ T3640]  gfs2_dirent_search+0x2ea/0xb10
[   53.018917][ T3640]  ? gfs2_dirent_search+0xb10/0xb10
[   53.024114][ T3640]  ? gfs2_dir_search+0x2a0/0x2a0
[   53.029045][ T3640]  ? gfs2_permission+0x3bf/0x430
[   53.033982][ T3640]  gfs2_dir_search+0x8c/0x2a0
[   53.038667][ T3640]  ? do_filldir_main+0x530/0x530
[   53.043598][ T3640]  ? inode_go_held+0xe4/0x1f0
[   53.048286][ T3640]  ? gfs2_glock_wait+0x213/0x2a0
[   53.053222][ T3640]  gfs2_lookupi+0x465/0x650
[   53.057726][ T3640]  ? gfs2_lookup_simple+0x170/0x170
[   53.062942][ T3640]  ? __gfs2_lookup+0x8c/0x260
[   53.067611][ T3640]  ? d_alloc_parallel+0x1144/0x1240
[   53.072799][ T3640]  ? memset+0x1f/0x40
[   53.076776][ T3640]  __gfs2_lookup+0x8c/0x260
[   53.081273][ T3640]  ? gfs2_atomic_open+0x230/0x230
[   53.086295][ T3640]  ? d_hash_and_lookup+0x1c0/0x1c0
[   53.091399][ T3640]  ? __init_waitqueue_head+0xa6/0x140
[   53.096766][ T3640]  __lookup_slow+0x266/0x3a0
[   53.101348][ T3640]  ? lookup_one_len+0x690/0x690
[   53.106192][ T3640]  ? try_to_unlazy+0x687/0xb80
[   53.110948][ T3640]  ? crc32_le_base+0x589/0xd00
[   53.115705][ T3640]  ? __down_read_common+0x156/0x2a0
[   53.120906][ T3640]  lookup_slow+0x53/0x70
[   53.125141][ T3640]  link_path_walk+0xa06/0xf00
[   53.129820][ T3640]  ? handle_lookup_down+0x130/0x130
[   53.135017][ T3640]  path_lookupat+0xab/0x450
[   53.139525][ T3640]  do_o_path+0x84/0x240
[   53.143674][ T3640]  ? do_tmpfile+0x330/0x330
[   53.148176][ T3640]  path_openat+0x2812/0x2df0
[   53.152762][ T3640]  ? stack_trace_save+0x104/0x1e0
[   53.157786][ T3640]  ? stack_trace_snprint+0xf0/0xf0
[   53.162883][ T3640]  ? rcu_read_lock_sched_held+0x87/0x110
[   53.168507][ T3640]  ? __stack_depot_save+0x36/0x4a0
[   53.173616][ T3640]  ? mark_lock+0x9a/0x350
[   53.177944][ T3640]  ? do_filp_open+0x4f0/0x4f0
[   53.182612][ T3640]  ? rcu_read_lock_sched_held+0x87/0x110
[   53.188234][ T3640]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[   53.194215][ T3640]  do_filp_open+0x264/0x4f0
[   53.198731][ T3640]  ? vfs_tmpfile+0x490/0x490
[   53.203322][ T3640]  ? do_raw_spin_unlock+0x134/0x8a0
[   53.208517][ T3640]  ? _raw_spin_unlock+0x24/0x40
[   53.213378][ T3640]  ? alloc_fd+0x5a7/0x640
[   53.217731][ T3640]  do_sys_openat2+0x124/0x4e0
[   53.222404][ T3640]  ? print_irqtrace_events+0x220/0x220
[   53.227852][ T3640]  ? ptrace_stop+0x74d/0x970
[   53.232436][ T3640]  ? do_sys_open+0x220/0x220
[   53.237020][ T3640]  ? lockdep_hardirqs_on+0x8d/0x130
[   53.242218][ T3640]  ? _raw_spin_unlock_irq+0x2a/0x40
[   53.247408][ T3640]  ? ptrace_notify+0x245/0x340
[   53.252171][ T3640]  __x64_sys_openat+0x243/0x290
[   53.257022][ T3640]  ? __ia32_sys_open+0x270/0x270
[   53.261956][ T3640]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   53.267929][ T3640]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   53.273903][ T3640]  do_syscall_64+0x3d/0xb0
[   53.278314][ T3640]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   53.284198][ T3640] RIP: 0033:0x7fc8868064d9
[   53.288731][ T3640] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   53.308586][ T3640] RSP: 002b:00007fc87f391318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   53.316990][ T3640] RAX: ffffffffffffffda RBX: 00007fc88689d7b8 RCX: 00007fc8868064d9
[pid  3640] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3638] exit_group(0)               = ?
[pid  3640] <... openat resumed>)       = ?
[pid  3639] <... openat resumed>)       = ?
[pid  3640] +++ exited with 0 +++
[pid  3639] +++ exited with 0 +++
[pid  3638] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3638, si_uid=0, si_status=0, si_utime=2, si_stime=33} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs")                  = 0
[   53.324950][ T3640] RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c
[   53.332911][ T3640] RBP: 00007fc88689d7b0 R08: 00007fc87f391700 R09: 0000000000000000
[   53.340872][ T3640] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   53.348832][ T3640] R13: 00007ffe2e4164af R14: 00007fc87f391400 R15: 0000000000022000
[   53.356806][ T3640]  </TASK>
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./2/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./2")                            = 0
mkdir("./3", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3641
./strace-static-x86_64: Process 3641 attached
[pid  3641] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3641] chdir("./3")                = 0
[pid  3641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3641] setpgid(0, 0)               = 0
[pid  3641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3641] write(3, "1000", 4)         = 4
[pid  3641] close(3)                    = 0
[pid  3641] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3641] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3641] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3641] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3642], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3642
[pid  3641] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3641] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3642 attached
 <unfinished ...>
[pid  3642] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3642] memfd_create("syzkaller", 0) = 3
[pid  3642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3642] munmap(0x7fc87e392000, 16777216) = 0
[pid  3642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3642] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3642] close(3)                    = 0
[pid  3642] mkdir("./file0", 0777)      = 0
[   53.645144][ T3642] loop0: detected capacity change from 0 to 32768
[   53.657008][ T3642] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   53.665595][ T3642] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   53.675537][ T3642] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   53.684893][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   53.691828][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3642] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3642] chdir("./file0")            = 0
[pid  3642] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3642] close(4)                    = 0
[pid  3642] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3641] <... futex resumed>)        = 0
[pid  3642] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3641] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3642] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3641] <... futex resumed>)        = 0
[pid  3642] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3641] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3642] <... futex resumed>)        = 0
[pid  3642] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3641] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   53.730171][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   53.737863][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   53.743209][ T3642] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   53.781623][ T3642] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   53.790015][ T3642] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   53.790015][ T3642]   inode = 12 2341
[   53.790015][ T3642]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   53.809012][ T3642] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   53.818445][ T3642] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3642 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3641] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3641] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3641] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3641] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3643], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3643
./strace-static-x86_64: Process 3643 attached
[pid  3641] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3643] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3643] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3643] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   53.828876][ T3642] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   53.840360][ T3642] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   53.847972][ T3642] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   53.857266][ T3642] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   53.864841][ T3642] gfs2: fsid=syz:syz.0: File system withdrawn
[   53.871586][ T3642] CPU: 0 PID: 3642 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   53.882013][ T3642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   53.892057][ T3642] Call Trace:
[   53.895330][ T3642]  <TASK>
[   53.898249][ T3642]  dump_stack_lvl+0x1b1/0x28e
[   53.902922][ T3642]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   53.908369][ T3642]  ? panic+0x710/0x710
[   53.912426][ T3642]  ? kobject_uevent_env+0x46b/0x8e0
[   53.917717][ T3642]  ? do_raw_spin_unlock+0x134/0x8a0
[   53.922946][ T3642]  gfs2_withdraw+0xf33/0x1540
[   53.927647][ T3642]  ? gfs2_lm+0x220/0x220
[   53.931890][ T3642]  ? gfs2_dirent_scan+0xb6/0x650
[   53.936822][ T3642]  ? panic+0x710/0x710
[   53.940879][ T3642]  ? gfs2_permission+0x2ff/0x430
[   53.945815][ T3642]  ? gfs2_consist_inode_i+0xf3/0x110
[   53.951104][ T3642]  gfs2_dirent_scan+0x535/0x650
[   53.955971][ T3642]  ? gfs2_dirent_search+0xb10/0xb10
[   53.961174][ T3642]  gfs2_dirent_search+0x2ea/0xb10
[   53.966193][ T3642]  ? gfs2_dirent_search+0xb10/0xb10
[   53.971387][ T3642]  ? gfs2_dir_search+0x2a0/0x2a0
[   53.976412][ T3642]  ? gfs2_permission+0x3bf/0x430
[   53.981374][ T3642]  gfs2_dir_search+0x8c/0x2a0
[   53.986059][ T3642]  ? do_filldir_main+0x530/0x530
[   53.990993][ T3642]  ? inode_go_held+0xe4/0x1f0
[   53.995669][ T3642]  ? gfs2_glock_wait+0x213/0x2a0
[   54.000687][ T3642]  gfs2_lookupi+0x465/0x650
[   54.005190][ T3642]  ? gfs2_lookup_simple+0x170/0x170
[   54.010382][ T3642]  ? __gfs2_lookup+0x8c/0x260
[   54.015062][ T3642]  __gfs2_lookup+0x8c/0x260
[   54.019561][ T3642]  ? gfs2_atomic_open+0x230/0x230
[   54.024579][ T3642]  ? __d_lookup+0x6a4/0x770
[   54.029080][ T3642]  ? d_hash_and_lookup+0x1c0/0x1c0
[   54.034186][ T3642]  gfs2_atomic_open+0xa4/0x230
[   54.038962][ T3642]  path_openat+0xf39/0x2df0
[   54.043467][ T3642]  ? gfs2_rename2+0x3000/0x3000
[   54.048329][ T3642]  ? do_filp_open+0x4f0/0x4f0
[   54.053016][ T3642]  do_filp_open+0x264/0x4f0
[   54.057522][ T3642]  ? vfs_tmpfile+0x490/0x490
[   54.062123][ T3642]  ? do_raw_spin_unlock+0x134/0x8a0
[   54.067320][ T3642]  ? _raw_spin_unlock+0x24/0x40
[   54.072164][ T3642]  ? alloc_fd+0x5a7/0x640
[   54.076497][ T3642]  do_sys_openat2+0x124/0x4e0
[   54.081170][ T3642]  ? print_irqtrace_events+0x220/0x220
[   54.086624][ T3642]  ? ptrace_stop+0x74d/0x970
[   54.091211][ T3642]  ? do_sys_open+0x220/0x220
[   54.095794][ T3642]  ? lockdep_hardirqs_on+0x8d/0x130
[   54.100984][ T3642]  ? _raw_spin_unlock_irq+0x2a/0x40
[   54.106197][ T3642]  ? ptrace_notify+0x245/0x340
[   54.111129][ T3642]  __x64_sys_openat+0x243/0x290
[   54.115975][ T3642]  ? __ia32_sys_open+0x270/0x270
[   54.120996][ T3642]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   54.126976][ T3642]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   54.132951][ T3642]  do_syscall_64+0x3d/0xb0
[   54.137358][ T3642]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   54.143242][ T3642] RIP: 0033:0x7fc8868064d9
[   54.147649][ T3642] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   54.167244][ T3642] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   54.175650][ T3642] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3643] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3642] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3642] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3642] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3641] exit_group(0 <unfinished ...>
[pid  3643] <... futex resumed>)        = ?
[pid  3642] <... futex resumed>)        = ?
[pid  3641] <... exit_group resumed>)   = ?
[pid  3643] +++ exited with 0 +++
[pid  3642] +++ exited with 0 +++
[pid  3641] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3641, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./3/binderfs")                  = 0
[   54.183614][ T3642] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   54.191578][ T3642] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   54.199540][ T3642] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   54.207519][ T3642] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   54.215498][ T3642]  </TASK>
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./3/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./3")                            = 0
mkdir("./4", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3644 attached
, child_tidptr=0x55555635f5d0) = 3644
[pid  3644] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3644] chdir("./4")                = 0
[pid  3644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3644] setpgid(0, 0)               = 0
[pid  3644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3644] write(3, "1000", 4)         = 4
[pid  3644] close(3)                    = 0
[pid  3644] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3644] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3644] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3644] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3645], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3645
./strace-static-x86_64: Process 3645 attached
[pid  3645] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3645] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3644] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3645] <... futex resumed>)        = 0
[pid  3644] <... futex resumed>)        = 1
[pid  3644] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3645] memfd_create("syzkaller", 0) = 3
[pid  3645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3645] munmap(0x7fc87e392000, 16777216) = 0
[pid  3645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3645] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3645] close(3)                    = 0
[pid  3645] mkdir("./file0", 0777)      = 0
[   54.557110][ T3645] loop0: detected capacity change from 0 to 32768
[   54.569238][ T3645] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   54.577471][ T3645] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   54.587345][ T3645] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   54.596209][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   54.603239][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3645] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3645] chdir("./file0")            = 0
[pid  3645] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3645] close(4)                    = 0
[pid  3645] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3644] <... futex resumed>)        = 0
[pid  3644] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3644] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3645] <... futex resumed>)        = 1
[pid  3645] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3645] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3644] <... futex resumed>)        = 0
[pid  3644] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3644] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3645] <... futex resumed>)        = 1
[   54.641761][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   54.649381][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   54.654848][ T3645] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   54.675007][ T3645] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   54.683828][ T3645] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3645] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3644] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   54.683828][ T3645]   inode = 12 2341
[   54.683828][ T3645]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   54.702667][ T3645] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   54.711927][ T3645] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3645 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   54.722299][ T3645] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   54.730860][ T3645] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3644] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3644] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3644] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3646], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3646
./strace-static-x86_64: Process 3646 attached
[pid  3644] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3646] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3644] <... futex resumed>)        = 0
[pid  3646] <... set_robust_list resumed>) = 0
[pid  3646] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3646] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   54.738413][ T3645] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   54.750636][ T3645] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   54.757605][ T3645] gfs2: fsid=syz:syz.0: File system withdrawn
[   54.763889][ T3645] CPU: 0 PID: 3645 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   54.774325][ T3645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   54.784387][ T3645] Call Trace:
[   54.787657][ T3645]  <TASK>
[   54.790576][ T3645]  dump_stack_lvl+0x1b1/0x28e
[   54.795256][ T3645]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   54.800730][ T3645]  ? panic+0x710/0x710
[   54.804819][ T3645]  ? kobject_uevent_env+0x46b/0x8e0
[   54.810029][ T3645]  ? do_raw_spin_unlock+0x134/0x8a0
[   54.815251][ T3645]  gfs2_withdraw+0xf33/0x1540
[   54.819963][ T3645]  ? gfs2_lm+0x220/0x220
[   54.824200][ T3645]  ? gfs2_dirent_scan+0xb6/0x650
[   54.829163][ T3645]  ? panic+0x710/0x710
[   54.833249][ T3645]  ? gfs2_permission+0x2ff/0x430
[   54.838204][ T3645]  ? gfs2_consist_inode_i+0xf3/0x110
[   54.843496][ T3645]  gfs2_dirent_scan+0x535/0x650
[   54.848371][ T3645]  ? gfs2_dirent_search+0xb10/0xb10
[   54.853587][ T3645]  gfs2_dirent_search+0x2ea/0xb10
[   54.858627][ T3645]  ? gfs2_dirent_search+0xb10/0xb10
[   54.863839][ T3645]  ? gfs2_dir_search+0x2a0/0x2a0
[   54.868783][ T3645]  ? gfs2_permission+0x3bf/0x430
[   54.873734][ T3645]  gfs2_dir_search+0x8c/0x2a0
[   54.878425][ T3645]  ? do_filldir_main+0x530/0x530
[   54.883381][ T3645]  ? inode_go_held+0xe4/0x1f0
[   54.888051][ T3645]  ? gfs2_glock_wait+0x213/0x2a0
[pid  3646] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3644] exit_group(0 <unfinished ...>
[pid  3646] <... futex resumed>)        = ?
[pid  3644] <... exit_group resumed>)   = ?
[pid  3646] +++ exited with 0 +++
[   54.892985][ T3645]  gfs2_lookupi+0x465/0x650
[   54.897496][ T3645]  ? gfs2_lookup_simple+0x170/0x170
[   54.902689][ T3645]  ? __gfs2_lookup+0x8c/0x260
[   54.907360][ T3645]  __gfs2_lookup+0x8c/0x260
[   54.911870][ T3645]  ? gfs2_atomic_open+0x230/0x230
[   54.916904][ T3645]  ? __d_lookup+0x6a4/0x770
[   54.921392][ T3645]  ? d_hash_and_lookup+0x1c0/0x1c0
[   54.926492][ T3645]  gfs2_atomic_open+0xa4/0x230
[   54.931259][ T3645]  path_openat+0xf39/0x2df0
[   54.935771][ T3645]  ? gfs2_rename2+0x3000/0x3000
[   54.940639][ T3645]  ? do_filp_open+0x4f0/0x4f0
[   54.945331][ T3645]  do_filp_open+0x264/0x4f0
[   54.949834][ T3645]  ? vfs_tmpfile+0x490/0x490
[   54.954454][ T3645]  ? do_raw_spin_unlock+0x134/0x8a0
[   54.959646][ T3645]  ? _raw_spin_unlock+0x24/0x40
[   54.964494][ T3645]  ? alloc_fd+0x5a7/0x640
[   54.968834][ T3645]  do_sys_openat2+0x124/0x4e0
[   54.973502][ T3645]  ? print_irqtrace_events+0x220/0x220
[   54.979035][ T3645]  ? ptrace_stop+0x74d/0x970
[   54.983625][ T3645]  ? do_sys_open+0x220/0x220
[   54.988223][ T3645]  ? lockdep_hardirqs_on+0x8d/0x130
[   54.993414][ T3645]  ? _raw_spin_unlock_irq+0x2a/0x40
[   54.998611][ T3645]  ? ptrace_notify+0x245/0x340
[   55.003380][ T3645]  __x64_sys_openat+0x243/0x290
[   55.008230][ T3645]  ? __ia32_sys_open+0x270/0x270
[   55.013175][ T3645]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.019144][ T3645]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   55.025114][ T3645]  do_syscall_64+0x3d/0xb0
[   55.029520][ T3645]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.035398][ T3645] RIP: 0033:0x7fc8868064d9
[   55.039806][ T3645] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.059414][ T3645] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   55.067815][ T3645] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   55.075789][ T3645] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   55.083763][ T3645] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3645] <... openat resumed>)       = ?
[pid  3645] +++ exited with 0 +++
[pid  3644] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3644, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./4/binderfs")                  = 0
[   55.091731][ T3645] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   55.099690][ T3645] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   55.107685][ T3645]  </TASK>
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./4/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./4")                            = 0
mkdir("./5", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3647
./strace-static-x86_64: Process 3647 attached
[pid  3647] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3647] chdir("./5")                = 0
[pid  3647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3647] setpgid(0, 0)               = 0
[pid  3647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3647] write(3, "1000", 4)         = 4
[pid  3647] close(3)                    = 0
[pid  3647] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3647] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3647] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3647] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3648 attached
, parent_tid=[3648], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3648
[pid  3648] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3648] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3647] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3648] <... futex resumed>)        = 0
[pid  3647] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3648] memfd_create("syzkaller", 0) = 3
[pid  3648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3648] munmap(0x7fc87e392000, 16777216) = 0
[pid  3648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3648] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3648] close(3)                    = 0
[pid  3648] mkdir("./file0", 0777)      = 0
[   55.417791][ T3648] loop0: detected capacity change from 0 to 32768
[   55.428775][ T3648] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   55.437158][ T3648] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   55.447189][ T3648] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   55.456055][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   55.463093][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3648] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3648] chdir("./file0")            = 0
[pid  3648] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3648] close(4)                    = 0
[pid  3648] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3647] <... futex resumed>)        = 0
[pid  3647] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3647] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3648] <... futex resumed>)        = 1
[pid  3648] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3648] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3647] <... futex resumed>)        = 0
[pid  3647] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3647] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3648] <... futex resumed>)        = 1
[   55.503094][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   55.510796][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   55.516096][ T3648] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   55.537468][ T3648] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3648] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3647] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3647] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3647] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3647] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3649], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3649
[pid  3647] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   55.546518][ T3648] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   55.546518][ T3648]   inode = 12 2341
[   55.546518][ T3648]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   55.567222][ T3648] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   55.576705][ T3648] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3648 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   55.588548][ T3648] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
./strace-static-x86_64: Process 3649 attached
[pid  3649] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3649] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3649] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   55.597326][ T3648] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   55.604683][ T3648] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   55.613490][ T3648] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   55.620025][ T3648] gfs2: fsid=syz:syz.0: File system withdrawn
[   55.626209][ T3648] CPU: 0 PID: 3648 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   55.636639][ T3648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   55.646703][ T3648] Call Trace:
[   55.649975][ T3648]  <TASK>
[   55.652897][ T3648]  dump_stack_lvl+0x1b1/0x28e
[   55.657589][ T3648]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   55.663131][ T3648]  ? panic+0x710/0x710
[   55.667209][ T3648]  ? kobject_uevent_env+0x46b/0x8e0
[   55.672403][ T3648]  ? do_raw_spin_unlock+0x134/0x8a0
[   55.677607][ T3648]  gfs2_withdraw+0xf33/0x1540
[   55.682292][ T3648]  ? gfs2_lm+0x220/0x220
[   55.686524][ T3648]  ? gfs2_dirent_scan+0xb6/0x650
[   55.691458][ T3648]  ? panic+0x710/0x710
[   55.695516][ T3648]  ? gfs2_permission+0x2ff/0x430
[   55.700456][ T3648]  ? gfs2_consist_inode_i+0xf3/0x110
[   55.705740][ T3648]  gfs2_dirent_scan+0x535/0x650
[   55.710594][ T3648]  ? gfs2_dirent_search+0xb10/0xb10
[   55.715792][ T3648]  gfs2_dirent_search+0x2ea/0xb10
[   55.720813][ T3648]  ? gfs2_dirent_search+0xb10/0xb10
[   55.726010][ T3648]  ? gfs2_dir_search+0x2a0/0x2a0
[   55.730941][ T3648]  ? gfs2_permission+0x3bf/0x430
[   55.735882][ T3648]  gfs2_dir_search+0x8c/0x2a0
[   55.740562][ T3648]  ? do_filldir_main+0x530/0x530
[   55.745496][ T3648]  ? inode_go_held+0xe4/0x1f0
[   55.750184][ T3648]  ? gfs2_glock_wait+0x213/0x2a0
[   55.755120][ T3648]  gfs2_lookupi+0x465/0x650
[   55.759647][ T3648]  ? gfs2_lookup_simple+0x170/0x170
[   55.764847][ T3648]  ? __gfs2_lookup+0x8c/0x260
[   55.769531][ T3648]  __gfs2_lookup+0x8c/0x260
[   55.774068][ T3648]  ? gfs2_atomic_open+0x230/0x230
[   55.779123][ T3648]  ? __d_lookup+0x6a4/0x770
[   55.783642][ T3648]  ? d_hash_and_lookup+0x1c0/0x1c0
[   55.788752][ T3648]  gfs2_atomic_open+0xa4/0x230
[   55.793519][ T3648]  path_openat+0xf39/0x2df0
[   55.798024][ T3648]  ? gfs2_rename2+0x3000/0x3000
[   55.802899][ T3648]  ? do_filp_open+0x4f0/0x4f0
[   55.807584][ T3648]  do_filp_open+0x264/0x4f0
[   55.812166][ T3648]  ? vfs_tmpfile+0x490/0x490
[   55.816759][ T3648]  ? do_raw_spin_unlock+0x134/0x8a0
[   55.821961][ T3648]  ? _raw_spin_unlock+0x24/0x40
[   55.826826][ T3648]  ? alloc_fd+0x5a7/0x640
[   55.831159][ T3648]  do_sys_openat2+0x124/0x4e0
[   55.835836][ T3648]  ? print_irqtrace_events+0x220/0x220
[   55.841285][ T3648]  ? ptrace_stop+0x74d/0x970
[   55.845872][ T3648]  ? do_sys_open+0x220/0x220
[   55.850457][ T3648]  ? lockdep_hardirqs_on+0x8d/0x130
[   55.855652][ T3648]  ? _raw_spin_unlock_irq+0x2a/0x40
[   55.860843][ T3648]  ? ptrace_notify+0x245/0x340
[   55.865681][ T3648]  __x64_sys_openat+0x243/0x290
[   55.870530][ T3648]  ? __ia32_sys_open+0x270/0x270
[   55.875482][ T3648]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   55.881478][ T3648]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   55.887470][ T3648]  do_syscall_64+0x3d/0xb0
[   55.891896][ T3648]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   55.897882][ T3648] RIP: 0033:0x7fc8868064d9
[   55.902392][ T3648] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   55.922014][ T3648] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   55.930602][ T3648] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   55.938566][ T3648] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   55.946537][ T3648] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3649] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3648] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3648] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3648] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3647] exit_group(0 <unfinished ...>
[pid  3649] <... futex resumed>)        = ?
[pid  3648] <... futex resumed>)        = ?
[pid  3647] <... exit_group resumed>)   = ?
[pid  3648] +++ exited with 0 +++
[pid  3649] +++ exited with 0 +++
[pid  3647] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3647, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./5/binderfs")                  = 0
[   55.954592][ T3648] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   55.962551][ T3648] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   55.970540][ T3648]  </TASK>
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./5/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./5")                            = 0
mkdir("./6", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3650
./strace-static-x86_64: Process 3650 attached
[pid  3650] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3650] chdir("./6")                = 0
[pid  3650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3650] setpgid(0, 0)               = 0
[pid  3650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3650] write(3, "1000", 4)         = 4
[pid  3650] close(3)                    = 0
[pid  3650] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3650] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3650] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3650] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3651 attached
 <unfinished ...>
[pid  3651] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3651] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3650] <... clone resumed>, parent_tid=[3651], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3651
[pid  3650] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3650] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3651] <... futex resumed>)        = 0
[pid  3651] memfd_create("syzkaller", 0) = 3
[pid  3651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3651] munmap(0x7fc87e392000, 16777216) = 0
[pid  3651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3651] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3651] close(3)                    = 0
[pid  3651] mkdir("./file0", 0777)      = 0
[   56.284117][ T3651] loop0: detected capacity change from 0 to 32768
[   56.294185][ T3651] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   56.302477][ T3651] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   56.312812][ T3651] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   56.321619][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   56.328390][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3651] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3651] chdir("./file0")            = 0
[pid  3651] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3651] close(4)                    = 0
[pid  3651] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3650] <... futex resumed>)        = 0
[pid  3650] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3650] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3651] <... futex resumed>)        = 1
[pid  3651] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3651] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3650] <... futex resumed>)        = 0
[pid  3650] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3650] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3651] <... futex resumed>)        = 1
[   56.362211][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   56.369892][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   56.375388][ T3651] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   56.391268][ T3651] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   56.400370][ T3651] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   56.400370][ T3651]   inode = 12 2341
[pid  3651] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3650] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3650] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3650] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3650] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3652], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3652
[   56.400370][ T3651]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   56.419550][ T3651] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   56.429038][ T3651] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3651 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   56.439284][ T3651] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   56.447905][ T3651] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3650] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3652 attached
[   56.455223][ T3651] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   56.464057][ T3651] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   56.470728][ T3651] gfs2: fsid=syz:syz.0: File system withdrawn
[   56.476865][ T3651] CPU: 0 PID: 3651 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   56.487299][ T3651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   56.497383][ T3651] Call Trace:
[   56.500664][ T3651]  <TASK>
[   56.503586][ T3651]  dump_stack_lvl+0x1b1/0x28e
[   56.508264][ T3651]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   56.513720][ T3651]  ? panic+0x710/0x710
[   56.517782][ T3651]  ? kobject_uevent_env+0x46b/0x8e0
[   56.522982][ T3651]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.528284][ T3651]  gfs2_withdraw+0xf33/0x1540
[   56.532994][ T3651]  ? gfs2_lm+0x220/0x220
[   56.537256][ T3651]  ? gfs2_dirent_scan+0xb6/0x650
[   56.542207][ T3651]  ? panic+0x710/0x710
[   56.546268][ T3651]  ? gfs2_permission+0x2ff/0x430
[   56.551203][ T3651]  ? gfs2_consist_inode_i+0xf3/0x110
[   56.556491][ T3651]  gfs2_dirent_scan+0x535/0x650
[   56.561343][ T3651]  ? gfs2_dirent_search+0xb10/0xb10
[   56.566540][ T3651]  gfs2_dirent_search+0x2ea/0xb10
[   56.571562][ T3651]  ? gfs2_dirent_search+0xb10/0xb10
[   56.576758][ T3651]  ? gfs2_dir_search+0x2a0/0x2a0
[   56.581691][ T3651]  ? gfs2_permission+0x3bf/0x430
[   56.586629][ T3651]  gfs2_dir_search+0x8c/0x2a0
[   56.591301][ T3651]  ? do_filldir_main+0x530/0x530
[   56.596233][ T3651]  ? inode_go_held+0xe4/0x1f0
[   56.600909][ T3651]  ? gfs2_glock_wait+0x213/0x2a0
[   56.605877][ T3651]  gfs2_lookupi+0x465/0x650
[   56.610419][ T3651]  ? gfs2_lookup_simple+0x170/0x170
[   56.615627][ T3651]  ? __gfs2_lookup+0x8c/0x260
[   56.620308][ T3651]  __gfs2_lookup+0x8c/0x260
[   56.624810][ T3651]  ? gfs2_atomic_open+0x230/0x230
[   56.629830][ T3651]  ? __d_lookup+0x6a4/0x770
[   56.634324][ T3651]  ? d_hash_and_lookup+0x1c0/0x1c0
[   56.639428][ T3651]  gfs2_atomic_open+0xa4/0x230
[   56.644195][ T3651]  path_openat+0xf39/0x2df0
[   56.648710][ T3651]  ? gfs2_rename2+0x3000/0x3000
[   56.653566][ T3651]  ? do_filp_open+0x4f0/0x4f0
[   56.658249][ T3651]  do_filp_open+0x264/0x4f0
[   56.662745][ T3651]  ? vfs_tmpfile+0x490/0x490
[   56.667333][ T3651]  ? do_raw_spin_unlock+0x134/0x8a0
[   56.672530][ T3651]  ? _raw_spin_unlock+0x24/0x40
[   56.677372][ T3651]  ? alloc_fd+0x5a7/0x640
[   56.681703][ T3651]  do_sys_openat2+0x124/0x4e0
[   56.686379][ T3651]  ? print_irqtrace_events+0x220/0x220
[   56.691829][ T3651]  ? ptrace_stop+0x74d/0x970
[   56.696502][ T3651]  ? do_sys_open+0x220/0x220
[   56.701087][ T3651]  ? lockdep_hardirqs_on+0x8d/0x130
[   56.706277][ T3651]  ? _raw_spin_unlock_irq+0x2a/0x40
[   56.711471][ T3651]  ? ptrace_notify+0x245/0x340
[   56.716223][ T3651]  __x64_sys_openat+0x243/0x290
[   56.721068][ T3651]  ? __ia32_sys_open+0x270/0x270
[   56.725999][ T3651]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   56.731976][ T3651]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   56.737978][ T3651]  do_syscall_64+0x3d/0xb0
[   56.742399][ T3651]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.748290][ T3651] RIP: 0033:0x7fc8868064d9
[   56.752697][ T3651] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   56.772299][ T3651] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   56.780706][ T3651] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   56.788672][ T3651] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   56.796632][ T3651] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   56.805206][ T3651] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3652] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3652] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3652] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3652] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3651] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3651] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3651] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3650] exit_group(0)               = ?
[pid  3652] <... futex resumed>)        = ?
[pid  3652] +++ exited with 0 +++
[pid  3651] <... futex resumed>)        = ?
[pid  3651] +++ exited with 0 +++
[pid  3650] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3650, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./6/binderfs")                  = 0
[   56.813217][ T3651] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   56.821204][ T3651]  </TASK>
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./6/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./6")                            = 0
mkdir("./7", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3653
./strace-static-x86_64: Process 3653 attached
[pid  3653] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3653] chdir("./7")                = 0
[pid  3653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3653] setpgid(0, 0)               = 0
[pid  3653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3653] write(3, "1000", 4)         = 4
[pid  3653] close(3)                    = 0
[pid  3653] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3653] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3653] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3653] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3654], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3654
[pid  3653] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3654 attached
) = 0
[pid  3654] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3653] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3654] <... set_robust_list resumed>) = 0
[pid  3654] memfd_create("syzkaller", 0) = 3
[pid  3654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3654] munmap(0x7fc87e392000, 16777216) = 0
[pid  3654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3654] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3654] close(3)                    = 0
[pid  3654] mkdir("./file0", 0777)      = 0
[   57.136525][ T3654] loop0: detected capacity change from 0 to 32768
[   57.147876][ T3654] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   57.156294][ T3654] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   57.166181][ T3654] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   57.175087][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   57.182067][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3654] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3654] chdir("./file0")            = 0
[pid  3654] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3654] close(4)                    = 0
[pid  3654] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3653] <... futex resumed>)        = 0
[pid  3653] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3653] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3654] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3654] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3653] <... futex resumed>)        = 0
[pid  3653] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3653] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   57.220015][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[   57.227638][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   57.232936][ T3654] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   57.252666][ T3654] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   57.261248][ T3654] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3654] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3653] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3653] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   57.261248][ T3654]   inode = 12 2341
[   57.261248][ T3654]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   57.280119][ T3654] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   57.289295][ T3654] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3654 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   57.299567][ T3654] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   57.308142][ T3654] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3653] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3653] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3655], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3655
[pid  3653] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3655 attached
[pid  3655] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3655] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3655] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   57.316425][ T3654] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   57.325629][ T3654] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   57.332368][ T3654] gfs2: fsid=syz:syz.0: File system withdrawn
[   57.338469][ T3654] CPU: 0 PID: 3654 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   57.348899][ T3654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   57.358949][ T3654] Call Trace:
[   57.362231][ T3654]  <TASK>
[   57.365162][ T3654]  dump_stack_lvl+0x1b1/0x28e
[   57.369845][ T3654]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   57.375320][ T3654]  ? panic+0x710/0x710
[   57.379402][ T3654]  ? kobject_uevent_env+0x46b/0x8e0
[   57.384609][ T3654]  ? do_raw_spin_unlock+0x134/0x8a0
[   57.389809][ T3654]  gfs2_withdraw+0xf33/0x1540
[   57.394491][ T3654]  ? gfs2_lm+0x220/0x220
[   57.398722][ T3654]  ? gfs2_dirent_scan+0xb6/0x650
[   57.403660][ T3654]  ? panic+0x710/0x710
[   57.407737][ T3654]  ? gfs2_permission+0x2ff/0x430
[   57.412690][ T3654]  ? gfs2_consist_inode_i+0xf3/0x110
[   57.417968][ T3654]  gfs2_dirent_scan+0x535/0x650
[   57.422833][ T3654]  ? gfs2_dirent_search+0xb10/0xb10
[   57.428040][ T3654]  gfs2_dirent_search+0x2ea/0xb10
[   57.433074][ T3654]  ? gfs2_dirent_search+0xb10/0xb10
[   57.438286][ T3654]  ? gfs2_dir_search+0x2a0/0x2a0
[   57.443218][ T3654]  ? gfs2_permission+0x3bf/0x430
[   57.448159][ T3654]  gfs2_dir_search+0x8c/0x2a0
[   57.452835][ T3654]  ? do_filldir_main+0x530/0x530
[   57.457765][ T3654]  ? inode_go_held+0xe4/0x1f0
[   57.462443][ T3654]  ? gfs2_glock_wait+0x213/0x2a0
[   57.467375][ T3654]  gfs2_lookupi+0x465/0x650
[   57.471877][ T3654]  ? gfs2_lookup_simple+0x170/0x170
[   57.477068][ T3654]  ? __gfs2_lookup+0x8c/0x260
[   57.481744][ T3654]  __gfs2_lookup+0x8c/0x260
[   57.486262][ T3654]  ? gfs2_atomic_open+0x230/0x230
[   57.491285][ T3654]  ? __d_lookup+0x6a4/0x770
[   57.495785][ T3654]  ? d_hash_and_lookup+0x1c0/0x1c0
[   57.500888][ T3654]  gfs2_atomic_open+0xa4/0x230
[   57.505810][ T3654]  path_openat+0xf39/0x2df0
[   57.510318][ T3654]  ? gfs2_rename2+0x3000/0x3000
[   57.515178][ T3654]  ? do_filp_open+0x4f0/0x4f0
[   57.520032][ T3654]  do_filp_open+0x264/0x4f0
[   57.524530][ T3654]  ? vfs_tmpfile+0x490/0x490
[   57.529119][ T3654]  ? do_raw_spin_unlock+0x134/0x8a0
[   57.534317][ T3654]  ? _raw_spin_unlock+0x24/0x40
[   57.539163][ T3654]  ? alloc_fd+0x5a7/0x640
[   57.543494][ T3654]  do_sys_openat2+0x124/0x4e0
[   57.548164][ T3654]  ? print_irqtrace_events+0x220/0x220
[   57.553608][ T3654]  ? ptrace_stop+0x74d/0x970
[   57.558192][ T3654]  ? do_sys_open+0x220/0x220
[   57.562779][ T3654]  ? lockdep_hardirqs_on+0x8d/0x130
[   57.567972][ T3654]  ? _raw_spin_unlock_irq+0x2a/0x40
[   57.573165][ T3654]  ? ptrace_notify+0x245/0x340
[   57.577919][ T3654]  __x64_sys_openat+0x243/0x290
[   57.582768][ T3654]  ? __ia32_sys_open+0x270/0x270
[   57.587704][ T3654]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   57.593679][ T3654]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   57.599651][ T3654]  do_syscall_64+0x3d/0xb0
[   57.604059][ T3654]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.609942][ T3654] RIP: 0033:0x7fc8868064d9
[   57.614370][ T3654] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   57.633981][ T3654] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   57.642388][ T3654] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   57.650347][ T3654] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   57.658574][ T3654] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3655] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3654] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3654] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3653] exit_group(0 <unfinished ...>
[pid  3654] <... futex resumed>)        = 0
[pid  3654] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3655] <... futex resumed>)        = ?
[pid  3653] <... exit_group resumed>)   = ?
[pid  3654] +++ exited with 0 +++
[pid  3655] +++ exited with 0 +++
[pid  3653] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3653, si_uid=0, si_status=0, si_utime=2, si_stime=33} ---
umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./7/binderfs")                  = 0
[   57.666533][ T3654] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   57.674500][ T3654] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   57.682491][ T3654]  </TASK>
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./7/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./7")                            = 0
mkdir("./8", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3656
./strace-static-x86_64: Process 3656 attached
[pid  3656] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3656] chdir("./8")                = 0
[pid  3656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3656] setpgid(0, 0)               = 0
[pid  3656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3656] write(3, "1000", 4)         = 4
[pid  3656] close(3)                    = 0
[pid  3656] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3656] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3656] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3656] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3657 attached
 <unfinished ...>
[pid  3657] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3656] <... clone resumed>, parent_tid=[3657], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3657
[pid  3656] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3656] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3657] <... set_robust_list resumed>) = 0
[pid  3657] memfd_create("syzkaller", 0) = 3
[pid  3657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3657] munmap(0x7fc87e392000, 16777216) = 0
[pid  3657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3657] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3657] close(3)                    = 0
[pid  3657] mkdir("./file0", 0777)      = 0
[   57.991874][ T3657] loop0: detected capacity change from 0 to 32768
[   58.003490][ T3657] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   58.011791][ T3657] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   58.021974][ T3657] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   58.030979][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   58.037748][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3657] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3657] chdir("./file0")            = 0
[pid  3657] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3657] close(4)                    = 0
[pid  3657] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3656] <... futex resumed>)        = 0
[pid  3656] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3656] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3657] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3657] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3656] <... futex resumed>)        = 0
[pid  3656] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3656] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   58.075922][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   58.084675][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   58.089940][ T3657] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   58.117525][ T3657] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   58.125973][ T3657] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   58.125973][ T3657]   inode = 12 2341
[   58.125973][ T3657]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   58.144821][ T3657] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   58.153953][ T3657] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3657 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3657] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3656] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3656] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3656] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3656] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3658], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3658
[pid  3656] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3658 attached
[pid  3658] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3658] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3658] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   58.164155][ T3657] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   58.172783][ T3657] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   58.180062][ T3657] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   58.189164][ T3657] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   58.197314][ T3657] gfs2: fsid=syz:syz.0: File system withdrawn
[   58.203635][ T3657] CPU: 0 PID: 3657 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   58.214226][ T3657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   58.224281][ T3657] Call Trace:
[   58.227559][ T3657]  <TASK>
[   58.230499][ T3657]  dump_stack_lvl+0x1b1/0x28e
[   58.235179][ T3657]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   58.240658][ T3657]  ? panic+0x710/0x710
[   58.244739][ T3657]  ? kobject_uevent_env+0x46b/0x8e0
[   58.250274][ T3657]  ? do_raw_spin_unlock+0x134/0x8a0
[   58.255464][ T3657]  gfs2_withdraw+0xf33/0x1540
[   58.260153][ T3657]  ? gfs2_lm+0x220/0x220
[pid  3658] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3656] exit_group(0 <unfinished ...>
[pid  3658] <... futex resumed>)        = ?
[pid  3656] <... exit_group resumed>)   = ?
[pid  3658] +++ exited with 0 +++
[   58.264399][ T3657]  ? gfs2_dirent_scan+0xb6/0x650
[   58.269327][ T3657]  ? panic+0x710/0x710
[   58.273393][ T3657]  ? gfs2_permission+0x2ff/0x430
[   58.278340][ T3657]  ? gfs2_consist_inode_i+0xf3/0x110
[   58.283615][ T3657]  gfs2_dirent_scan+0x535/0x650
[   58.288465][ T3657]  ? gfs2_dirent_search+0xb10/0xb10
[   58.293658][ T3657]  gfs2_dirent_search+0x2ea/0xb10
[   58.298688][ T3657]  ? gfs2_dirent_search+0xb10/0xb10
[   58.303892][ T3657]  ? gfs2_dir_search+0x2a0/0x2a0
[   58.308820][ T3657]  ? gfs2_permission+0x3bf/0x430
[   58.313755][ T3657]  gfs2_dir_search+0x8c/0x2a0
[   58.318428][ T3657]  ? do_filldir_main+0x530/0x530
[   58.323352][ T3657]  ? inode_go_held+0xe4/0x1f0
[   58.328018][ T3657]  ? gfs2_glock_wait+0x213/0x2a0
[   58.332941][ T3657]  gfs2_lookupi+0x465/0x650
[   58.337438][ T3657]  ? gfs2_lookup_simple+0x170/0x170
[   58.342631][ T3657]  ? __gfs2_lookup+0x8c/0x260
[   58.347307][ T3657]  __gfs2_lookup+0x8c/0x260
[   58.351823][ T3657]  ? gfs2_atomic_open+0x230/0x230
[   58.356941][ T3657]  ? __d_lookup+0x6a4/0x770
[   58.361446][ T3657]  ? d_hash_and_lookup+0x1c0/0x1c0
[   58.366559][ T3657]  gfs2_atomic_open+0xa4/0x230
[   58.371314][ T3657]  path_openat+0xf39/0x2df0
[   58.375812][ T3657]  ? gfs2_rename2+0x3000/0x3000
[   58.380682][ T3657]  ? do_filp_open+0x4f0/0x4f0
[   58.385372][ T3657]  do_filp_open+0x264/0x4f0
[   58.390042][ T3657]  ? vfs_tmpfile+0x490/0x490
[   58.394648][ T3657]  ? do_raw_spin_unlock+0x134/0x8a0
[   58.399845][ T3657]  ? _raw_spin_unlock+0x24/0x40
[   58.404787][ T3657]  ? alloc_fd+0x5a7/0x640
[   58.409121][ T3657]  do_sys_openat2+0x124/0x4e0
[   58.413795][ T3657]  ? print_irqtrace_events+0x220/0x220
[   58.419252][ T3657]  ? ptrace_stop+0x74d/0x970
[   58.423844][ T3657]  ? do_sys_open+0x220/0x220
[   58.428440][ T3657]  ? lockdep_hardirqs_on+0x8d/0x130
[   58.433656][ T3657]  ? _raw_spin_unlock_irq+0x2a/0x40
[   58.438858][ T3657]  ? ptrace_notify+0x245/0x340
[   58.443702][ T3657]  __x64_sys_openat+0x243/0x290
[   58.448551][ T3657]  ? __ia32_sys_open+0x270/0x270
[   58.453481][ T3657]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   58.459454][ T3657]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   58.465428][ T3657]  do_syscall_64+0x3d/0xb0
[   58.469833][ T3657]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   58.475720][ T3657] RIP: 0033:0x7fc8868064d9
[   58.480144][ T3657] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   58.499749][ T3657] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   58.508154][ T3657] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3657] <... openat resumed>)       = ?
[pid  3657] +++ exited with 0 +++
[pid  3656] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3656, si_uid=0, si_status=0, si_utime=2, si_stime=26} ---
umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./8/binderfs")                  = 0
[   58.516118][ T3657] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   58.524089][ T3657] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   58.532072][ T3657] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   58.540047][ T3657] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   58.548033][ T3657]  </TASK>
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./8/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./8")                            = 0
mkdir("./9", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3659
./strace-static-x86_64: Process 3659 attached
[pid  3659] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3659] chdir("./9")                = 0
[pid  3659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3659] setpgid(0, 0)               = 0
[pid  3659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3659] write(3, "1000", 4)         = 4
[pid  3659] close(3)                    = 0
[pid  3659] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3659] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3659] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3659] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3660], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3660
[pid  3659] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3659] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3660 attached
 <unfinished ...>
[pid  3660] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3660] memfd_create("syzkaller", 0) = 3
[pid  3660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3660] munmap(0x7fc87e392000, 16777216) = 0
[pid  3660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3660] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3660] close(3)                    = 0
[pid  3660] mkdir("./file0", 0777)      = 0
[   58.892392][ T3660] loop0: detected capacity change from 0 to 32768
[   58.904150][ T3660] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   58.912426][ T3660] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   58.922786][ T3660] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   58.931390][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   58.938171][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3660] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3660] chdir("./file0")            = 0
[pid  3660] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3660] close(4)                    = 0
[pid  3660] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3659] <... futex resumed>)        = 0
[pid  3659] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3659] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3660] <... futex resumed>)        = 1
[pid  3660] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3660] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3659] <... futex resumed>)        = 0
[pid  3659] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3659] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3660] <... futex resumed>)        = 1
[   58.978002][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   58.987230][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[   58.992779][ T3660] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   59.009873][ T3660] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   59.018806][ T3660] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3660] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3659] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3659] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3659] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3659] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3661 attached
, parent_tid=[3661], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3661
[pid  3661] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3659] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3661] <... set_robust_list resumed>) = 0
[   59.018806][ T3660]   inode = 12 2341
[   59.018806][ T3660]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   59.039266][ T3660] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   59.049212][ T3660] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3660 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   59.064344][ T3660] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   59.064690][ T3661] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   59.073821][ T3660] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   59.081502][ T3661] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   59.089434][ T3660] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   59.097744][ T3661] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3660 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   59.107267][ T3660] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   59.117034][ T3661] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3661 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   59.123661][ T3660] gfs2: fsid=syz:syz.0: File system withdrawn
[   59.139453][ T3660] CPU: 0 PID: 3660 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   59.149882][ T3660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   59.159937][ T3660] Call Trace:
[   59.163209][ T3660]  <TASK>
[   59.166168][ T3660]  dump_stack_lvl+0x1b1/0x28e
[   59.170843][ T3660]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   59.176292][ T3660]  ? panic+0x710/0x710
[   59.180353][ T3660]  ? kobject_uevent_env+0x46b/0x8e0
[   59.185542][ T3660]  ? do_raw_spin_unlock+0x134/0x8a0
[   59.190743][ T3660]  gfs2_withdraw+0xf33/0x1540
[   59.195425][ T3660]  ? gfs2_lm+0x220/0x220
[   59.199655][ T3660]  ? gfs2_dirent_scan+0xb6/0x650
[   59.204585][ T3660]  ? panic+0x710/0x710
[   59.208640][ T3660]  ? gfs2_permission+0x2ff/0x430
[   59.213579][ T3660]  ? gfs2_consist_inode_i+0xf3/0x110
[   59.218856][ T3660]  gfs2_dirent_scan+0x535/0x650
[   59.223714][ T3660]  ? gfs2_dirent_search+0xb10/0xb10
[   59.228911][ T3660]  gfs2_dirent_search+0x2ea/0xb10
[   59.233937][ T3660]  ? gfs2_dirent_search+0xb10/0xb10
[   59.239141][ T3660]  ? gfs2_dir_search+0x2a0/0x2a0
[   59.244074][ T3660]  ? gfs2_permission+0x3bf/0x430
[   59.249010][ T3660]  gfs2_dir_search+0x8c/0x2a0
[   59.253682][ T3660]  ? do_filldir_main+0x530/0x530
[   59.258614][ T3660]  ? inode_go_held+0xe4/0x1f0
[   59.263286][ T3660]  ? gfs2_glock_wait+0x213/0x2a0
[   59.268228][ T3660]  gfs2_lookupi+0x465/0x650
[   59.272744][ T3660]  ? gfs2_lookup_simple+0x170/0x170
[   59.277940][ T3660]  ? __gfs2_lookup+0x8c/0x260
[   59.282617][ T3660]  __gfs2_lookup+0x8c/0x260
[   59.287118][ T3660]  ? gfs2_atomic_open+0x230/0x230
[   59.292137][ T3660]  ? __d_lookup+0x6a4/0x770
[   59.296627][ T3660]  ? d_hash_and_lookup+0x1c0/0x1c0
[   59.301904][ T3660]  gfs2_atomic_open+0xa4/0x230
[   59.306664][ T3660]  path_openat+0xf39/0x2df0
[   59.311166][ T3660]  ? gfs2_rename2+0x3000/0x3000
[   59.316020][ T3660]  ? do_filp_open+0x4f0/0x4f0
[   59.320700][ T3660]  do_filp_open+0x264/0x4f0
[   59.325281][ T3660]  ? vfs_tmpfile+0x490/0x490
[   59.329870][ T3660]  ? do_raw_spin_unlock+0x134/0x8a0
[   59.335083][ T3660]  ? _raw_spin_unlock+0x24/0x40
[   59.339953][ T3660]  ? alloc_fd+0x5a7/0x640
[   59.344283][ T3660]  do_sys_openat2+0x124/0x4e0
[   59.348952][ T3660]  ? print_irqtrace_events+0x220/0x220
[   59.354410][ T3660]  ? ptrace_stop+0x74d/0x970
[   59.358992][ T3660]  ? do_sys_open+0x220/0x220
[   59.363576][ T3660]  ? lockdep_hardirqs_on+0x8d/0x130
[   59.368764][ T3660]  ? _raw_spin_unlock_irq+0x2a/0x40
[   59.373956][ T3660]  ? ptrace_notify+0x245/0x340
[   59.378713][ T3660]  __x64_sys_openat+0x243/0x290
[   59.383561][ T3660]  ? __ia32_sys_open+0x270/0x270
[   59.388493][ T3660]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   59.394468][ T3660]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   59.400451][ T3660]  do_syscall_64+0x3d/0xb0
[   59.404950][ T3660]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   59.410832][ T3660] RIP: 0033:0x7fc8868064d9
[   59.415238][ T3660] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   59.434833][ T3660] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   59.443237][ T3660] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   59.451196][ T3660] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   59.459158][ T3660] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   59.467116][ T3660] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3661] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3660] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3661] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3660] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3660] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3661] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3661] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3659] exit_group(0 <unfinished ...>
[pid  3660] <... futex resumed>)        = ?
[pid  3659] <... exit_group resumed>)   = ?
[pid  3660] +++ exited with 0 +++
[pid  3661] <... futex resumed>)        = ?
[pid  3661] +++ exited with 0 +++
[pid  3659] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3659, si_uid=0, si_status=0, si_utime=3, si_stime=39} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./9/binderfs")                  = 0
[   59.475078][ T3660] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   59.483054][ T3660]  </TASK>
[   59.486426][ T3661] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./9/file0")                      = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./9")                            = 0
mkdir("./10", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3662
./strace-static-x86_64: Process 3662 attached
[pid  3662] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3662] chdir("./10")               = 0
[pid  3662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3662] setpgid(0, 0)               = 0
[pid  3662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3662] write(3, "1000", 4)         = 4
[pid  3662] close(3)                    = 0
[pid  3662] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3662] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3662] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3662] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3663 attached
, parent_tid=[3663], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3663
[pid  3662] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3663] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3662] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3663] <... set_robust_list resumed>) = 0
[pid  3663] memfd_create("syzkaller", 0) = 3
[pid  3663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3663] munmap(0x7fc87e392000, 16777216) = 0
[pid  3663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3663] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3663] close(3)                    = 0
[pid  3663] mkdir("./file0", 0777)      = 0
[   59.811904][ T3663] loop0: detected capacity change from 0 to 32768
[   59.823006][ T3663] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   59.831240][ T3663] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   59.841699][ T3663] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   59.850779][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   59.857563][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3663] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3663] chdir("./file0")            = 0
[pid  3663] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3663] close(4)                    = 0
[pid  3663] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3662] <... futex resumed>)        = 0
[pid  3662] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3662] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3663] <... futex resumed>)        = 1
[pid  3663] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3663] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3662] <... futex resumed>)        = 0
[pid  3662] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3662] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3663] <... futex resumed>)        = 1
[   59.897526][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   59.905120][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   59.910413][ T3663] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   59.925627][ T3663] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   59.934500][ T3663] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   59.934500][ T3663]   inode = 12 2341
[pid  3663] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3662] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3662] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   59.934500][ T3663]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   59.953658][ T3663] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   59.963296][ T3663] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3663 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   59.973419][ T3663] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   59.981943][ T3663] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   59.989215][ T3663] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3662] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3662] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3664], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3664
[pid  3662] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3664 attached
[pid  3664] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3664] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3664] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   59.998111][ T3663] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   60.004734][ T3663] gfs2: fsid=syz:syz.0: File system withdrawn
[   60.010934][ T3663] CPU: 0 PID: 3663 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   60.021364][ T3663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.031428][ T3663] Call Trace:
[   60.034698][ T3663]  <TASK>
[   60.037620][ T3663]  dump_stack_lvl+0x1b1/0x28e
[   60.042287][ T3663]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   60.047732][ T3663]  ? panic+0x710/0x710
[   60.051790][ T3663]  ? kobject_uevent_env+0x46b/0x8e0
[   60.056980][ T3663]  ? do_raw_spin_unlock+0x134/0x8a0
[   60.062188][ T3663]  gfs2_withdraw+0xf33/0x1540
[   60.066889][ T3663]  ? gfs2_lm+0x220/0x220
[   60.071122][ T3663]  ? gfs2_dirent_scan+0xb6/0x650
[   60.076059][ T3663]  ? panic+0x710/0x710
[   60.080124][ T3663]  ? gfs2_permission+0x2ff/0x430
[   60.085063][ T3663]  ? gfs2_consist_inode_i+0xf3/0x110
[   60.090340][ T3663]  gfs2_dirent_scan+0x535/0x650
[   60.095189][ T3663]  ? gfs2_dirent_search+0xb10/0xb10
[   60.100383][ T3663]  gfs2_dirent_search+0x2ea/0xb10
[   60.105402][ T3663]  ? gfs2_dirent_search+0xb10/0xb10
[   60.110600][ T3663]  ? gfs2_dir_search+0x2a0/0x2a0
[   60.115530][ T3663]  ? gfs2_permission+0x3bf/0x430
[   60.120466][ T3663]  gfs2_dir_search+0x8c/0x2a0
[   60.125139][ T3663]  ? do_filldir_main+0x530/0x530
[   60.130071][ T3663]  ? inode_go_held+0xe4/0x1f0
[   60.134746][ T3663]  ? gfs2_glock_wait+0x213/0x2a0
[   60.139675][ T3663]  gfs2_lookupi+0x465/0x650
[   60.144177][ T3663]  ? gfs2_lookup_simple+0x170/0x170
[   60.149368][ T3663]  ? __gfs2_lookup+0x8c/0x260
[   60.154048][ T3663]  __gfs2_lookup+0x8c/0x260
[   60.158546][ T3663]  ? gfs2_atomic_open+0x230/0x230
[   60.163576][ T3663]  ? __d_lookup+0x6a4/0x770
[   60.168076][ T3663]  ? d_hash_and_lookup+0x1c0/0x1c0
[   60.173178][ T3663]  gfs2_atomic_open+0xa4/0x230
[   60.177937][ T3663]  path_openat+0xf39/0x2df0
[   60.182444][ T3663]  ? gfs2_rename2+0x3000/0x3000
[   60.187311][ T3663]  ? do_filp_open+0x4f0/0x4f0
[   60.191998][ T3663]  do_filp_open+0x264/0x4f0
[   60.196493][ T3663]  ? vfs_tmpfile+0x490/0x490
[   60.201080][ T3663]  ? do_raw_spin_unlock+0x134/0x8a0
[   60.206278][ T3663]  ? _raw_spin_unlock+0x24/0x40
[   60.211126][ T3663]  ? alloc_fd+0x5a7/0x640
[   60.215544][ T3663]  do_sys_openat2+0x124/0x4e0
[   60.220213][ T3663]  ? print_irqtrace_events+0x220/0x220
[   60.225666][ T3663]  ? ptrace_stop+0x74d/0x970
[   60.230249][ T3663]  ? do_sys_open+0x220/0x220
[   60.234839][ T3663]  ? lockdep_hardirqs_on+0x8d/0x130
[   60.240030][ T3663]  ? _raw_spin_unlock_irq+0x2a/0x40
[   60.245231][ T3663]  ? ptrace_notify+0x245/0x340
[   60.249987][ T3663]  __x64_sys_openat+0x243/0x290
[   60.254834][ T3663]  ? __ia32_sys_open+0x270/0x270
[   60.259770][ T3663]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   60.265749][ T3663]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   60.271726][ T3663]  do_syscall_64+0x3d/0xb0
[   60.276136][ T3663]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   60.282022][ T3663] RIP: 0033:0x7fc8868064d9
[   60.286434][ T3663] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   60.306038][ T3663] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   60.314445][ T3663] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   60.322429][ T3663] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   60.330490][ T3663] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   60.338450][ T3663] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3664] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3663] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3663] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3663] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3662] exit_group(0 <unfinished ...>
[pid  3664] <... futex resumed>)        = ?
[pid  3663] <... futex resumed>)        = ?
[pid  3662] <... exit_group resumed>)   = ?
[pid  3663] +++ exited with 0 +++
[pid  3664] +++ exited with 0 +++
[pid  3662] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3662, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./10/binderfs")                 = 0
[   60.346412][ T3663] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   60.354403][ T3663]  </TASK>
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./10/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./10")                           = 0
mkdir("./11", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3665
./strace-static-x86_64: Process 3665 attached
[pid  3665] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3665] chdir("./11")               = 0
[pid  3665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3665] setpgid(0, 0)               = 0
[pid  3665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3665] write(3, "1000", 4)         = 4
[pid  3665] close(3)                    = 0
[pid  3665] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3665] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3665] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3665] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3666], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3666
[pid  3665] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3666 attached
[pid  3666] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3665] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3666] memfd_create("syzkaller", 0) = 3
[pid  3666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3666] munmap(0x7fc87e392000, 16777216) = 0
[pid  3666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3666] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3666] close(3)                    = 0
[pid  3666] mkdir("./file0", 0777)      = 0
[   60.650077][ T3666] loop0: detected capacity change from 0 to 32768
[   60.660751][ T3666] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   60.668998][ T3666] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   60.679414][ T3666] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   60.688288][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   60.695258][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3666] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3666] chdir("./file0")            = 0
[pid  3666] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3666] close(4)                    = 0
[pid  3666] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3665] <... futex resumed>)        = 0
[pid  3666] <... futex resumed>)        = 1
[pid  3665] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3666] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3665] <... futex resumed>)        = 0
[pid  3666] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3666] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3666] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3665] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3665] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3665] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3666] <... futex resumed>)        = 0
[   60.737171][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 41ms
[   60.746033][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   60.751614][ T3666] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   60.784803][ T3666] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   60.793859][ T3666] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   60.793859][ T3666]   inode = 12 2341
[   60.793859][ T3666]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   60.813059][ T3666] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   60.822420][ T3666] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3666 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3666] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3665] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3665] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3665] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3665] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3667], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3667
[pid  3665] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3667 attached
[pid  3667] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3667] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3667] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   60.832555][ T3666] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   60.841101][ T3666] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   60.848350][ T3666] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   60.857211][ T3666] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   60.863872][ T3666] gfs2: fsid=syz:syz.0: File system withdrawn
[   60.869946][ T3666] CPU: 0 PID: 3666 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   60.880374][ T3666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   60.890462][ T3666] Call Trace:
[   60.893754][ T3666]  <TASK>
[   60.896677][ T3666]  dump_stack_lvl+0x1b1/0x28e
[   60.901352][ T3666]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   60.906813][ T3666]  ? panic+0x710/0x710
[   60.910904][ T3666]  ? kobject_uevent_env+0x46b/0x8e0
[   60.916138][ T3666]  ? do_raw_spin_unlock+0x134/0x8a0
[   60.921376][ T3666]  gfs2_withdraw+0xf33/0x1540
[   60.926063][ T3666]  ? gfs2_lm+0x220/0x220
[   60.930322][ T3666]  ? gfs2_dirent_scan+0xb6/0x650
[   60.935281][ T3666]  ? panic+0x710/0x710
[   60.939344][ T3666]  ? gfs2_permission+0x2ff/0x430
[   60.944294][ T3666]  ? gfs2_consist_inode_i+0xf3/0x110
[   60.949593][ T3666]  gfs2_dirent_scan+0x535/0x650
[   60.954485][ T3666]  ? gfs2_dirent_search+0xb10/0xb10
[   60.960062][ T3666]  gfs2_dirent_search+0x2ea/0xb10
[   60.965102][ T3666]  ? gfs2_dirent_search+0xb10/0xb10
[   60.970568][ T3666]  ? gfs2_dir_search+0x2a0/0x2a0
[   60.975512][ T3666]  ? gfs2_permission+0x3bf/0x430
[   60.980468][ T3666]  gfs2_dir_search+0x8c/0x2a0
[pid  3667] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3665] exit_group(0 <unfinished ...>
[pid  3667] <... futex resumed>)        = ?
[pid  3665] <... exit_group resumed>)   = ?
[pid  3667] +++ exited with 0 +++
[   60.985151][ T3666]  ? do_filldir_main+0x530/0x530
[   60.990471][ T3666]  ? inode_go_held+0xe4/0x1f0
[   60.995166][ T3666]  ? gfs2_glock_wait+0x213/0x2a0
[   61.000105][ T3666]  gfs2_lookupi+0x465/0x650
[   61.004623][ T3666]  ? gfs2_lookup_simple+0x170/0x170
[   61.009812][ T3666]  ? __gfs2_lookup+0x8c/0x260
[   61.014483][ T3666]  __gfs2_lookup+0x8c/0x260
[   61.019081][ T3666]  ? gfs2_atomic_open+0x230/0x230
[   61.024157][ T3666]  ? __d_lookup+0x6a4/0x770
[   61.028648][ T3666]  ? d_hash_and_lookup+0x1c0/0x1c0
[   61.033764][ T3666]  gfs2_atomic_open+0xa4/0x230
[   61.038535][ T3666]  path_openat+0xf39/0x2df0
[   61.043049][ T3666]  ? gfs2_rename2+0x3000/0x3000
[   61.047917][ T3666]  ? do_filp_open+0x4f0/0x4f0
[   61.052592][ T3666]  do_filp_open+0x264/0x4f0
[   61.057083][ T3666]  ? vfs_tmpfile+0x490/0x490
[   61.061667][ T3666]  ? do_raw_spin_unlock+0x134/0x8a0
[   61.066860][ T3666]  ? _raw_spin_unlock+0x24/0x40
[   61.071716][ T3666]  ? alloc_fd+0x5a7/0x640
[   61.076068][ T3666]  do_sys_openat2+0x124/0x4e0
[   61.080735][ T3666]  ? print_irqtrace_events+0x220/0x220
[   61.086181][ T3666]  ? ptrace_stop+0x74d/0x970
[   61.090760][ T3666]  ? do_sys_open+0x220/0x220
[   61.095339][ T3666]  ? lockdep_hardirqs_on+0x8d/0x130
[   61.100538][ T3666]  ? _raw_spin_unlock_irq+0x2a/0x40
[   61.105741][ T3666]  ? ptrace_notify+0x245/0x340
[   61.110493][ T3666]  __x64_sys_openat+0x243/0x290
[   61.115336][ T3666]  ? __ia32_sys_open+0x270/0x270
[   61.120284][ T3666]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   61.126275][ T3666]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   61.132245][ T3666]  do_syscall_64+0x3d/0xb0
[   61.136670][ T3666]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   61.142590][ T3666] RIP: 0033:0x7fc8868064d9
[   61.147016][ T3666] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   61.166621][ T3666] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   61.175129][ T3666] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3666] <... openat resumed>)       = ?
[pid  3666] +++ exited with 0 +++
[pid  3665] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3665, si_uid=0, si_status=0, si_utime=3, si_stime=27} ---
umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./11/binderfs")                 = 0
[   61.183100][ T3666] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   61.191090][ T3666] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   61.199067][ T3666] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   61.207030][ T3666] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   61.215005][ T3666]  </TASK>
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./11/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./11")                           = 0
mkdir("./12", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3668
./strace-static-x86_64: Process 3668 attached
[pid  3668] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3668] chdir("./12")               = 0
[pid  3668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3668] setpgid(0, 0)               = 0
[pid  3668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3668] write(3, "1000", 4)         = 4
[pid  3668] close(3)                    = 0
[pid  3668] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3668] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3668] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3668] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3669 attached
 <unfinished ...>
[pid  3669] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3669] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3668] <... clone resumed>, parent_tid=[3669], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3669
[pid  3668] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3669] <... futex resumed>)        = 0
[pid  3668] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3669] memfd_create("syzkaller", 0) = 3
[pid  3669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3669] munmap(0x7fc87e392000, 16777216) = 0
[pid  3669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3669] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3669] close(3)                    = 0
[pid  3669] mkdir("./file0", 0777)      = 0
[   61.566096][ T3669] loop0: detected capacity change from 0 to 32768
[   61.576814][ T3669] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   61.585223][ T3669] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   61.594951][ T3669] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   61.603884][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   61.611183][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3669] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3669] chdir("./file0")            = 0
[pid  3669] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3669] close(4)                    = 0
[pid  3669] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3668] <... futex resumed>)        = 0
[pid  3669] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3668] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3669] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3668] <... futex resumed>)        = 0
[pid  3669] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3668] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3669] <... futex resumed>)        = 0
[pid  3668] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3669] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3668] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3669] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3668] <... futex resumed>)        = 0
[pid  3669] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   61.654415][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 43ms
[   61.663365][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   61.668681][ T3669] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   61.698630][ T3669] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   61.708380][ T3669] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   61.708380][ T3669]   inode = 12 2341
[   61.708380][ T3669]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   61.727442][ T3669] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   61.736675][ T3669] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3669 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3668] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3668] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3668] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3668] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3670 attached
, parent_tid=[3670], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3670
[pid  3668] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3670] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3668] <... futex resumed>)        = 0
[pid  3670] <... set_robust_list resumed>) = 0
[pid  3670] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3670] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   61.746770][ T3669] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   61.755242][ T3669] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   61.762586][ T3669] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   61.771436][ T3669] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   61.778423][ T3669] gfs2: fsid=syz:syz.0: File system withdrawn
[   61.787991][ T3669] CPU: 0 PID: 3669 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   61.798437][ T3669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   61.808487][ T3669] Call Trace:
[   61.811756][ T3669]  <TASK>
[   61.814679][ T3669]  dump_stack_lvl+0x1b1/0x28e
[   61.819362][ T3669]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   61.824824][ T3669]  ? panic+0x710/0x710
[   61.828883][ T3669]  ? kobject_uevent_env+0x46b/0x8e0
[   61.834068][ T3669]  ? do_raw_spin_unlock+0x134/0x8a0
[   61.839275][ T3669]  gfs2_withdraw+0xf33/0x1540
[   61.843967][ T3669]  ? gfs2_lm+0x220/0x220
[   61.848200][ T3669]  ? gfs2_dirent_scan+0xb6/0x650
[   61.853135][ T3669]  ? panic+0x710/0x710
[   61.857278][ T3669]  ? gfs2_permission+0x2ff/0x430
[   61.862210][ T3669]  ? gfs2_consist_inode_i+0xf3/0x110
[   61.867493][ T3669]  gfs2_dirent_scan+0x535/0x650
[   61.872356][ T3669]  ? gfs2_dirent_search+0xb10/0xb10
[   61.877568][ T3669]  gfs2_dirent_search+0x2ea/0xb10
[   61.882605][ T3669]  ? gfs2_dirent_search+0xb10/0xb10
[   61.887793][ T3669]  ? gfs2_dir_search+0x2a0/0x2a0
[   61.892723][ T3669]  ? gfs2_permission+0x3bf/0x430
[   61.897661][ T3669]  gfs2_dir_search+0x8c/0x2a0
[   61.902335][ T3669]  ? do_filldir_main+0x530/0x530
[   61.907354][ T3669]  ? inode_go_held+0xe4/0x1f0
[   61.912027][ T3669]  ? gfs2_glock_wait+0x213/0x2a0
[   61.916961][ T3669]  gfs2_lookupi+0x465/0x650
[   61.921486][ T3669]  ? gfs2_lookup_simple+0x170/0x170
[   61.926679][ T3669]  ? __gfs2_lookup+0x8c/0x260
[   61.931357][ T3669]  __gfs2_lookup+0x8c/0x260
[   61.935856][ T3669]  ? gfs2_atomic_open+0x230/0x230
[   61.940885][ T3669]  ? __d_lookup+0x6a4/0x770
[   61.945381][ T3669]  ? d_hash_and_lookup+0x1c0/0x1c0
[   61.950480][ T3669]  gfs2_atomic_open+0xa4/0x230
[   61.955239][ T3669]  path_openat+0xf39/0x2df0
[   61.959747][ T3669]  ? gfs2_rename2+0x3000/0x3000
[   61.964602][ T3669]  ? do_filp_open+0x4f0/0x4f0
[   61.969367][ T3669]  do_filp_open+0x264/0x4f0
[   61.973861][ T3669]  ? vfs_tmpfile+0x490/0x490
[   61.978455][ T3669]  ? do_raw_spin_unlock+0x134/0x8a0
[   61.983652][ T3669]  ? _raw_spin_unlock+0x24/0x40
[   61.988500][ T3669]  ? alloc_fd+0x5a7/0x640
[   61.992832][ T3669]  do_sys_openat2+0x124/0x4e0
[   61.997586][ T3669]  ? print_irqtrace_events+0x220/0x220
[   62.003041][ T3669]  ? ptrace_stop+0x74d/0x970
[   62.007623][ T3669]  ? do_sys_open+0x220/0x220
[   62.012204][ T3669]  ? lockdep_hardirqs_on+0x8d/0x130
[   62.017395][ T3669]  ? _raw_spin_unlock_irq+0x2a/0x40
[   62.022589][ T3669]  ? ptrace_notify+0x245/0x340
[   62.027349][ T3669]  __x64_sys_openat+0x243/0x290
[   62.032281][ T3669]  ? __ia32_sys_open+0x270/0x270
[   62.037214][ T3669]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   62.043193][ T3669]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   62.049165][ T3669]  do_syscall_64+0x3d/0xb0
[   62.053586][ T3669]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.059470][ T3669] RIP: 0033:0x7fc8868064d9
[   62.063876][ T3669] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   62.083475][ T3669] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   62.091903][ T3669] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3670] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3669] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3669] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3669] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3668] exit_group(0 <unfinished ...>
[pid  3670] <... futex resumed>)        = ?
[pid  3669] <... futex resumed>)        = ?
[pid  3668] <... exit_group resumed>)   = ?
[pid  3670] +++ exited with 0 +++
[pid  3669] +++ exited with 0 +++
[pid  3668] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3668, si_uid=0, si_status=0, si_utime=1, si_stime=32} ---
umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./12/binderfs")                 = 0
[   62.099867][ T3669] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   62.107842][ T3669] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   62.115802][ T3669] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   62.123762][ T3669] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   62.131738][ T3669]  </TASK>
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./12/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./12")                           = 0
mkdir("./13", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3671
./strace-static-x86_64: Process 3671 attached
[pid  3671] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3671] chdir("./13")               = 0
[pid  3671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3671] setpgid(0, 0)               = 0
[pid  3671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3671] write(3, "1000", 4)         = 4
[pid  3671] close(3)                    = 0
[pid  3671] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3671] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3671] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3671] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3672 attached
, parent_tid=[3672], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3672
[pid  3671] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3671] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3672] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3672] memfd_create("syzkaller", 0) = 3
[pid  3672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3672] munmap(0x7fc87e392000, 16777216) = 0
[pid  3672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3672] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3672] close(3)                    = 0
[pid  3672] mkdir("./file0", 0777)      = 0
[   62.439641][ T3672] loop0: detected capacity change from 0 to 32768
[   62.451246][ T3672] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   62.459437][ T3672] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   62.469420][ T3672] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   62.478299][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   62.485234][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3672] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3672] chdir("./file0")            = 0
[pid  3672] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3672] close(4)                    = 0
[pid  3672] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3672] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3671] <... futex resumed>)        = 0
[pid  3671] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3671] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3672] <... futex resumed>)        = 0
[pid  3672] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3672] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3671] <... futex resumed>)        = 0
[pid  3671] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3671] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3672] <... futex resumed>)        = 1
[   62.525357][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   62.534178][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   62.539425][ T3672] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   62.570716][ T3672] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   62.579757][ T3672] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   62.579757][ T3672]   inode = 12 2341
[   62.579757][ T3672]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   62.598931][ T3672] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   62.608454][ T3672] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3672 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3672] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3671] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3671] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3671] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3671] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3673], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3673
[pid  3671] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3673 attached
[pid  3673] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3673] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3673] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   62.619018][ T3672] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   62.627802][ T3672] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   62.636128][ T3672] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   62.645155][ T3672] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   62.652574][ T3672] gfs2: fsid=syz:syz.0: File system withdrawn
[   62.658726][ T3672] CPU: 0 PID: 3672 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   62.669150][ T3672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   62.679201][ T3672] Call Trace:
[   62.682476][ T3672]  <TASK>
[   62.685400][ T3672]  dump_stack_lvl+0x1b1/0x28e
[   62.690077][ T3672]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   62.695551][ T3672]  ? panic+0x710/0x710
[   62.699624][ T3672]  ? kobject_uevent_env+0x46b/0x8e0
[   62.704817][ T3672]  ? do_raw_spin_unlock+0x134/0x8a0
[   62.710039][ T3672]  gfs2_withdraw+0xf33/0x1540
[   62.714745][ T3672]  ? gfs2_lm+0x220/0x220
[   62.718987][ T3672]  ? gfs2_dirent_scan+0xb6/0x650
[   62.723934][ T3672]  ? panic+0x710/0x710
[   62.727999][ T3672]  ? gfs2_permission+0x2ff/0x430
[   62.732959][ T3672]  ? gfs2_consist_inode_i+0xf3/0x110
[   62.738256][ T3672]  gfs2_dirent_scan+0x535/0x650
[   62.743119][ T3672]  ? gfs2_dirent_search+0xb10/0xb10
[   62.748341][ T3672]  gfs2_dirent_search+0x2ea/0xb10
[   62.753386][ T3672]  ? gfs2_dirent_search+0xb10/0xb10
[   62.758614][ T3672]  ? gfs2_dir_search+0x2a0/0x2a0
[   62.763556][ T3672]  ? gfs2_permission+0x3bf/0x430
[   62.768525][ T3672]  gfs2_dir_search+0x8c/0x2a0
[   62.773223][ T3672]  ? do_filldir_main+0x530/0x530
[   62.778173][ T3672]  ? inode_go_held+0xe4/0x1f0
[   62.782851][ T3672]  ? gfs2_glock_wait+0x213/0x2a0
[   62.787783][ T3672]  gfs2_lookupi+0x465/0x650
[   62.792289][ T3672]  ? gfs2_lookup_simple+0x170/0x170
[   62.797489][ T3672]  ? __gfs2_lookup+0x8c/0x260
[   62.802168][ T3672]  __gfs2_lookup+0x8c/0x260
[   62.806669][ T3672]  ? gfs2_atomic_open+0x230/0x230
[   62.811901][ T3672]  ? __d_lookup+0x6a4/0x770
[   62.816423][ T3672]  ? d_hash_and_lookup+0x1c0/0x1c0
[   62.821546][ T3672]  gfs2_atomic_open+0xa4/0x230
[   62.826314][ T3672]  path_openat+0xf39/0x2df0
[   62.830835][ T3672]  ? gfs2_rename2+0x3000/0x3000
[   62.835695][ T3672]  ? do_filp_open+0x4f0/0x4f0
[   62.840379][ T3672]  do_filp_open+0x264/0x4f0
[   62.844874][ T3672]  ? vfs_tmpfile+0x490/0x490
[   62.849468][ T3672]  ? do_raw_spin_unlock+0x134/0x8a0
[   62.854666][ T3672]  ? _raw_spin_unlock+0x24/0x40
[   62.859514][ T3672]  ? alloc_fd+0x5a7/0x640
[   62.863844][ T3672]  do_sys_openat2+0x124/0x4e0
[   62.868518][ T3672]  ? print_irqtrace_events+0x220/0x220
[   62.873964][ T3672]  ? ptrace_stop+0x74d/0x970
[   62.878551][ T3672]  ? do_sys_open+0x220/0x220
[   62.883133][ T3672]  ? lockdep_hardirqs_on+0x8d/0x130
[   62.888326][ T3672]  ? _raw_spin_unlock_irq+0x2a/0x40
[   62.893524][ T3672]  ? ptrace_notify+0x245/0x340
[   62.898282][ T3672]  __x64_sys_openat+0x243/0x290
[   62.903147][ T3672]  ? __ia32_sys_open+0x270/0x270
[   62.908081][ T3672]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   62.914056][ T3672]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   62.920550][ T3672]  do_syscall_64+0x3d/0xb0
[   62.924960][ T3672]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   62.930848][ T3672] RIP: 0033:0x7fc8868064d9
[   62.935255][ T3672] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   62.954942][ T3672] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   62.963367][ T3672] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3673] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3672] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3672] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3671] exit_group(0 <unfinished ...>
[pid  3673] <... futex resumed>)        = ?
[pid  3672] <... futex resumed>)        = ?
[pid  3671] <... exit_group resumed>)   = ?
[pid  3673] +++ exited with 0 +++
[pid  3672] +++ exited with 0 +++
[pid  3671] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3671, si_uid=0, si_status=0, si_utime=0, si_stime=29} ---
umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./13/binderfs")                 = 0
[   62.971504][ T3672] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   62.979985][ T3672] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   62.987961][ T3672] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   62.995921][ T3672] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   63.003897][ T3672]  </TASK>
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./13/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./13")                           = 0
mkdir("./14", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3674
./strace-static-x86_64: Process 3674 attached
[pid  3674] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3674] chdir("./14")               = 0
[pid  3674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3674] setpgid(0, 0)               = 0
[pid  3674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3674] write(3, "1000", 4)         = 4
[pid  3674] close(3)                    = 0
[pid  3674] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3674] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3674] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3674] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3675], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3675
./strace-static-x86_64: Process 3675 attached
[pid  3674] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3674] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3675] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3675] memfd_create("syzkaller", 0) = 3
[pid  3675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3675] munmap(0x7fc87e392000, 16777216) = 0
[pid  3675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3675] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3675] close(3)                    = 0
[pid  3675] mkdir("./file0", 0777)      = 0
[   63.306796][ T3675] loop0: detected capacity change from 0 to 32768
[   63.317913][ T3675] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   63.326251][ T3675] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   63.336104][ T3675] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   63.344942][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   63.351841][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3675] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3675] chdir("./file0")            = 0
[pid  3675] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3675] close(4)                    = 0
[pid  3675] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3674] <... futex resumed>)        = 0
[pid  3675] <... futex resumed>)        = 1
[pid  3675] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3674] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3675] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3674] <... futex resumed>)        = 0
[pid  3675] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3674] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3675] <... futex resumed>)        = 0
[pid  3674] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3674] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[   63.384144][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[   63.391729][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   63.397083][ T3675] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3675] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3674] <... futex resumed>)        = 0
[   63.434351][ T3675] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   63.443496][ T3675] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   63.443496][ T3675]   inode = 12 2341
[   63.443496][ T3675]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   63.463128][ T3675] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   63.473186][ T3675] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3675 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3674] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3674] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[   63.483369][ T3675] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   63.491856][ T3675] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   63.499878][ T3675] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   63.508713][ T3675] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   63.516673][ T3675] gfs2: fsid=syz:syz.0: File system withdrawn
[   63.523760][ T3675] CPU: 0 PID: 3675 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   63.534285][ T3675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   63.544343][ T3675] Call Trace:
[   63.547612][ T3675]  <TASK>
[   63.550550][ T3675]  dump_stack_lvl+0x1b1/0x28e
[   63.555322][ T3675]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   63.560773][ T3675]  ? panic+0x710/0x710
[   63.564848][ T3675]  ? kobject_uevent_env+0x46b/0x8e0
[   63.570054][ T3675]  ? do_raw_spin_unlock+0x134/0x8a0
[   63.575260][ T3675]  gfs2_withdraw+0xf33/0x1540
[   63.580017][ T3675]  ? gfs2_lm+0x220/0x220
[   63.584299][ T3675]  ? gfs2_dirent_scan+0xb6/0x650
[   63.589254][ T3675]  ? panic+0x710/0x710
[   63.593345][ T3675]  ? gfs2_permission+0x2ff/0x430
[   63.598580][ T3675]  ? gfs2_consist_inode_i+0xf3/0x110
[   63.603862][ T3675]  gfs2_dirent_scan+0x535/0x650
[   63.608750][ T3675]  ? gfs2_dirent_search+0xb10/0xb10
[   63.613952][ T3675]  gfs2_dirent_search+0x2ea/0xb10
[   63.618987][ T3675]  ? gfs2_dirent_search+0xb10/0xb10
[   63.624199][ T3675]  ? gfs2_dir_search+0x2a0/0x2a0
[   63.629308][ T3675]  ? gfs2_permission+0x3bf/0x430
[   63.634700][ T3675]  gfs2_dir_search+0x8c/0x2a0
[   63.639384][ T3675]  ? do_filldir_main+0x530/0x530
[   63.644356][ T3675]  ? inode_go_held+0xe4/0x1f0
[   63.649068][ T3675]  ? gfs2_glock_wait+0x213/0x2a0
[   63.655491][ T3675]  gfs2_lookupi+0x465/0x650
[   63.660011][ T3675]  ? gfs2_lookup_simple+0x170/0x170
[   63.665242][ T3675]  ? __gfs2_lookup+0x8c/0x260
[   63.669945][ T3675]  __gfs2_lookup+0x8c/0x260
[   63.674446][ T3675]  ? gfs2_atomic_open+0x230/0x230
[   63.679472][ T3675]  ? __d_lookup+0x6a4/0x770
[   63.683966][ T3675]  ? d_hash_and_lookup+0x1c0/0x1c0
[   63.689074][ T3675]  gfs2_atomic_open+0xa4/0x230
[   63.693842][ T3675]  path_openat+0xf39/0x2df0
[   63.698518][ T3675]  ? gfs2_rename2+0x3000/0x3000
[   63.703380][ T3675]  ? do_filp_open+0x4f0/0x4f0
[   63.708063][ T3675]  do_filp_open+0x264/0x4f0
[   63.712575][ T3675]  ? vfs_tmpfile+0x490/0x490
[   63.717192][ T3675]  ? do_raw_spin_unlock+0x134/0x8a0
[   63.722420][ T3675]  ? _raw_spin_unlock+0x24/0x40
[   63.727374][ T3675]  ? alloc_fd+0x5a7/0x640
[   63.731718][ T3675]  do_sys_openat2+0x124/0x4e0
[   63.736397][ T3675]  ? print_irqtrace_events+0x220/0x220
[   63.741851][ T3675]  ? ptrace_stop+0x74d/0x970
[   63.746434][ T3675]  ? do_sys_open+0x220/0x220
[   63.751019][ T3675]  ? lockdep_hardirqs_on+0x8d/0x130
[   63.756213][ T3675]  ? _raw_spin_unlock_irq+0x2a/0x40
[   63.761407][ T3675]  ? ptrace_notify+0x245/0x340
[   63.766187][ T3675]  __x64_sys_openat+0x243/0x290
[   63.771078][ T3675]  ? __ia32_sys_open+0x270/0x270
[   63.776010][ T3675]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   63.781988][ T3675]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   63.787959][ T3675]  do_syscall_64+0x3d/0xb0
[   63.792368][ T3675]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   63.798259][ T3675] RIP: 0033:0x7fc8868064d9
[   63.802666][ T3675] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   63.822265][ T3675] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  3675] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3674] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  3675] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3674] <... mprotect resumed>)     = 0
[pid  3675] <... futex resumed>)        = 0
[pid  3674] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3675] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3674] <... clone resumed>, parent_tid=[3676], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3676
[pid  3674] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3676 attached
[pid  3676] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3676] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3676] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3676] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3674] exit_group(0 <unfinished ...>
[pid  3675] <... futex resumed>)        = ?
[pid  3674] <... exit_group resumed>)   = ?
[pid  3675] +++ exited with 0 +++
[pid  3676] <... futex resumed>)        = ?
[pid  3676] +++ exited with 0 +++
[pid  3674] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3674, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./14/binderfs")                 = 0
[   63.830667][ T3675] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   63.838629][ T3675] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   63.846589][ T3675] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   63.854564][ T3675] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   63.862541][ T3675] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   63.870515][ T3675]  </TASK>
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./14/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./14")                           = 0
mkdir("./15", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3677
./strace-static-x86_64: Process 3677 attached
[pid  3677] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3677] chdir("./15")               = 0
[pid  3677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3677] setpgid(0, 0)               = 0
[pid  3677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3677] write(3, "1000", 4)         = 4
[pid  3677] close(3)                    = 0
[pid  3677] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3677] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3677] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3677] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3678], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3678
[pid  3677] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3677] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3678 attached
 <unfinished ...>
[pid  3678] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3678] memfd_create("syzkaller", 0) = 3
[pid  3678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3678] munmap(0x7fc87e392000, 16777216) = 0
[pid  3678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3678] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3678] close(3)                    = 0
[pid  3678] mkdir("./file0", 0777)      = 0
[   64.173433][ T3678] loop0: detected capacity change from 0 to 32768
[   64.185736][ T3678] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   64.194225][ T3678] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   64.204688][ T3678] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   64.213757][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   64.220680][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3678] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3678] chdir("./file0")            = 0
[pid  3678] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3678] close(4)                    = 0
[pid  3678] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3677] <... futex resumed>)        = 0
[pid  3677] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3677] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3678] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3678] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3677] <... futex resumed>)        = 0
[pid  3677] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3677] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   64.258880][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   64.267755][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   64.273262][ T3678] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3678] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3677] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3677] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3677] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[   64.309631][ T3678] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   64.318399][ T3678] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   64.318399][ T3678]   inode = 12 2341
[   64.318399][ T3678]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   64.337831][ T3678] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   64.347194][ T3678] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3678 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3677] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3679], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3679
[pid  3677] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3679 attached
[pid  3679] set_robust_list(0x7fc87f3919e0, 24) = 0
[   64.357328][ T3678] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   64.365877][ T3678] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   64.373202][ T3678] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   64.382154][ T3678] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   64.390357][ T3678] gfs2: fsid=syz:syz.0: File system withdrawn
[   64.396458][ T3678] CPU: 0 PID: 3678 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   64.406890][ T3678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   64.417997][ T3678] Call Trace:
[   64.421350][ T3678]  <TASK>
[   64.424290][ T3678]  dump_stack_lvl+0x1b1/0x28e
[   64.429005][ T3678]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   64.434606][ T3678]  ? panic+0x710/0x710
[   64.438697][ T3678]  ? kobject_uevent_env+0x46b/0x8e0
[   64.443953][ T3678]  ? do_raw_spin_unlock+0x134/0x8a0
[   64.449191][ T3678]  gfs2_withdraw+0xf33/0x1540
[   64.453893][ T3678]  ? gfs2_lm+0x220/0x220
[   64.458142][ T3678]  ? gfs2_dirent_scan+0xb6/0x650
[   64.463180][ T3678]  ? panic+0x710/0x710
[   64.467278][ T3678]  ? gfs2_permission+0x2ff/0x430
[   64.472239][ T3678]  ? gfs2_consist_inode_i+0xf3/0x110
[   64.477525][ T3678]  gfs2_dirent_scan+0x535/0x650
[   64.482380][ T3678]  ? gfs2_dirent_search+0xb10/0xb10
[   64.487597][ T3678]  gfs2_dirent_search+0x2ea/0xb10
[   64.492644][ T3678]  ? gfs2_dirent_search+0xb10/0xb10
[   64.497864][ T3678]  ? gfs2_dir_search+0x2a0/0x2a0
[   64.502805][ T3678]  ? gfs2_permission+0x3bf/0x430
[   64.507777][ T3678]  gfs2_dir_search+0x8c/0x2a0
[   64.512466][ T3678]  ? do_filldir_main+0x530/0x530
[   64.517487][ T3678]  ? inode_go_held+0xe4/0x1f0
[   64.522210][ T3678]  ? gfs2_glock_wait+0x213/0x2a0
[   64.527244][ T3678]  gfs2_lookupi+0x465/0x650
[   64.531845][ T3678]  ? gfs2_lookup_simple+0x170/0x170
[   64.537047][ T3678]  ? __gfs2_lookup+0x8c/0x260
[   64.541749][ T3678]  __gfs2_lookup+0x8c/0x260
[   64.546295][ T3678]  ? gfs2_atomic_open+0x230/0x230
[   64.551335][ T3678]  ? __d_lookup+0x6a4/0x770
[   64.555835][ T3678]  ? d_hash_and_lookup+0x1c0/0x1c0
[   64.561026][ T3678]  gfs2_atomic_open+0xa4/0x230
[   64.565795][ T3678]  path_openat+0xf39/0x2df0
[   64.570302][ T3678]  ? gfs2_rename2+0x3000/0x3000
[   64.575164][ T3678]  ? do_filp_open+0x4f0/0x4f0
[   64.579848][ T3678]  do_filp_open+0x264/0x4f0
[   64.584344][ T3678]  ? vfs_tmpfile+0x490/0x490
[   64.588948][ T3678]  ? do_raw_spin_unlock+0x134/0x8a0
[   64.594235][ T3678]  ? _raw_spin_unlock+0x24/0x40
[   64.599082][ T3678]  ? alloc_fd+0x5a7/0x640
[   64.603415][ T3678]  do_sys_openat2+0x124/0x4e0
[   64.608088][ T3678]  ? print_irqtrace_events+0x220/0x220
[   64.613537][ T3678]  ? ptrace_stop+0x74d/0x970
[   64.618124][ T3678]  ? do_sys_open+0x220/0x220
[   64.622706][ T3678]  ? lockdep_hardirqs_on+0x8d/0x130
[   64.627898][ T3678]  ? _raw_spin_unlock_irq+0x2a/0x40
[   64.633093][ T3678]  ? ptrace_notify+0x245/0x340
[   64.637847][ T3678]  __x64_sys_openat+0x243/0x290
[   64.642716][ T3678]  ? __ia32_sys_open+0x270/0x270
[   64.647650][ T3678]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   64.653626][ T3678]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   64.659603][ T3678]  do_syscall_64+0x3d/0xb0
[   64.664014][ T3678]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   64.674672][ T3678] RIP: 0033:0x7fc8868064d9
[   64.679096][ T3678] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   64.698697][ T3678] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  3679] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3679] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3679] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3678] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3678] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3678] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3677] exit_group(0 <unfinished ...>
[pid  3679] <... futex resumed>)        = ?
[pid  3678] <... futex resumed>)        = ?
[pid  3677] <... exit_group resumed>)   = ?
[pid  3679] +++ exited with 0 +++
[pid  3678] +++ exited with 0 +++
[pid  3677] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3677, si_uid=0, si_status=0, si_utime=4, si_stime=26} ---
umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./15/binderfs")                 = 0
[   64.707100][ T3678] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   64.715062][ T3678] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   64.723022][ T3678] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   64.730984][ T3678] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   64.738976][ T3678] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   64.747047][ T3678]  </TASK>
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./15/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./15")                           = 0
mkdir("./16", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3680
./strace-static-x86_64: Process 3680 attached
[pid  3680] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3680] chdir("./16")               = 0
[pid  3680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3680] setpgid(0, 0)               = 0
[pid  3680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3680] write(3, "1000", 4)         = 4
[pid  3680] close(3)                    = 0
[pid  3680] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3680] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3680] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3680] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3681], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3681
[pid  3680] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3680] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3681 attached
 <unfinished ...>
[pid  3681] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3681] memfd_create("syzkaller", 0) = 3
[pid  3681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3681] munmap(0x7fc87e392000, 16777216) = 0
[pid  3681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3681] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3681] close(3)                    = 0
[pid  3681] mkdir("./file0", 0777)      = 0
[   65.061480][ T3681] loop0: detected capacity change from 0 to 32768
[   65.071687][ T3681] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   65.080239][ T3681] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   65.090157][ T3681] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   65.098895][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   65.106186][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3681] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3681] chdir("./file0")            = 0
[pid  3681] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3681] close(4)                    = 0
[pid  3681] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3680] <... futex resumed>)        = 0
[pid  3680] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3680] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3681] <... futex resumed>)        = 1
[pid  3681] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3681] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3680] <... futex resumed>)        = 0
[pid  3680] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3680] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3681] <... futex resumed>)        = 1
[   65.141985][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   65.149505][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[   65.155140][ T3681] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   65.183670][ T3681] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   65.192507][ T3681] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   65.192507][ T3681]   inode = 12 2341
[   65.192507][ T3681]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   65.211368][ T3681] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   65.220897][ T3681] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3681 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3681] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3680] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3680] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3680] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3680] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3682], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3682
[pid  3680] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3682 attached
[pid  3682] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3682] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3682] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   65.231542][ T3681] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   65.240070][ T3681] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   65.247432][ T3681] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   65.256309][ T3681] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   65.262969][ T3681] gfs2: fsid=syz:syz.0: File system withdrawn
[   65.269054][ T3681] CPU: 0 PID: 3681 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   65.279638][ T3681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   65.289798][ T3681] Call Trace:
[   65.293100][ T3681]  <TASK>
[   65.296047][ T3681]  dump_stack_lvl+0x1b1/0x28e
[   65.300748][ T3681]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   65.306222][ T3681]  ? panic+0x710/0x710
[   65.310308][ T3681]  ? kobject_uevent_env+0x46b/0x8e0
[   65.315517][ T3681]  ? do_raw_spin_unlock+0x134/0x8a0
[   65.320727][ T3681]  gfs2_withdraw+0xf33/0x1540
[   65.325420][ T3681]  ? gfs2_lm+0x220/0x220
[   65.329649][ T3681]  ? gfs2_dirent_scan+0xb6/0x650
[   65.334588][ T3681]  ? panic+0x710/0x710
[   65.338748][ T3681]  ? gfs2_permission+0x2ff/0x430
[   65.343692][ T3681]  ? gfs2_consist_inode_i+0xf3/0x110
[   65.348986][ T3681]  gfs2_dirent_scan+0x535/0x650
[   65.353838][ T3681]  ? gfs2_dirent_search+0xb10/0xb10
[   65.359041][ T3681]  gfs2_dirent_search+0x2ea/0xb10
[   65.364081][ T3681]  ? gfs2_dirent_search+0xb10/0xb10
[   65.369285][ T3681]  ? gfs2_dir_search+0x2a0/0x2a0
[   65.374233][ T3681]  ? gfs2_permission+0x3bf/0x430
[   65.379174][ T3681]  gfs2_dir_search+0x8c/0x2a0
[   65.383850][ T3681]  ? do_filldir_main+0x530/0x530
[   65.388784][ T3681]  ? inode_go_held+0xe4/0x1f0
[   65.393457][ T3681]  ? gfs2_glock_wait+0x213/0x2a0
[   65.398389][ T3681]  gfs2_lookupi+0x465/0x650
[   65.402892][ T3681]  ? gfs2_lookup_simple+0x170/0x170
[   65.408087][ T3681]  ? __gfs2_lookup+0x8c/0x260
[   65.412768][ T3681]  __gfs2_lookup+0x8c/0x260
[   65.417269][ T3681]  ? gfs2_atomic_open+0x230/0x230
[   65.422294][ T3681]  ? __d_lookup+0x6a4/0x770
[   65.426791][ T3681]  ? d_hash_and_lookup+0x1c0/0x1c0
[   65.431896][ T3681]  gfs2_atomic_open+0xa4/0x230
[   65.436672][ T3681]  path_openat+0xf39/0x2df0
[   65.441194][ T3681]  ? gfs2_rename2+0x3000/0x3000
[   65.446055][ T3681]  ? do_filp_open+0x4f0/0x4f0
[   65.450737][ T3681]  do_filp_open+0x264/0x4f0
[   65.455231][ T3681]  ? vfs_tmpfile+0x490/0x490
[   65.459823][ T3681]  ? do_raw_spin_unlock+0x134/0x8a0
[   65.465020][ T3681]  ? _raw_spin_unlock+0x24/0x40
[   65.470909][ T3681]  ? alloc_fd+0x5a7/0x640
[   65.475258][ T3681]  do_sys_openat2+0x124/0x4e0
[   65.479929][ T3681]  ? print_irqtrace_events+0x220/0x220
[   65.485738][ T3681]  ? ptrace_stop+0x74d/0x970
[   65.490321][ T3681]  ? do_sys_open+0x220/0x220
[   65.494907][ T3681]  ? lockdep_hardirqs_on+0x8d/0x130
[   65.500104][ T3681]  ? _raw_spin_unlock_irq+0x2a/0x40
[   65.505305][ T3681]  ? ptrace_notify+0x245/0x340
[   65.510062][ T3681]  __x64_sys_openat+0x243/0x290
[   65.514915][ T3681]  ? __ia32_sys_open+0x270/0x270
[   65.519849][ T3681]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   65.525822][ T3681]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   65.531795][ T3681]  do_syscall_64+0x3d/0xb0
[   65.536222][ T3681]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   65.542109][ T3681] RIP: 0033:0x7fc8868064d9
[   65.546522][ T3681] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   65.568029][ T3681] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   65.576534][ T3681] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3682] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3681] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3681] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3681] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3680] exit_group(0 <unfinished ...>
[pid  3681] <... futex resumed>)        = ?
[pid  3681] +++ exited with 0 +++
[pid  3680] <... exit_group resumed>)   = ?
[pid  3682] <... futex resumed>)        = ?
[pid  3682] +++ exited with 0 +++
[pid  3680] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3680, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./16/binderfs")                 = 0
[   65.584494][ T3681] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   65.592452][ T3681] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   65.600411][ T3681] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   65.608373][ T3681] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   65.616347][ T3681]  </TASK>
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./16/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./16")                           = 0
mkdir("./17", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3683
./strace-static-x86_64: Process 3683 attached
[pid  3683] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3683] chdir("./17")               = 0
[pid  3683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3683] setpgid(0, 0)               = 0
[pid  3683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3683] write(3, "1000", 4)         = 4
[pid  3683] close(3)                    = 0
[pid  3683] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3683] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3683] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3683] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3684], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3684
./strace-static-x86_64: Process 3684 attached
[pid  3684] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3684] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3683] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3684] <... futex resumed>)        = 0
[pid  3683] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3684] memfd_create("syzkaller", 0) = 3
[pid  3684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3684] munmap(0x7fc87e392000, 16777216) = 0
[pid  3684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3684] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3684] close(3)                    = 0
[pid  3684] mkdir("./file0", 0777)      = 0
[   65.967946][ T3684] loop0: detected capacity change from 0 to 32768
[   65.979584][ T3684] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   65.988222][ T3684] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   65.998090][ T3684] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   66.007247][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   66.014362][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3684] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3684] chdir("./file0")            = 0
[pid  3684] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3684] close(4)                    = 0
[pid  3684] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3683] <... futex resumed>)        = 0
[pid  3684] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3683] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3684] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3683] <... futex resumed>)        = 0
[pid  3684] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3683] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3684] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3684] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3683] <... futex resumed>)        = 0
[pid  3684] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3683] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3684] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3683] <... futex resumed>)        = 0
[pid  3684] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   66.054625][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   66.063965][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   66.069259][ T3684] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3683] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3683] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   66.109192][ T3684] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   66.117892][ T3684] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   66.117892][ T3684]   inode = 12 2341
[   66.117892][ T3684]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   66.136917][ T3684] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   66.146107][ T3684] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3684 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3683] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3683] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3685], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3685
[pid  3683] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3685 attached
[pid  3685] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3685] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3685] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   66.156167][ T3684] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   66.165535][ T3684] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   66.173128][ T3684] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   66.181994][ T3684] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   66.188572][ T3684] gfs2: fsid=syz:syz.0: File system withdrawn
[   66.194933][ T3684] CPU: 1 PID: 3684 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   66.205354][ T3684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   66.215404][ T3684] Call Trace:
[   66.218688][ T3684]  <TASK>
[   66.221625][ T3684]  dump_stack_lvl+0x1b1/0x28e
[   66.226312][ T3684]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   66.231770][ T3684]  ? panic+0x710/0x710
[   66.235857][ T3684]  ? kobject_uevent_env+0x46b/0x8e0
[   66.241070][ T3684]  ? do_raw_spin_unlock+0x134/0x8a0
[   66.246270][ T3684]  gfs2_withdraw+0xf33/0x1540
[   66.250950][ T3684]  ? gfs2_lm+0x220/0x220
[   66.255185][ T3684]  ? gfs2_dirent_scan+0xb6/0x650
[pid  3685] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3683] exit_group(0 <unfinished ...>
[pid  3685] <... futex resumed>)        = ?
[pid  3683] <... exit_group resumed>)   = ?
[pid  3685] +++ exited with 0 +++
[   66.260126][ T3684]  ? panic+0x710/0x710
[   66.264221][ T3684]  ? gfs2_permission+0x2ff/0x430
[   66.269173][ T3684]  ? gfs2_consist_inode_i+0xf3/0x110
[   66.274465][ T3684]  gfs2_dirent_scan+0x535/0x650
[   66.279330][ T3684]  ? gfs2_dirent_search+0xb10/0xb10
[   66.284536][ T3684]  gfs2_dirent_search+0x2ea/0xb10
[   66.289576][ T3684]  ? gfs2_dirent_search+0xb10/0xb10
[   66.294787][ T3684]  ? gfs2_dir_search+0x2a0/0x2a0
[   66.299741][ T3684]  ? gfs2_permission+0x3bf/0x430
[   66.304680][ T3684]  gfs2_dir_search+0x8c/0x2a0
[   66.309444][ T3684]  ? do_filldir_main+0x530/0x530
[   66.314387][ T3684]  ? inode_go_held+0xe4/0x1f0
[   66.319099][ T3684]  ? gfs2_glock_wait+0x213/0x2a0
[   66.324030][ T3684]  gfs2_lookupi+0x465/0x650
[   66.328546][ T3684]  ? gfs2_lookup_simple+0x170/0x170
[   66.333743][ T3684]  ? __gfs2_lookup+0x8c/0x260
[   66.338418][ T3684]  __gfs2_lookup+0x8c/0x260
[   66.342916][ T3684]  ? gfs2_atomic_open+0x230/0x230
[   66.349496][ T3684]  ? __d_lookup+0x6a4/0x770
[   66.353993][ T3684]  ? d_hash_and_lookup+0x1c0/0x1c0
[   66.359095][ T3684]  gfs2_atomic_open+0xa4/0x230
[   66.363948][ T3684]  path_openat+0xf39/0x2df0
[   66.368462][ T3684]  ? gfs2_rename2+0x3000/0x3000
[   66.373340][ T3684]  ? do_filp_open+0x4f0/0x4f0
[   66.378054][ T3684]  do_filp_open+0x264/0x4f0
[   66.382599][ T3684]  ? vfs_tmpfile+0x490/0x490
[   66.387195][ T3684]  ? do_raw_spin_unlock+0x134/0x8a0
[   66.392389][ T3684]  ? _raw_spin_unlock+0x24/0x40
[   66.397756][ T3684]  ? alloc_fd+0x5a7/0x640
[   66.402081][ T3684]  do_sys_openat2+0x124/0x4e0
[   66.406753][ T3684]  ? print_irqtrace_events+0x220/0x220
[   66.412212][ T3684]  ? ptrace_stop+0x74d/0x970
[   66.416809][ T3684]  ? do_sys_open+0x220/0x220
[   66.421408][ T3684]  ? lockdep_hardirqs_on+0x8d/0x130
[   66.426609][ T3684]  ? _raw_spin_unlock_irq+0x2a/0x40
[   66.431819][ T3684]  ? ptrace_notify+0x245/0x340
[   66.436588][ T3684]  __x64_sys_openat+0x243/0x290
[   66.441447][ T3684]  ? __ia32_sys_open+0x270/0x270
[   66.447613][ T3684]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   66.453589][ T3684]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   66.459573][ T3684]  do_syscall_64+0x3d/0xb0
[   66.463996][ T3684]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   66.469878][ T3684] RIP: 0033:0x7fc8868064d9
[   66.474285][ T3684] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   66.493985][ T3684] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   66.502412][ T3684] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3684] <... openat resumed>)       = ?
[pid  3684] +++ exited with 0 +++
[pid  3683] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3683, si_uid=0, si_status=0, si_utime=3, si_stime=26} ---
umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./17/binderfs")                 = 0
[   66.511162][ T3684] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   66.519130][ T3684] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   66.527110][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   66.535098][ T3684] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   66.543080][ T3684]  </TASK>
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./17/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./17")                           = 0
mkdir("./18", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3686
./strace-static-x86_64: Process 3686 attached
[pid  3686] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3686] chdir("./18")               = 0
[pid  3686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3686] setpgid(0, 0)               = 0
[pid  3686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3686] write(3, "1000", 4)         = 4
[pid  3686] close(3)                    = 0
[pid  3686] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3686] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3686] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3686] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3687], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3687
[pid  3686] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3686] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3687 attached
 <unfinished ...>
[pid  3687] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3687] memfd_create("syzkaller", 0) = 3
[pid  3687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3687] munmap(0x7fc87e392000, 16777216) = 0
[pid  3687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3687] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3687] close(3)                    = 0
[pid  3687] mkdir("./file0", 0777)      = 0
[   66.857991][ T3687] loop0: detected capacity change from 0 to 32768
[   66.868937][ T3687] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   66.877221][ T3687] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   66.887085][ T3687] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   66.895862][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   66.902844][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3687] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3687] chdir("./file0")            = 0
[pid  3687] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3687] close(4)                    = 0
[pid  3687] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3686] <... futex resumed>)        = 0
[pid  3687] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3686] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3687] <... futex resumed>)        = 0
[pid  3686] <... futex resumed>)        = 1
[pid  3687] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3686] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3687] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3686] <... futex resumed>)        = 0
[pid  3687] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3686] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   66.938281][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   66.947090][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   66.952487][ T3687] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   66.973191][ T3687] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3686] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3686] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   66.982466][ T3687] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   66.982466][ T3687]   inode = 12 2341
[   66.982466][ T3687]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   67.001406][ T3687] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   67.010844][ T3687] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3687 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   67.021232][ T3687] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   67.029669][ T3687] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3686] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3686] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3688], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3688
[pid  3686] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3688 attached
[pid  3688] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3688] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3688] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   67.037290][ T3687] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   67.046449][ T3687] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   67.053365][ T3687] gfs2: fsid=syz:syz.0: File system withdrawn
[   67.059464][ T3687] CPU: 1 PID: 3687 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   67.069884][ T3687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   67.079930][ T3687] Call Trace:
[   67.083215][ T3687]  <TASK>
[   67.086143][ T3687]  dump_stack_lvl+0x1b1/0x28e
[   67.093159][ T3687]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   67.098611][ T3687]  ? panic+0x710/0x710
[   67.102675][ T3687]  ? kobject_uevent_env+0x46b/0x8e0
[   67.107878][ T3687]  ? do_raw_spin_unlock+0x134/0x8a0
[   67.113122][ T3687]  gfs2_withdraw+0xf33/0x1540
[   67.117817][ T3687]  ? gfs2_lm+0x220/0x220
[   67.122049][ T3687]  ? gfs2_dirent_scan+0xb6/0x650
[   67.126980][ T3687]  ? panic+0x710/0x710
[   67.131039][ T3687]  ? gfs2_permission+0x2ff/0x430
[   67.135972][ T3687]  ? gfs2_consist_inode_i+0xf3/0x110
[   67.141251][ T3687]  gfs2_dirent_scan+0x535/0x650
[   67.146099][ T3687]  ? gfs2_dirent_search+0xb10/0xb10
[   67.151298][ T3687]  gfs2_dirent_search+0x2ea/0xb10
[   67.156323][ T3687]  ? gfs2_dirent_search+0xb10/0xb10
[   67.161515][ T3687]  ? gfs2_dir_search+0x2a0/0x2a0
[   67.166454][ T3687]  ? gfs2_permission+0x3bf/0x430
[   67.171417][ T3687]  gfs2_dir_search+0x8c/0x2a0
[   67.176092][ T3687]  ? do_filldir_main+0x530/0x530
[   67.181030][ T3687]  ? inode_go_held+0xe4/0x1f0
[   67.185706][ T3687]  ? gfs2_glock_wait+0x213/0x2a0
[   67.190646][ T3687]  gfs2_lookupi+0x465/0x650
[   67.195161][ T3687]  ? gfs2_lookup_simple+0x170/0x170
[   67.200354][ T3687]  ? __gfs2_lookup+0x8c/0x260
[   67.205032][ T3687]  __gfs2_lookup+0x8c/0x260
[   67.209616][ T3687]  ? gfs2_atomic_open+0x230/0x230
[   67.214726][ T3687]  ? __d_lookup+0x6a4/0x770
[   67.219222][ T3687]  ? d_hash_and_lookup+0x1c0/0x1c0
[   67.224326][ T3687]  gfs2_atomic_open+0xa4/0x230
[   67.229083][ T3687]  path_openat+0xf39/0x2df0
[   67.233589][ T3687]  ? gfs2_rename2+0x3000/0x3000
[   67.238451][ T3687]  ? do_filp_open+0x4f0/0x4f0
[   67.243137][ T3687]  do_filp_open+0x264/0x4f0
[   67.247629][ T3687]  ? vfs_tmpfile+0x490/0x490
[   67.252218][ T3687]  ? do_raw_spin_unlock+0x134/0x8a0
[   67.257414][ T3687]  ? _raw_spin_unlock+0x24/0x40
[   67.262278][ T3687]  ? alloc_fd+0x5a7/0x640
[   67.266608][ T3687]  do_sys_openat2+0x124/0x4e0
[   67.271364][ T3687]  ? print_irqtrace_events+0x220/0x220
[   67.276812][ T3687]  ? ptrace_stop+0x74d/0x970
[   67.281395][ T3687]  ? do_sys_open+0x220/0x220
[   67.285980][ T3687]  ? lockdep_hardirqs_on+0x8d/0x130
[   67.291171][ T3687]  ? _raw_spin_unlock_irq+0x2a/0x40
[   67.296366][ T3687]  ? ptrace_notify+0x245/0x340
[   67.301129][ T3687]  __x64_sys_openat+0x243/0x290
[   67.305974][ T3687]  ? __ia32_sys_open+0x270/0x270
[   67.310905][ T3687]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   67.316884][ T3687]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   67.322868][ T3687]  do_syscall_64+0x3d/0xb0
[   67.327276][ T3687]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   67.333161][ T3687] RIP: 0033:0x7fc8868064d9
[   67.337566][ T3687] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   67.357169][ T3687] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   67.365574][ T3687] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   67.373536][ T3687] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   67.381497][ T3687] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3688] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3687] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3687] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3686] exit_group(0 <unfinished ...>
[pid  3687] <... futex resumed>)        = ?
[pid  3686] <... exit_group resumed>)   = ?
[pid  3688] <... futex resumed>)        = ?
[pid  3687] +++ exited with 0 +++
[pid  3688] +++ exited with 0 +++
[pid  3686] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3686, si_uid=0, si_status=0, si_utime=4, si_stime=26} ---
umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./18/binderfs")                 = 0
[   67.389458][ T3687] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   67.397422][ T3687] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   67.405399][ T3687]  </TASK>
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./18/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./18")                           = 0
mkdir("./19", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3689
./strace-static-x86_64: Process 3689 attached
[pid  3689] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3689] chdir("./19")               = 0
[pid  3689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3689] setpgid(0, 0)               = 0
[pid  3689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3689] write(3, "1000", 4)         = 4
[pid  3689] close(3)                    = 0
[pid  3689] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3689] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3689] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3689] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3690], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3690
./strace-static-x86_64: Process 3690 attached
[pid  3690] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3690] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3689] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3690] <... futex resumed>)        = 0
[pid  3689] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3690] memfd_create("syzkaller", 0) = 3
[pid  3690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3690] munmap(0x7fc87e392000, 16777216) = 0
[pid  3690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3690] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3690] close(3)                    = 0
[pid  3690] mkdir("./file0", 0777)      = 0
[   67.710618][ T3690] loop0: detected capacity change from 0 to 32768
[   67.723500][ T3690] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   67.731969][ T3690] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   67.741376][ T3690] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   67.749841][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   67.757124][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3690] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3690] chdir("./file0")            = 0
[pid  3690] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3690] close(4)                    = 0
[pid  3690] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3690] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3689] <... futex resumed>)        = 0
[pid  3689] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3690] <... futex resumed>)        = 0
[pid  3689] <... futex resumed>)        = 1
[pid  3690] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3690] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3690] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3689] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3689] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3690] <... futex resumed>)        = 0
[pid  3689] <... futex resumed>)        = 1
[pid  3690] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   67.792366][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   67.801352][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   67.806591][ T3690] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   67.845011][ T3690] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   67.853626][ T3690] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   67.853626][ T3690]   inode = 12 2341
[   67.853626][ T3690]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   67.872515][ T3690] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   67.881738][ T3690] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3690 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3689] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3689] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3689] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3689] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3691], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3691
./strace-static-x86_64: Process 3691 attached
[pid  3689] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3691] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3689] <... futex resumed>)        = 0
[pid  3691] <... set_robust_list resumed>) = 0
[pid  3691] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3691] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   67.891921][ T3690] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   67.902123][ T3690] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   67.909837][ T3690] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   67.921128][ T3690] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   67.929349][ T3690] gfs2: fsid=syz:syz.0: File system withdrawn
[   67.935550][ T3690] CPU: 0 PID: 3690 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   67.945976][ T3690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   67.956036][ T3690] Call Trace:
[   67.959309][ T3690]  <TASK>
[   67.962234][ T3690]  dump_stack_lvl+0x1b1/0x28e
[   67.966922][ T3690]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   67.972401][ T3690]  ? panic+0x710/0x710
[   67.976488][ T3690]  ? kobject_uevent_env+0x46b/0x8e0
[   67.981693][ T3690]  ? do_raw_spin_unlock+0x134/0x8a0
[   67.986905][ T3690]  gfs2_withdraw+0xf33/0x1540
[   67.991601][ T3690]  ? gfs2_lm+0x220/0x220
[   67.995838][ T3690]  ? gfs2_dirent_scan+0xb6/0x650
[   68.000799][ T3690]  ? panic+0x710/0x710
[   68.004863][ T3690]  ? gfs2_permission+0x2ff/0x430
[   68.009863][ T3690]  ? gfs2_consist_inode_i+0xf3/0x110
[   68.015156][ T3690]  gfs2_dirent_scan+0x535/0x650
[   68.020004][ T3690]  ? gfs2_dirent_search+0xb10/0xb10
[   68.025217][ T3690]  gfs2_dirent_search+0x2ea/0xb10
[   68.030257][ T3690]  ? gfs2_dirent_search+0xb10/0xb10
[   68.035471][ T3690]  ? gfs2_dir_search+0x2a0/0x2a0
[   68.040750][ T3690]  ? gfs2_permission+0x3bf/0x430
[   68.045703][ T3690]  gfs2_dir_search+0x8c/0x2a0
[   68.050400][ T3690]  ? do_filldir_main+0x530/0x530
[   68.055335][ T3690]  ? inode_go_held+0xe4/0x1f0
[   68.060021][ T3690]  ? gfs2_glock_wait+0x213/0x2a0
[   68.065243][ T3690]  gfs2_lookupi+0x465/0x650
[   68.069760][ T3690]  ? gfs2_lookup_simple+0x170/0x170
[   68.074986][ T3690]  ? __gfs2_lookup+0x8c/0x260
[   68.079700][ T3690]  __gfs2_lookup+0x8c/0x260
[   68.084218][ T3690]  ? gfs2_atomic_open+0x230/0x230
[   68.089294][ T3690]  ? __d_lookup+0x6a4/0x770
[pid  3691] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3689] exit_group(0 <unfinished ...>
[pid  3691] <... futex resumed>)        = ?
[pid  3689] <... exit_group resumed>)   = ?
[pid  3691] +++ exited with 0 +++
[   68.093807][ T3690]  ? d_hash_and_lookup+0x1c0/0x1c0
[   68.099003][ T3690]  gfs2_atomic_open+0xa4/0x230
[   68.103773][ T3690]  path_openat+0xf39/0x2df0
[   68.108294][ T3690]  ? gfs2_rename2+0x3000/0x3000
[   68.113174][ T3690]  ? do_filp_open+0x4f0/0x4f0
[   68.117878][ T3690]  do_filp_open+0x264/0x4f0
[   68.122402][ T3690]  ? vfs_tmpfile+0x490/0x490
[   68.126993][ T3690]  ? do_raw_spin_unlock+0x134/0x8a0
[   68.132372][ T3690]  ? _raw_spin_unlock+0x24/0x40
[   68.137228][ T3690]  ? alloc_fd+0x5a7/0x640
[   68.141567][ T3690]  do_sys_openat2+0x124/0x4e0
[   68.146257][ T3690]  ? print_irqtrace_events+0x220/0x220
[   68.151707][ T3690]  ? ptrace_stop+0x74d/0x970
[   68.156294][ T3690]  ? do_sys_open+0x220/0x220
[   68.160878][ T3690]  ? lockdep_hardirqs_on+0x8d/0x130
[   68.166071][ T3690]  ? _raw_spin_unlock_irq+0x2a/0x40
[   68.171263][ T3690]  ? ptrace_notify+0x245/0x340
[   68.176031][ T3690]  __x64_sys_openat+0x243/0x290
[   68.180893][ T3690]  ? __ia32_sys_open+0x270/0x270
[   68.185836][ T3690]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   68.191826][ T3690]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   68.197828][ T3690]  do_syscall_64+0x3d/0xb0
[   68.202238][ T3690]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   68.208129][ T3690] RIP: 0033:0x7fc8868064d9
[   68.212563][ T3690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   68.232167][ T3690] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  3690] <... openat resumed>)       = ?
[pid  3690] +++ exited with 0 +++
[pid  3689] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3689, si_uid=0, si_status=0, si_utime=2, si_stime=25} ---
umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./19/binderfs")                 = 0
[   68.242226][ T3690] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   68.250204][ T3690] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   68.258166][ T3690] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   68.266213][ T3690] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   68.274194][ T3690] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   68.282183][ T3690]  </TASK>
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./19/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./19")                           = 0
mkdir("./20", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3692
./strace-static-x86_64: Process 3692 attached
[pid  3692] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3692] chdir("./20")               = 0
[pid  3692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3692] setpgid(0, 0)               = 0
[pid  3692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3692] write(3, "1000", 4)         = 4
[pid  3692] close(3)                    = 0
[pid  3692] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3692] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3692] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3692] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3693], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3693
[pid  3692] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3692] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3693 attached
 <unfinished ...>
[pid  3693] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3693] memfd_create("syzkaller", 0) = 3
[pid  3693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3693] munmap(0x7fc87e392000, 16777216) = 0
[pid  3693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3693] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3693] close(3)                    = 0
[pid  3693] mkdir("./file0", 0777)      = 0
[   68.587602][ T3693] loop0: detected capacity change from 0 to 32768
[   68.597243][ T3693] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   68.605769][ T3693] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   68.616409][ T3693] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   68.625371][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   68.632463][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3693] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3693] chdir("./file0")            = 0
[pid  3693] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3693] close(4)                    = 0
[pid  3693] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3692] <... futex resumed>)        = 0
[pid  3692] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3692] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3693] <... futex resumed>)        = 1
[pid  3693] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3693] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3692] <... futex resumed>)        = 0
[pid  3692] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3692] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3693] <... futex resumed>)        = 1
[   68.670309][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[   68.677808][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   68.683162][ T3693] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   68.697034][ T3693] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   68.705622][ T3693] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   68.705622][ T3693]   inode = 12 2341
[pid  3693] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3692] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3692] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3692] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3692] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3694], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3694
[pid  3692] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3694 attached
[pid  3694] set_robust_list(0x7fc87f3919e0, 24) = 0
[   68.705622][ T3693]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   68.724684][ T3693] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   68.734204][ T3693] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3693 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   68.744396][ T3693] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   68.753099][ T3693] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   68.760401][ T3693] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3694] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3694] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   68.769255][ T3693] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   68.775855][ T3693] gfs2: fsid=syz:syz.0: File system withdrawn
[   68.782027][ T3693] CPU: 0 PID: 3693 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   68.792450][ T3693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   68.802510][ T3693] Call Trace:
[   68.805788][ T3693]  <TASK>
[   68.808734][ T3693]  dump_stack_lvl+0x1b1/0x28e
[   68.813433][ T3693]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   68.818905][ T3693]  ? panic+0x710/0x710
[   68.822980][ T3693]  ? kobject_uevent_env+0x46b/0x8e0
[   68.828173][ T3693]  ? do_raw_spin_unlock+0x134/0x8a0
[   68.833371][ T3693]  gfs2_withdraw+0xf33/0x1540
[   68.838142][ T3693]  ? gfs2_lm+0x220/0x220
[   68.842373][ T3693]  ? gfs2_dirent_scan+0xb6/0x650
[   68.847313][ T3693]  ? panic+0x710/0x710
[   68.851395][ T3693]  ? gfs2_permission+0x2ff/0x430
[   68.856343][ T3693]  ? gfs2_consist_inode_i+0xf3/0x110
[   68.861706][ T3693]  gfs2_dirent_scan+0x535/0x650
[pid  3694] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3692] exit_group(0 <unfinished ...>
[pid  3694] <... futex resumed>)        = ?
[pid  3692] <... exit_group resumed>)   = ?
[pid  3694] +++ exited with 0 +++
[   68.866549][ T3693]  ? gfs2_dirent_search+0xb10/0xb10
[   68.871742][ T3693]  gfs2_dirent_search+0x2ea/0xb10
[   68.876773][ T3693]  ? gfs2_dirent_search+0xb10/0xb10
[   68.881986][ T3693]  ? gfs2_dir_search+0x2a0/0x2a0
[   68.886918][ T3693]  ? gfs2_permission+0x3bf/0x430
[   68.891889][ T3693]  gfs2_dir_search+0x8c/0x2a0
[   68.896577][ T3693]  ? do_filldir_main+0x530/0x530
[   68.901533][ T3693]  ? inode_go_held+0xe4/0x1f0
[   68.906208][ T3693]  ? gfs2_glock_wait+0x213/0x2a0
[   68.911143][ T3693]  gfs2_lookupi+0x465/0x650
[   68.915647][ T3693]  ? gfs2_lookup_simple+0x170/0x170
[   68.920839][ T3693]  ? __gfs2_lookup+0x8c/0x260
[   68.925517][ T3693]  __gfs2_lookup+0x8c/0x260
[   68.930022][ T3693]  ? gfs2_atomic_open+0x230/0x230
[   68.935073][ T3693]  ? __d_lookup+0x6a4/0x770
[   68.939570][ T3693]  ? d_hash_and_lookup+0x1c0/0x1c0
[   68.944688][ T3693]  gfs2_atomic_open+0xa4/0x230
[   68.949463][ T3693]  path_openat+0xf39/0x2df0
[   68.954062][ T3693]  ? gfs2_rename2+0x3000/0x3000
[   68.958935][ T3693]  ? do_filp_open+0x4f0/0x4f0
[   68.963714][ T3693]  do_filp_open+0x264/0x4f0
[   68.968209][ T3693]  ? vfs_tmpfile+0x490/0x490
[   68.972809][ T3693]  ? do_raw_spin_unlock+0x134/0x8a0
[   68.978054][ T3693]  ? _raw_spin_unlock+0x24/0x40
[   68.982931][ T3693]  ? alloc_fd+0x5a7/0x640
[   68.987259][ T3693]  do_sys_openat2+0x124/0x4e0
[   68.991938][ T3693]  ? print_irqtrace_events+0x220/0x220
[   68.997410][ T3693]  ? ptrace_stop+0x74d/0x970
[   69.002008][ T3693]  ? do_sys_open+0x220/0x220
[   69.006588][ T3693]  ? lockdep_hardirqs_on+0x8d/0x130
[   69.011776][ T3693]  ? _raw_spin_unlock_irq+0x2a/0x40
[   69.016967][ T3693]  ? ptrace_notify+0x245/0x340
[   69.021806][ T3693]  __x64_sys_openat+0x243/0x290
[   69.026651][ T3693]  ? __ia32_sys_open+0x270/0x270
[   69.031577][ T3693]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   69.037565][ T3693]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   69.043546][ T3693]  do_syscall_64+0x3d/0xb0
[   69.047954][ T3693]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.053931][ T3693] RIP: 0033:0x7fc8868064d9
[   69.058400][ T3693] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.078003][ T3693] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   69.087452][ T3693] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   69.095419][ T3693] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   69.103394][ T3693] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   69.111354][ T3693] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3693] <... openat resumed>)       = ?
[pid  3693] +++ exited with 0 +++
[pid  3692] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3692, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./20/binderfs")                 = 0
[   69.119321][ T3693] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   69.127313][ T3693]  </TASK>
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./20/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./20")                           = 0
mkdir("./21", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3695
./strace-static-x86_64: Process 3695 attached
[pid  3695] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3695] chdir("./21")               = 0
[pid  3695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3695] setpgid(0, 0)               = 0
[pid  3695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3695] write(3, "1000", 4)         = 4
[pid  3695] close(3)                    = 0
[pid  3695] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3695] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3695] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3695] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3696 attached
, parent_tid=[3696], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3696
[pid  3695] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3695] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3696] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3696] memfd_create("syzkaller", 0) = 3
[pid  3696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3696] munmap(0x7fc87e392000, 16777216) = 0
[pid  3696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3696] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3696] close(3)                    = 0
[pid  3696] mkdir("./file0", 0777)      = 0
[   69.443966][ T3696] loop0: detected capacity change from 0 to 32768
[   69.453733][ T3696] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   69.462268][ T3696] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   69.472620][ T3696] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   69.481241][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   69.488001][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3696] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3696] chdir("./file0")            = 0
[pid  3696] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3696] close(4)                    = 0
[pid  3696] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3695] <... futex resumed>)        = 0
[pid  3696] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3695] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3695] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3696] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3696] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3695] <... futex resumed>)        = 0
[pid  3696] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3695] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   69.526918][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   69.534659][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   69.540024][ T3696] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   69.553179][ T3696] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   69.561826][ T3696] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   69.561826][ T3696]   inode = 12 2341
[pid  3695] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3695] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3695] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3695] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3697], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3697
[pid  3695] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   69.561826][ T3696]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   69.580804][ T3696] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   69.589986][ T3696] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3696 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   69.600522][ T3696] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   69.609130][ T3696] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   69.616449][ T3696] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
./strace-static-x86_64: Process 3697 attached
[pid  3697] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3697] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3697] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   69.625331][ T3696] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   69.632017][ T3696] gfs2: fsid=syz:syz.0: File system withdrawn
[   69.638147][ T3696] CPU: 0 PID: 3696 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   69.648566][ T3696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   69.658631][ T3696] Call Trace:
[   69.661903][ T3696]  <TASK>
[   69.664842][ T3696]  dump_stack_lvl+0x1b1/0x28e
[   69.669542][ T3696]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   69.675029][ T3696]  ? panic+0x710/0x710
[   69.679110][ T3696]  ? kobject_uevent_env+0x46b/0x8e0
[   69.684299][ T3696]  ? do_raw_spin_unlock+0x134/0x8a0
[   69.689506][ T3696]  gfs2_withdraw+0xf33/0x1540
[   69.694209][ T3696]  ? gfs2_lm+0x220/0x220
[   69.698455][ T3696]  ? gfs2_dirent_scan+0xb6/0x650
[   69.703410][ T3696]  ? panic+0x710/0x710
[   69.707489][ T3696]  ? gfs2_permission+0x2ff/0x430
[   69.712424][ T3696]  ? gfs2_consist_inode_i+0xf3/0x110
[   69.717717][ T3696]  gfs2_dirent_scan+0x535/0x650
[   69.722679][ T3696]  ? gfs2_dirent_search+0xb10/0xb10
[pid  3697] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3695] exit_group(0 <unfinished ...>
[pid  3697] <... futex resumed>)        = ?
[pid  3695] <... exit_group resumed>)   = ?
[pid  3697] +++ exited with 0 +++
[   69.727877][ T3696]  gfs2_dirent_search+0x2ea/0xb10
[   69.732968][ T3696]  ? gfs2_dirent_search+0xb10/0xb10
[   69.738198][ T3696]  ? gfs2_dir_search+0x2a0/0x2a0
[   69.743164][ T3696]  ? gfs2_permission+0x3bf/0x430
[   69.748125][ T3696]  gfs2_dir_search+0x8c/0x2a0
[   69.752809][ T3696]  ? do_filldir_main+0x530/0x530
[   69.757761][ T3696]  ? inode_go_held+0xe4/0x1f0
[   69.762476][ T3696]  ? gfs2_glock_wait+0x213/0x2a0
[   69.767418][ T3696]  gfs2_lookupi+0x465/0x650
[   69.771946][ T3696]  ? gfs2_lookup_simple+0x170/0x170
[   69.777154][ T3696]  ? __gfs2_lookup+0x8c/0x260
[   69.781829][ T3696]  __gfs2_lookup+0x8c/0x260
[   69.786327][ T3696]  ? gfs2_atomic_open+0x230/0x230
[   69.791368][ T3696]  ? __d_lookup+0x6a4/0x770
[   69.795885][ T3696]  ? d_hash_and_lookup+0x1c0/0x1c0
[   69.800994][ T3696]  gfs2_atomic_open+0xa4/0x230
[   69.805774][ T3696]  path_openat+0xf39/0x2df0
[   69.810276][ T3696]  ? gfs2_rename2+0x3000/0x3000
[   69.815133][ T3696]  ? do_filp_open+0x4f0/0x4f0
[   69.819810][ T3696]  do_filp_open+0x264/0x4f0
[   69.824319][ T3696]  ? vfs_tmpfile+0x490/0x490
[   69.828934][ T3696]  ? do_raw_spin_unlock+0x134/0x8a0
[   69.834169][ T3696]  ? _raw_spin_unlock+0x24/0x40
[   69.839015][ T3696]  ? alloc_fd+0x5a7/0x640
[   69.843432][ T3696]  do_sys_openat2+0x124/0x4e0
[   69.848104][ T3696]  ? print_irqtrace_events+0x220/0x220
[   69.853556][ T3696]  ? ptrace_stop+0x74d/0x970
[   69.858153][ T3696]  ? do_sys_open+0x220/0x220
[   69.862755][ T3696]  ? lockdep_hardirqs_on+0x8d/0x130
[   69.867948][ T3696]  ? _raw_spin_unlock_irq+0x2a/0x40
[   69.873162][ T3696]  ? ptrace_notify+0x245/0x340
[   69.877938][ T3696]  __x64_sys_openat+0x243/0x290
[   69.882794][ T3696]  ? __ia32_sys_open+0x270/0x270
[   69.887744][ T3696]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   69.893733][ T3696]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   69.899742][ T3696]  do_syscall_64+0x3d/0xb0
[   69.904157][ T3696]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   69.910041][ T3696] RIP: 0033:0x7fc8868064d9
[   69.914464][ T3696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   69.934181][ T3696] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   69.942605][ T3696] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   69.950577][ T3696] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   69.958846][ T3696] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   69.966878][ T3696] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3696] <... openat resumed>)       = ?
[pid  3696] +++ exited with 0 +++
[pid  3695] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3695, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./21/binderfs")                 = 0
[   69.974855][ T3696] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   69.982921][ T3696]  </TASK>
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./21/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./21")                           = 0
mkdir("./22", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3698
./strace-static-x86_64: Process 3698 attached
[pid  3698] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3698] chdir("./22")               = 0
[pid  3698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3698] setpgid(0, 0)               = 0
[pid  3698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3698] write(3, "1000", 4)         = 4
[pid  3698] close(3)                    = 0
[pid  3698] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3698] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3698] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3698] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3699], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3699
[pid  3698] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3698] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3699 attached
 <unfinished ...>
[pid  3699] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3699] memfd_create("syzkaller", 0) = 3
[pid  3699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3699] munmap(0x7fc87e392000, 16777216) = 0
[pid  3699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3699] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3699] close(3)                    = 0
[pid  3699] mkdir("./file0", 0777)      = 0
[   70.279757][ T3699] loop0: detected capacity change from 0 to 32768
[   70.289574][ T3699] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   70.298619][ T3699] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   70.307826][ T3699] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   70.316421][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   70.323328][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3699] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3699] chdir("./file0")            = 0
[pid  3699] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3699] close(4)                    = 0
[pid  3699] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3698] <... futex resumed>)        = 0
[pid  3699] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3698] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3699] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3698] <... futex resumed>)        = 0
[pid  3699] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3698] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3699] <... futex resumed>)        = 0
[pid  3698] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3699] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3698] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   70.358822][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   70.366402][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   70.372442][ T3699] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   70.386339][ T3699] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   70.395281][ T3699] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   70.395281][ T3699]   inode = 12 2341
[pid  3698] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3698] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3698] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3698] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3700], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3700
[pid  3698] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3700 attached
[pid  3700] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3700] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3700] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   70.395281][ T3699]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   70.414493][ T3699] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   70.424068][ T3699] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3699 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   70.434487][ T3699] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   70.443489][ T3699] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   70.453619][ T3699] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   70.462567][ T3699] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   70.469138][ T3699] gfs2: fsid=syz:syz.0: File system withdrawn
[   70.475362][ T3699] CPU: 0 PID: 3699 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   70.485803][ T3699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   70.495878][ T3699] Call Trace:
[   70.499163][ T3699]  <TASK>
[   70.502087][ T3699]  dump_stack_lvl+0x1b1/0x28e
[   70.506759][ T3699]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   70.512215][ T3699]  ? panic+0x710/0x710
[   70.516308][ T3699]  ? kobject_uevent_env+0x46b/0x8e0
[   70.521501][ T3699]  ? do_raw_spin_unlock+0x134/0x8a0
[   70.526708][ T3699]  gfs2_withdraw+0xf33/0x1540
[   70.531409][ T3699]  ? gfs2_lm+0x220/0x220
[   70.535642][ T3699]  ? gfs2_dirent_scan+0xb6/0x650
[   70.540602][ T3699]  ? panic+0x710/0x710
[   70.544678][ T3699]  ? gfs2_permission+0x2ff/0x430
[   70.549611][ T3699]  ? gfs2_consist_inode_i+0xf3/0x110
[   70.554897][ T3699]  gfs2_dirent_scan+0x535/0x650
[pid  3700] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3698] exit_group(0 <unfinished ...>
[pid  3700] <... futex resumed>)        = ?
[pid  3698] <... exit_group resumed>)   = ?
[pid  3700] +++ exited with 0 +++
[   70.559764][ T3699]  ? gfs2_dirent_search+0xb10/0xb10
[   70.564962][ T3699]  gfs2_dirent_search+0x2ea/0xb10
[   70.569990][ T3699]  ? gfs2_dirent_search+0xb10/0xb10
[   70.575181][ T3699]  ? gfs2_dir_search+0x2a0/0x2a0
[   70.580116][ T3699]  ? gfs2_permission+0x3bf/0x430
[   70.585075][ T3699]  gfs2_dir_search+0x8c/0x2a0
[   70.589746][ T3699]  ? do_filldir_main+0x530/0x530
[   70.594692][ T3699]  ? inode_go_held+0xe4/0x1f0
[   70.599409][ T3699]  ? gfs2_glock_wait+0x213/0x2a0
[   70.604360][ T3699]  gfs2_lookupi+0x465/0x650
[   70.608868][ T3699]  ? gfs2_lookup_simple+0x170/0x170
[   70.614060][ T3699]  ? __gfs2_lookup+0x8c/0x260
[   70.618748][ T3699]  __gfs2_lookup+0x8c/0x260
[   70.623282][ T3699]  ? gfs2_atomic_open+0x230/0x230
[   70.628326][ T3699]  ? __d_lookup+0x6a4/0x770
[   70.632831][ T3699]  ? d_hash_and_lookup+0x1c0/0x1c0
[   70.638127][ T3699]  gfs2_atomic_open+0xa4/0x230
[   70.642891][ T3699]  path_openat+0xf39/0x2df0
[   70.647389][ T3699]  ? gfs2_rename2+0x3000/0x3000
[   70.652262][ T3699]  ? do_filp_open+0x4f0/0x4f0
[   70.656958][ T3699]  do_filp_open+0x264/0x4f0
[   70.661449][ T3699]  ? vfs_tmpfile+0x490/0x490
[   70.666046][ T3699]  ? do_raw_spin_unlock+0x134/0x8a0
[   70.671255][ T3699]  ? _raw_spin_unlock+0x24/0x40
[   70.676100][ T3699]  ? alloc_fd+0x5a7/0x640
[   70.680426][ T3699]  do_sys_openat2+0x124/0x4e0
[   70.685094][ T3699]  ? print_irqtrace_events+0x220/0x220
[   70.690544][ T3699]  ? ptrace_stop+0x74d/0x970
[   70.695133][ T3699]  ? do_sys_open+0x220/0x220
[   70.699712][ T3699]  ? lockdep_hardirqs_on+0x8d/0x130
[   70.704898][ T3699]  ? _raw_spin_unlock_irq+0x2a/0x40
[   70.710097][ T3699]  ? ptrace_notify+0x245/0x340
[   70.714867][ T3699]  __x64_sys_openat+0x243/0x290
[   70.719721][ T3699]  ? __ia32_sys_open+0x270/0x270
[   70.724671][ T3699]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   70.730661][ T3699]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   70.736650][ T3699]  do_syscall_64+0x3d/0xb0
[   70.741058][ T3699]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   70.746947][ T3699] RIP: 0033:0x7fc8868064d9
[   70.751363][ T3699] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   70.770969][ T3699] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   70.779409][ T3699] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   70.787386][ T3699] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   70.795348][ T3699] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3699] <... openat resumed>)       = ?
[pid  3699] +++ exited with 0 +++
[pid  3698] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3698, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./22/binderfs")                 = 0
[   70.803316][ T3699] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   70.811295][ T3699] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   70.819311][ T3699]  </TASK>
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./22/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./22")                           = 0
mkdir("./23", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3701
./strace-static-x86_64: Process 3701 attached
[pid  3701] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3701] chdir("./23")               = 0
[pid  3701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3701] setpgid(0, 0)               = 0
[pid  3701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3701] write(3, "1000", 4)         = 4
[pid  3701] close(3)                    = 0
[pid  3701] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3701] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3701] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3701] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3702], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3702
[pid  3701] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3701] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3702 attached
 <unfinished ...>
[pid  3702] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3702] memfd_create("syzkaller", 0) = 3
[pid  3702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3702] munmap(0x7fc87e392000, 16777216) = 0
[pid  3702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3702] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3702] close(3)                    = 0
[pid  3702] mkdir("./file0", 0777)      = 0
[   71.103633][ T3702] loop0: detected capacity change from 0 to 32768
[   71.113853][ T3702] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   71.122335][ T3702] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   71.132524][ T3702] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   71.141498][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   71.148263][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3702] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3702] chdir("./file0")            = 0
[pid  3702] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3702] close(4)                    = 0
[pid  3702] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3702] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3701] <... futex resumed>)        = 0
[pid  3701] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3701] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3702] <... futex resumed>)        = 0
[pid  3702] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3702] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3701] <... futex resumed>)        = 0
[pid  3701] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3701] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3702] <... futex resumed>)        = 1
[   71.183249][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[   71.192031][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   71.197294][ T3702] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3702] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3701] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3701] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3701] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3701] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3703], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3703
[pid  3701] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   71.226705][ T3702] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   71.235617][ T3702] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   71.235617][ T3702]   inode = 12 2341
[   71.235617][ T3702]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   71.254866][ T3702] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   71.264461][ T3702] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3702 [syz-executor337] __gfs2_lookup+0x8c/0x260
./strace-static-x86_64: Process 3703 attached
[pid  3703] set_robust_list(0x7fc87f3919e0, 24) = 0
[   71.279898][ T3702] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   71.290986][ T3703] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   71.291567][ T3702] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   71.299358][ T3703] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   71.299391][ T3703] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3702 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   71.307170][ T3702] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   71.335165][ T3702] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   71.341921][ T3703] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3703 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   71.342295][ T3702] gfs2: fsid=syz:syz.0: File system withdrawn
[   71.358585][ T3702] CPU: 1 PID: 3702 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   71.369010][ T3702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   71.370172][ T3703] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   71.379050][ T3702] Call Trace:
[   71.379060][ T3702]  <TASK>
[   71.393654][ T3702]  dump_stack_lvl+0x1b1/0x28e
[   71.398330][ T3702]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   71.403779][ T3702]  ? panic+0x710/0x710
[   71.407839][ T3702]  ? kobject_uevent_env+0x46b/0x8e0
[   71.413028][ T3702]  ? do_raw_spin_unlock+0x134/0x8a0
[   71.418226][ T3702]  gfs2_withdraw+0xf33/0x1540
[   71.422906][ T3702]  ? gfs2_lm+0x220/0x220
[   71.427151][ T3702]  ? gfs2_dirent_scan+0xb6/0x650
[   71.432085][ T3702]  ? panic+0x710/0x710
[   71.436149][ T3702]  ? gfs2_permission+0x2ff/0x430
[   71.441085][ T3702]  ? gfs2_consist_inode_i+0xf3/0x110
[   71.446364][ T3702]  gfs2_dirent_scan+0x535/0x650
[   71.451216][ T3702]  ? gfs2_dirent_search+0xb10/0xb10
[   71.456434][ T3702]  gfs2_dirent_search+0x2ea/0xb10
[   71.461459][ T3702]  ? gfs2_dirent_search+0xb10/0xb10
[   71.466656][ T3702]  ? gfs2_dir_search+0x2a0/0x2a0
[   71.471587][ T3702]  ? gfs2_permission+0x3bf/0x430
[   71.476524][ T3702]  gfs2_dir_search+0x8c/0x2a0
[   71.481206][ T3702]  ? do_filldir_main+0x530/0x530
[   71.486138][ T3702]  ? inode_go_held+0xe4/0x1f0
[   71.490812][ T3702]  ? gfs2_glock_wait+0x213/0x2a0
[   71.495744][ T3702]  gfs2_lookupi+0x465/0x650
[   71.500246][ T3702]  ? gfs2_lookup_simple+0x170/0x170
[   71.505438][ T3702]  ? __gfs2_lookup+0x8c/0x260
[   71.510122][ T3702]  __gfs2_lookup+0x8c/0x260
[   71.514623][ T3702]  ? gfs2_atomic_open+0x230/0x230
[   71.519648][ T3702]  ? __d_lookup+0x6a4/0x770
[   71.524140][ T3702]  ? d_hash_and_lookup+0x1c0/0x1c0
[   71.529242][ T3702]  gfs2_atomic_open+0xa4/0x230
[   71.534002][ T3702]  path_openat+0xf39/0x2df0
[   71.538501][ T3702]  ? gfs2_rename2+0x3000/0x3000
[   71.543359][ T3702]  ? do_filp_open+0x4f0/0x4f0
[   71.548043][ T3702]  do_filp_open+0x264/0x4f0
[   71.552540][ T3702]  ? vfs_tmpfile+0x490/0x490
[   71.557131][ T3702]  ? do_raw_spin_unlock+0x134/0x8a0
[   71.562329][ T3702]  ? _raw_spin_unlock+0x24/0x40
[   71.567174][ T3702]  ? alloc_fd+0x5a7/0x640
[   71.571507][ T3702]  do_sys_openat2+0x124/0x4e0
[   71.576178][ T3702]  ? print_irqtrace_events+0x220/0x220
[   71.581645][ T3702]  ? ptrace_stop+0x74d/0x970
[   71.586261][ T3702]  ? do_sys_open+0x220/0x220
[   71.590858][ T3702]  ? lockdep_hardirqs_on+0x8d/0x130
[   71.596093][ T3702]  ? _raw_spin_unlock_irq+0x2a/0x40
[   71.601295][ T3702]  ? ptrace_notify+0x245/0x340
[   71.606053][ T3702]  __x64_sys_openat+0x243/0x290
[   71.610901][ T3702]  ? __ia32_sys_open+0x270/0x270
[   71.615834][ T3702]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   71.621812][ T3702]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   71.627785][ T3702]  do_syscall_64+0x3d/0xb0
[   71.632196][ T3702]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   71.638080][ T3702] RIP: 0033:0x7fc8868064d9
[   71.642490][ T3702] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   71.662086][ T3702] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   71.670487][ T3702] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3703] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3702] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3702] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3702] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3703] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3703] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3701] exit_group(0 <unfinished ...>
[pid  3702] <... futex resumed>)        = ?
[pid  3701] <... exit_group resumed>)   = ?
[pid  3702] +++ exited with 0 +++
[pid  3703] +++ exited with 0 +++
[pid  3701] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3701, si_uid=0, si_status=0, si_utime=1, si_stime=35} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[   71.678450][ T3702] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   71.690491][ T3702] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   71.698452][ T3702] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   71.706410][ T3702] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   71.714402][ T3702]  </TASK>
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./23/binderfs")                 = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./23/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./23")                           = 0
mkdir("./24", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3705
./strace-static-x86_64: Process 3705 attached
[pid  3705] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3705] chdir("./24")               = 0
[pid  3705] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3705] setpgid(0, 0)               = 0
[pid  3705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3705] write(3, "1000", 4)         = 4
[pid  3705] close(3)                    = 0
[pid  3705] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3705] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3705] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3705] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3706], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3706
[pid  3705] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3705] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3706 attached
 <unfinished ...>
[pid  3706] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3706] memfd_create("syzkaller", 0) = 3
[pid  3706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3706] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3706] munmap(0x7fc87e392000, 16777216) = 0
[pid  3706] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3706] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3706] close(3)                    = 0
[pid  3706] mkdir("./file0", 0777)      = 0
[   72.307448][ T3706] loop0: detected capacity change from 0 to 32768
[   72.319123][ T3706] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   72.327670][ T3706] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   72.337020][ T3706] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   72.345659][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   72.352544][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3706] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3706] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3706] chdir("./file0")            = 0
[pid  3706] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3706] close(4)                    = 0
[pid  3706] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3706] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3705] <... futex resumed>)        = 0
[pid  3705] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3705] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3706] <... futex resumed>)        = 0
[pid  3706] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3706] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3705] <... futex resumed>)        = 0
[pid  3705] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3705] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3706] <... futex resumed>)        = 1
[   72.393533][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   72.402729][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   72.408253][ T3706] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   72.438783][ T3706] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   72.447458][ T3706] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   72.447458][ T3706]   inode = 12 2341
[   72.447458][ T3706]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   72.466311][ T3706] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   72.475424][ T3706] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3706 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3706] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3705] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3705] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3705] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3705] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3707], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3707
[pid  3705] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3707 attached
[pid  3707] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3707] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3707] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   72.485700][ T3706] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   72.494191][ T3706] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   72.503469][ T3706] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   72.512308][ T3706] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   72.518855][ T3706] gfs2: fsid=syz:syz.0: File system withdrawn
[   72.524985][ T3706] CPU: 1 PID: 3706 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   72.535497][ T3706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   72.545554][ T3706] Call Trace:
[   72.548826][ T3706]  <TASK>
[   72.551750][ T3706]  dump_stack_lvl+0x1b1/0x28e
[   72.556434][ T3706]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   72.561909][ T3706]  ? panic+0x710/0x710
[   72.565983][ T3706]  ? kobject_uevent_env+0x46b/0x8e0
[   72.571168][ T3706]  ? do_raw_spin_unlock+0x134/0x8a0
[   72.576376][ T3706]  gfs2_withdraw+0xf33/0x1540
[   72.581071][ T3706]  ? gfs2_lm+0x220/0x220
[   72.585299][ T3706]  ? gfs2_dirent_scan+0xb6/0x650
[   72.590249][ T3706]  ? panic+0x710/0x710
[   72.594320][ T3706]  ? gfs2_permission+0x2ff/0x430
[   72.599248][ T3706]  ? gfs2_consist_inode_i+0xf3/0x110
[   72.604540][ T3706]  gfs2_dirent_scan+0x535/0x650
[   72.609468][ T3706]  ? gfs2_dirent_search+0xb10/0xb10
[   72.614679][ T3706]  gfs2_dirent_search+0x2ea/0xb10
[   72.619714][ T3706]  ? gfs2_dirent_search+0xb10/0xb10
[   72.624936][ T3706]  ? gfs2_dir_search+0x2a0/0x2a0
[   72.629869][ T3706]  ? gfs2_permission+0x3bf/0x430
[   72.634805][ T3706]  gfs2_dir_search+0x8c/0x2a0
[   72.639479][ T3706]  ? do_filldir_main+0x530/0x530
[   72.644413][ T3706]  ? inode_go_held+0xe4/0x1f0
[   72.649085][ T3706]  ? gfs2_glock_wait+0x213/0x2a0
[   72.654012][ T3706]  gfs2_lookupi+0x465/0x650
[   72.658515][ T3706]  ? gfs2_lookup_simple+0x170/0x170
[   72.663717][ T3706]  ? __gfs2_lookup+0x8c/0x260
[   72.668408][ T3706]  __gfs2_lookup+0x8c/0x260
[   72.672905][ T3706]  ? gfs2_atomic_open+0x230/0x230
[   72.677927][ T3706]  ? __d_lookup+0x6a4/0x770
[   72.682421][ T3706]  ? d_hash_and_lookup+0x1c0/0x1c0
[   72.687525][ T3706]  gfs2_atomic_open+0xa4/0x230
[   72.692285][ T3706]  path_openat+0xf39/0x2df0
[   72.696789][ T3706]  ? gfs2_rename2+0x3000/0x3000
[   72.701734][ T3706]  ? do_filp_open+0x4f0/0x4f0
[   72.706435][ T3706]  do_filp_open+0x264/0x4f0
[   72.710930][ T3706]  ? vfs_tmpfile+0x490/0x490
[   72.715521][ T3706]  ? do_raw_spin_unlock+0x134/0x8a0
[   72.720771][ T3706]  ? _raw_spin_unlock+0x24/0x40
[   72.725671][ T3706]  ? alloc_fd+0x5a7/0x640
[   72.730048][ T3706]  do_sys_openat2+0x124/0x4e0
[   72.734748][ T3706]  ? print_irqtrace_events+0x220/0x220
[   72.740320][ T3706]  ? ptrace_stop+0x74d/0x970
[   72.745005][ T3706]  ? do_sys_open+0x220/0x220
[   72.749605][ T3706]  ? lockdep_hardirqs_on+0x8d/0x130
[   72.754811][ T3706]  ? _raw_spin_unlock_irq+0x2a/0x40
[   72.760006][ T3706]  ? ptrace_notify+0x245/0x340
[   72.764777][ T3706]  __x64_sys_openat+0x243/0x290
[   72.769626][ T3706]  ? __ia32_sys_open+0x270/0x270
[   72.774746][ T3706]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   72.780899][ T3706]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   72.786985][ T3706]  do_syscall_64+0x3d/0xb0
[   72.791396][ T3706]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   72.797454][ T3706] RIP: 0033:0x7fc8868064d9
[   72.801883][ T3706] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   72.821571][ T3706] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   72.829981][ T3706] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3707] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3706] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3706] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3706] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3705] exit_group(0 <unfinished ...>
[pid  3707] <... futex resumed>)        = ?
[pid  3705] <... exit_group resumed>)   = ?
[pid  3707] +++ exited with 0 +++
[pid  3706] <... futex resumed>)        = ?
[pid  3706] +++ exited with 0 +++
[pid  3705] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3705, si_uid=0, si_status=0, si_utime=3, si_stime=33} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./24/binderfs")                 = 0
[   72.837957][ T3706] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   72.846012][ T3706] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   72.853986][ T3706] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   72.861965][ T3706] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   72.869972][ T3706]  </TASK>
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./24/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./24")                           = 0
mkdir("./25", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3708
./strace-static-x86_64: Process 3708 attached
[pid  3708] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3708] chdir("./25")               = 0
[pid  3708] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3708] setpgid(0, 0)               = 0
[pid  3708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3708] write(3, "1000", 4)         = 4
[pid  3708] close(3)                    = 0
[pid  3708] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3708] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3708] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3708] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3709 attached
, parent_tid=[3709], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3709
[pid  3708] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3708] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3709] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3709] memfd_create("syzkaller", 0) = 3
[pid  3709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3709] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3709] munmap(0x7fc87e392000, 16777216) = 0
[pid  3709] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3709] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3709] close(3)                    = 0
[pid  3709] mkdir("./file0", 0777)      = 0
[   73.188850][ T3709] loop0: detected capacity change from 0 to 32768
[   73.198696][ T3709] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   73.207265][ T3709] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   73.217102][ T3709] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   73.226286][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   73.233408][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3709] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3709] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3709] chdir("./file0")            = 0
[pid  3709] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3709] close(4)                    = 0
[pid  3709] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3708] <... futex resumed>)        = 0
[pid  3708] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3708] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3709] <... futex resumed>)        = 1
[pid  3709] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3709] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3708] <... futex resumed>)        = 0
[pid  3708] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3708] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3709] <... futex resumed>)        = 1
[   73.269877][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[   73.277784][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   73.283562][ T3709] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   73.299974][ T3709] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   73.309042][ T3709] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   73.309042][ T3709]   inode = 12 2341
[pid  3709] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3708] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3708] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3708] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3708] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3710], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3710
[pid  3708] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   73.309042][ T3709]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   73.328729][ T3709] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   73.338412][ T3709] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3709 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   73.348950][ T3709] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   73.360617][ T3709] gfs2: fsid=syz:syz.0: about to withdraw this file system
./strace-static-x86_64: Process 3710 attached
[pid  3710] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3710] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3710] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   73.368491][ T3709] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   73.377404][ T3709] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   73.384111][ T3709] gfs2: fsid=syz:syz.0: File system withdrawn
[   73.390246][ T3709] CPU: 0 PID: 3709 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   73.400666][ T3709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   73.410726][ T3709] Call Trace:
[   73.414007][ T3709]  <TASK>
[   73.416938][ T3709]  dump_stack_lvl+0x1b1/0x28e
[   73.421616][ T3709]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   73.427178][ T3709]  ? panic+0x710/0x710
[   73.431256][ T3709]  ? kobject_uevent_env+0x46b/0x8e0
[   73.436459][ T3709]  ? do_raw_spin_unlock+0x134/0x8a0
[   73.441685][ T3709]  gfs2_withdraw+0xf33/0x1540
[   73.446383][ T3709]  ? gfs2_lm+0x220/0x220
[   73.450789][ T3709]  ? gfs2_dirent_scan+0xb6/0x650
[   73.455720][ T3709]  ? panic+0x710/0x710
[   73.459778][ T3709]  ? gfs2_permission+0x2ff/0x430
[   73.464722][ T3709]  ? gfs2_consist_inode_i+0xf3/0x110
[   73.470021][ T3709]  gfs2_dirent_scan+0x535/0x650
[   73.474897][ T3709]  ? gfs2_dirent_search+0xb10/0xb10
[   73.480185][ T3709]  gfs2_dirent_search+0x2ea/0xb10
[   73.485223][ T3709]  ? gfs2_dirent_search+0xb10/0xb10
[   73.490418][ T3709]  ? gfs2_dir_search+0x2a0/0x2a0
[   73.495374][ T3709]  ? gfs2_permission+0x3bf/0x430
[   73.500335][ T3709]  gfs2_dir_search+0x8c/0x2a0
[   73.505024][ T3709]  ? do_filldir_main+0x530/0x530
[   73.509958][ T3709]  ? inode_go_held+0xe4/0x1f0
[   73.514632][ T3709]  ? gfs2_glock_wait+0x213/0x2a0
[   73.519570][ T3709]  gfs2_lookupi+0x465/0x650
[   73.524074][ T3709]  ? gfs2_lookup_simple+0x170/0x170
[   73.529266][ T3709]  ? __gfs2_lookup+0x8c/0x260
[   73.533942][ T3709]  __gfs2_lookup+0x8c/0x260
[   73.538439][ T3709]  ? gfs2_atomic_open+0x230/0x230
[   73.543460][ T3709]  ? __d_lookup+0x6a4/0x770
[   73.547956][ T3709]  ? d_hash_and_lookup+0x1c0/0x1c0
[   73.553061][ T3709]  gfs2_atomic_open+0xa4/0x230
[   73.557822][ T3709]  path_openat+0xf39/0x2df0
[   73.562320][ T3709]  ? gfs2_rename2+0x3000/0x3000
[   73.567181][ T3709]  ? do_filp_open+0x4f0/0x4f0
[   73.571861][ T3709]  do_filp_open+0x264/0x4f0
[   73.576356][ T3709]  ? vfs_tmpfile+0x490/0x490
[   73.580944][ T3709]  ? do_raw_spin_unlock+0x134/0x8a0
[   73.586140][ T3709]  ? _raw_spin_unlock+0x24/0x40
[   73.590985][ T3709]  ? alloc_fd+0x5a7/0x640
[   73.595318][ T3709]  do_sys_openat2+0x124/0x4e0
[   73.599991][ T3709]  ? print_irqtrace_events+0x220/0x220
[   73.605437][ T3709]  ? ptrace_stop+0x74d/0x970
[   73.610022][ T3709]  ? do_sys_open+0x220/0x220
[   73.614690][ T3709]  ? lockdep_hardirqs_on+0x8d/0x130
[   73.619879][ T3709]  ? _raw_spin_unlock_irq+0x2a/0x40
[   73.625070][ T3709]  ? ptrace_notify+0x245/0x340
[   73.629842][ T3709]  __x64_sys_openat+0x243/0x290
[   73.634698][ T3709]  ? __ia32_sys_open+0x270/0x270
[   73.639642][ T3709]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   73.645636][ T3709]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   73.651613][ T3709]  do_syscall_64+0x3d/0xb0
[   73.656026][ T3709]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   73.661910][ T3709] RIP: 0033:0x7fc8868064d9
[   73.666374][ T3709] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.685988][ T3709] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   73.694397][ T3709] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   73.702359][ T3709] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   73.710318][ T3709] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3710] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3709] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3709] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3709] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3708] exit_group(0 <unfinished ...>
[pid  3709] <... futex resumed>)        = ?
[pid  3708] <... exit_group resumed>)   = ?
[pid  3709] +++ exited with 0 +++
[pid  3710] <... futex resumed>)        = ?
[pid  3710] +++ exited with 0 +++
[pid  3708] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3708, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./25/binderfs")                 = 0
[   73.718279][ T3709] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   73.726239][ T3709] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   73.734214][ T3709]  </TASK>
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./25/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./25")                           = 0
mkdir("./26", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3711
./strace-static-x86_64: Process 3711 attached
[pid  3711] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3711] chdir("./26")               = 0
[pid  3711] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3711] setpgid(0, 0)               = 0
[pid  3711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3711] write(3, "1000", 4)         = 4
[pid  3711] close(3)                    = 0
[pid  3711] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3711] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3711] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3711] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3712 attached
, parent_tid=[3712], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3712
[pid  3712] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3711] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3711] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3712] <... set_robust_list resumed>) = 0
[pid  3712] memfd_create("syzkaller", 0) = 3
[pid  3712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3712] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3712] munmap(0x7fc87e392000, 16777216) = 0
[pid  3712] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3712] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3712] close(3)                    = 0
[pid  3712] mkdir("./file0", 0777)      = 0
[   74.030554][ T3712] loop0: detected capacity change from 0 to 32768
[   74.041591][ T3712] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   74.049930][ T3712] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   74.059837][ T3712] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   74.068699][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   74.075662][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3712] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3712] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3712] chdir("./file0")            = 0
[pid  3712] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3712] close(4)                    = 0
[pid  3712] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3711] <... futex resumed>)        = 0
[pid  3711] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3711] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3712] <... futex resumed>)        = 1
[pid  3712] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3712] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3711] <... futex resumed>)        = 0
[pid  3711] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3711] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3712] <... futex resumed>)        = 1
[   74.114911][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   74.122487][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   74.127736][ T3712] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   74.147593][ T3712] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   74.156432][ T3712] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3712] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3711] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3711] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   74.156432][ T3712]   inode = 12 2341
[   74.156432][ T3712]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   74.175633][ T3712] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   74.185102][ T3712] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3712 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   74.195472][ T3712] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   74.204755][ T3712] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3711] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3711] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3713], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3713
[pid  3711] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   74.212551][ T3712] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   74.222042][ T3712] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   74.228911][ T3712] gfs2: fsid=syz:syz.0: File system withdrawn
[   74.235528][ T3712] CPU: 0 PID: 3712 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   74.245977][ T3712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   74.256055][ T3712] Call Trace:
[   74.259344][ T3712]  <TASK>
[   74.262269][ T3712]  dump_stack_lvl+0x1b1/0x28e
[   74.266944][ T3712]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   74.272408][ T3712]  ? panic+0x710/0x710
[   74.276486][ T3712]  ? kobject_uevent_env+0x46b/0x8e0
[   74.281686][ T3712]  ? do_raw_spin_unlock+0x134/0x8a0
[   74.286900][ T3712]  gfs2_withdraw+0xf33/0x1540
[   74.291591][ T3712]  ? gfs2_lm+0x220/0x220
[   74.295834][ T3712]  ? gfs2_dirent_scan+0xb6/0x650
[   74.300779][ T3712]  ? panic+0x710/0x710
[   74.304923][ T3712]  ? gfs2_permission+0x2ff/0x430
[   74.309871][ T3712]  ? gfs2_consist_inode_i+0xf3/0x110
[   74.315173][ T3712]  gfs2_dirent_scan+0x535/0x650
[   74.320042][ T3712]  ? gfs2_dirent_search+0xb10/0xb10
[   74.325257][ T3712]  gfs2_dirent_search+0x2ea/0xb10
[   74.330294][ T3712]  ? gfs2_dirent_search+0xb10/0xb10
[   74.335486][ T3712]  ? gfs2_dir_search+0x2a0/0x2a0
[   74.340420][ T3712]  ? gfs2_permission+0x3bf/0x430
[   74.345362][ T3712]  gfs2_dir_search+0x8c/0x2a0
[   74.350036][ T3712]  ? do_filldir_main+0x530/0x530
[   74.354967][ T3712]  ? inode_go_held+0xe4/0x1f0
[   74.359639][ T3712]  ? gfs2_glock_wait+0x213/0x2a0
[   74.364568][ T3712]  gfs2_lookupi+0x465/0x650
[   74.369073][ T3712]  ? gfs2_lookup_simple+0x170/0x170
[   74.374275][ T3712]  ? __gfs2_lookup+0x8c/0x260
[   74.378950][ T3712]  __gfs2_lookup+0x8c/0x260
[   74.383447][ T3712]  ? gfs2_atomic_open+0x230/0x230
[   74.388474][ T3712]  ? __d_lookup+0x6a4/0x770
[   74.392967][ T3712]  ? d_hash_and_lookup+0x1c0/0x1c0
[   74.398088][ T3712]  gfs2_atomic_open+0xa4/0x230
[   74.402852][ T3712]  path_openat+0xf39/0x2df0
[   74.407351][ T3712]  ? gfs2_rename2+0x3000/0x3000
[   74.412206][ T3712]  ? do_filp_open+0x4f0/0x4f0
[   74.416888][ T3712]  do_filp_open+0x264/0x4f0
[   74.421380][ T3712]  ? vfs_tmpfile+0x490/0x490
[   74.425970][ T3712]  ? do_raw_spin_unlock+0x134/0x8a0
[   74.431162][ T3712]  ? _raw_spin_unlock+0x24/0x40
[   74.436006][ T3712]  ? alloc_fd+0x5a7/0x640
[   74.440335][ T3712]  do_sys_openat2+0x124/0x4e0
[   74.445004][ T3712]  ? print_irqtrace_events+0x220/0x220
[   74.450452][ T3712]  ? ptrace_stop+0x74d/0x970
[   74.455036][ T3712]  ? do_sys_open+0x220/0x220
[   74.459619][ T3712]  ? lockdep_hardirqs_on+0x8d/0x130
[   74.464806][ T3712]  ? _raw_spin_unlock_irq+0x2a/0x40
[   74.469995][ T3712]  ? ptrace_notify+0x245/0x340
[   74.474748][ T3712]  __x64_sys_openat+0x243/0x290
[   74.479593][ T3712]  ? __ia32_sys_open+0x270/0x270
[   74.484524][ T3712]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   74.490499][ T3712]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   74.496486][ T3712]  do_syscall_64+0x3d/0xb0
[   74.500892][ T3712]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   74.506773][ T3712] RIP: 0033:0x7fc8868064d9
[   74.511179][ T3712] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.530775][ T3712] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   74.539178][ T3712] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   74.547224][ T3712] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   74.555183][ T3712] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
./strace-static-x86_64: Process 3713 attached
[pid  3713] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3713] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3713] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3713] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3712] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3712] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3712] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3711] exit_group(0 <unfinished ...>
[pid  3713] <... futex resumed>)        = ?
[pid  3712] <... futex resumed>)        = ?
[pid  3711] <... exit_group resumed>)   = ?
[pid  3713] +++ exited with 0 +++
[pid  3712] +++ exited with 0 +++
[pid  3711] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3711, si_uid=0, si_status=0, si_utime=3, si_stime=27} ---
umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./26/binderfs")                 = 0
[   74.563145][ T3712] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   74.571102][ T3712] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   74.579076][ T3712]  </TASK>
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./26/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./26")                           = 0
mkdir("./27", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3714
./strace-static-x86_64: Process 3714 attached
[pid  3714] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3714] chdir("./27")               = 0
[pid  3714] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3714] setpgid(0, 0)               = 0
[pid  3714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3714] write(3, "1000", 4)         = 4
[pid  3714] close(3)                    = 0
[pid  3714] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3714] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3714] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3714] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3715], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3715
./strace-static-x86_64: Process 3715 attached
[pid  3714] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3714] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3715] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3715] memfd_create("syzkaller", 0) = 3
[pid  3715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3715] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3715] munmap(0x7fc87e392000, 16777216) = 0
[pid  3715] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3715] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3715] close(3)                    = 0
[pid  3715] mkdir("./file0", 0777)      = 0
[   74.892409][ T3715] loop0: detected capacity change from 0 to 32768
[   74.903051][ T3715] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   74.911292][ T3715] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   74.921388][ T3715] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   74.929997][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   74.937138][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3715] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3715] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3715] chdir("./file0")            = 0
[pid  3715] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3715] close(4)                    = 0
[pid  3715] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3714] <... futex resumed>)        = 0
[pid  3714] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3714] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3715] <... futex resumed>)        = 1
[pid  3715] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3715] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3714] <... futex resumed>)        = 0
[pid  3714] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3714] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3715] <... futex resumed>)        = 1
[   74.970300][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   74.977977][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   74.988756][ T3715] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   75.004127][ T3715] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   75.013009][ T3715] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3715] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3714] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3714] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3714] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3714] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3716], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3716
[pid  3714] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3716 attached
[pid  3716] set_robust_list(0x7fc87f3919e0, 24) = 0
[   75.013009][ T3715]   inode = 12 2341
[   75.013009][ T3715]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   75.032237][ T3715] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   75.041881][ T3715] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3715 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   75.052214][ T3715] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   75.056835][ T3716] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   75.062071][ T3715] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   75.069328][ T3716] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   75.076609][ T3715] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   75.085567][ T3716] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3715 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   75.094421][ T3715] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   75.104365][ T3716] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3716 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   75.112716][ T3715] gfs2: fsid=syz:syz.0: File system withdrawn
[   75.120939][ T3716] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   75.127169][ T3715] CPU: 1 PID: 3715 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   75.145638][ T3715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   75.155688][ T3715] Call Trace:
[   75.158958][ T3715]  <TASK>
[   75.161887][ T3715]  dump_stack_lvl+0x1b1/0x28e
[   75.166575][ T3715]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   75.172029][ T3715]  ? panic+0x710/0x710
[   75.176094][ T3715]  ? kobject_uevent_env+0x46b/0x8e0
[   75.181282][ T3715]  ? do_raw_spin_unlock+0x134/0x8a0
[   75.186473][ T3715]  gfs2_withdraw+0xf33/0x1540
[   75.191154][ T3715]  ? gfs2_lm+0x220/0x220
[   75.195387][ T3715]  ? gfs2_dirent_scan+0xb6/0x650
[   75.200316][ T3715]  ? panic+0x710/0x710
[   75.204371][ T3715]  ? gfs2_permission+0x2ff/0x430
[   75.209300][ T3715]  ? gfs2_consist_inode_i+0xf3/0x110
[   75.214575][ T3715]  gfs2_dirent_scan+0x535/0x650
[pid  3716] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3714] exit_group(0)               = ?
[   75.219456][ T3715]  ? gfs2_dirent_search+0xb10/0xb10
[   75.224647][ T3715]  gfs2_dirent_search+0x2ea/0xb10
[   75.229671][ T3715]  ? gfs2_dirent_search+0xb10/0xb10
[   75.234874][ T3715]  ? gfs2_dir_search+0x2a0/0x2a0
[   75.239820][ T3715]  ? gfs2_permission+0x3bf/0x430
[   75.244755][ T3715]  gfs2_dir_search+0x8c/0x2a0
[   75.249431][ T3715]  ? do_filldir_main+0x530/0x530
[   75.254366][ T3715]  ? inode_go_held+0xe4/0x1f0
[   75.259044][ T3715]  ? gfs2_glock_wait+0x213/0x2a0
[   75.263974][ T3715]  gfs2_lookupi+0x465/0x650
[   75.268473][ T3715]  ? gfs2_lookup_simple+0x170/0x170
[   75.273658][ T3715]  ? __gfs2_lookup+0x8c/0x260
[   75.278330][ T3715]  __gfs2_lookup+0x8c/0x260
[   75.282822][ T3715]  ? gfs2_atomic_open+0x230/0x230
[   75.287837][ T3715]  ? __d_lookup+0x6a4/0x770
[   75.292325][ T3715]  ? d_hash_and_lookup+0x1c0/0x1c0
[   75.297421][ T3715]  gfs2_atomic_open+0xa4/0x230
[   75.302182][ T3715]  path_openat+0xf39/0x2df0
[   75.306675][ T3715]  ? gfs2_rename2+0x3000/0x3000
[   75.311521][ T3715]  ? do_filp_open+0x4f0/0x4f0
[   75.316191][ T3715]  do_filp_open+0x264/0x4f0
[   75.320681][ T3715]  ? vfs_tmpfile+0x490/0x490
[   75.325289][ T3715]  ? do_raw_spin_unlock+0x134/0x8a0
[   75.330475][ T3715]  ? _raw_spin_unlock+0x24/0x40
[   75.335316][ T3715]  ? alloc_fd+0x5a7/0x640
[   75.339640][ T3715]  do_sys_openat2+0x124/0x4e0
[   75.344304][ T3715]  ? print_irqtrace_events+0x220/0x220
[   75.349743][ T3715]  ? ptrace_stop+0x74d/0x970
[   75.354317][ T3715]  ? do_sys_open+0x220/0x220
[   75.358893][ T3715]  ? lockdep_hardirqs_on+0x8d/0x130
[   75.364092][ T3715]  ? _raw_spin_unlock_irq+0x2a/0x40
[   75.369363][ T3715]  ? ptrace_notify+0x245/0x340
[   75.374112][ T3715]  __x64_sys_openat+0x243/0x290
[   75.378957][ T3715]  ? __ia32_sys_open+0x270/0x270
[   75.383883][ T3715]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   75.389849][ T3715]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   75.395817][ T3715]  do_syscall_64+0x3d/0xb0
[   75.400222][ T3715]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   75.406099][ T3715] RIP: 0033:0x7fc8868064d9
[   75.410513][ T3715] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   75.430109][ T3715] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   75.438542][ T3715] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   75.446501][ T3715] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   75.454454][ T3715] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   75.462408][ T3715] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3716] <... openat resumed>)       = ?
[pid  3715] <... openat resumed>)       = ?
[pid  3715] +++ exited with 0 +++
[pid  3716] +++ exited with 0 +++
[pid  3714] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3714, si_uid=0, si_status=0, si_utime=2, si_stime=38} ---
umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./27/binderfs")                 = 0
[   75.470370][ T3715] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   75.478345][ T3715]  </TASK>
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./27/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./27")                           = 0
mkdir("./28", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3717
./strace-static-x86_64: Process 3717 attached
[pid  3717] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3717] chdir("./28")               = 0
[pid  3717] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3717] setpgid(0, 0)               = 0
[pid  3717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3717] write(3, "1000", 4)         = 4
[pid  3717] close(3)                    = 0
[pid  3717] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3717] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3717] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3717] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3718], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3718
[pid  3717] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3717] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3718 attached
 <unfinished ...>
[pid  3718] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3718] memfd_create("syzkaller", 0) = 3
[pid  3718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3718] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3718] munmap(0x7fc87e392000, 16777216) = 0
[pid  3718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3718] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3718] close(3)                    = 0
[pid  3718] mkdir("./file0", 0777)      = 0
[   75.775407][ T3718] loop0: detected capacity change from 0 to 32768
[   75.786299][ T3718] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   75.794771][ T3718] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   75.804959][ T3718] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   75.814080][  T151] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   75.821301][  T151] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3718] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3718] chdir("./file0")            = 0
[pid  3718] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3718] close(4)                    = 0
[pid  3718] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3717] <... futex resumed>)        = 0
[pid  3717] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3717] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3718] <... futex resumed>)        = 1
[pid  3718] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3718] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3717] <... futex resumed>)        = 0
[pid  3717] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3717] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3718] <... futex resumed>)        = 1
[   75.854343][  T151] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   75.862207][  T151] gfs2: fsid=syz:syz.0: jid=0: Done
[   75.867453][ T3718] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   75.897976][ T3718] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   75.906994][ T3718] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   75.906994][ T3718]   inode = 12 2341
[   75.906994][ T3718]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   75.926331][ T3718] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   75.935593][ T3718] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3718 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3718] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3717] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3717] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3717] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3717] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3719], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3719
[pid  3717] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3719 attached
[pid  3719] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3719] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3719] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   75.945799][ T3718] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   75.955649][ T3718] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   75.963297][ T3718] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   75.972141][ T3718] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   75.978717][ T3718] gfs2: fsid=syz:syz.0: File system withdrawn
[   75.985005][ T3718] CPU: 0 PID: 3718 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   75.995432][ T3718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   76.005486][ T3718] Call Trace:
[   76.008764][ T3718]  <TASK>
[   76.011687][ T3718]  dump_stack_lvl+0x1b1/0x28e
[   76.016356][ T3718]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   76.021803][ T3718]  ? panic+0x710/0x710
[   76.025860][ T3718]  ? kobject_uevent_env+0x46b/0x8e0
[   76.031057][ T3718]  ? do_raw_spin_unlock+0x134/0x8a0
[   76.036265][ T3718]  gfs2_withdraw+0xf33/0x1540
[   76.040957][ T3718]  ? gfs2_lm+0x220/0x220
[   76.045195][ T3718]  ? gfs2_dirent_scan+0xb6/0x650
[   76.050148][ T3718]  ? panic+0x710/0x710
[   76.054213][ T3718]  ? gfs2_permission+0x2ff/0x430
[   76.059173][ T3718]  ? gfs2_consist_inode_i+0xf3/0x110
[   76.064479][ T3718]  gfs2_dirent_scan+0x535/0x650
[   76.069346][ T3718]  ? gfs2_dirent_search+0xb10/0xb10
[   76.074568][ T3718]  gfs2_dirent_search+0x2ea/0xb10
[   76.079700][ T3718]  ? gfs2_dirent_search+0xb10/0xb10
[   76.084922][ T3718]  ? gfs2_dir_search+0x2a0/0x2a0
[   76.089858][ T3718]  ? gfs2_permission+0x3bf/0x430
[   76.094814][ T3718]  gfs2_dir_search+0x8c/0x2a0
[   76.099506][ T3718]  ? do_filldir_main+0x530/0x530
[   76.104435][ T3718]  ? inode_go_held+0xe4/0x1f0
[   76.109105][ T3718]  ? gfs2_glock_wait+0x213/0x2a0
[   76.114034][ T3718]  gfs2_lookupi+0x465/0x650
[   76.118537][ T3718]  ? gfs2_lookup_simple+0x170/0x170
[   76.123733][ T3718]  ? __gfs2_lookup+0x8c/0x260
[   76.128408][ T3718]  __gfs2_lookup+0x8c/0x260
[   76.132908][ T3718]  ? gfs2_atomic_open+0x230/0x230
[   76.137930][ T3718]  ? __d_lookup+0x6a4/0x770
[   76.142423][ T3718]  ? d_hash_and_lookup+0x1c0/0x1c0
[   76.147528][ T3718]  gfs2_atomic_open+0xa4/0x230
[   76.152287][ T3718]  path_openat+0xf39/0x2df0
[   76.156786][ T3718]  ? gfs2_rename2+0x3000/0x3000
[   76.161643][ T3718]  ? do_filp_open+0x4f0/0x4f0
[   76.166325][ T3718]  do_filp_open+0x264/0x4f0
[   76.170821][ T3718]  ? vfs_tmpfile+0x490/0x490
[   76.175408][ T3718]  ? do_raw_spin_unlock+0x134/0x8a0
[   76.180602][ T3718]  ? _raw_spin_unlock+0x24/0x40
[   76.185533][ T3718]  ? alloc_fd+0x5a7/0x640
[   76.189866][ T3718]  do_sys_openat2+0x124/0x4e0
[   76.194533][ T3718]  ? print_irqtrace_events+0x220/0x220
[   76.199979][ T3718]  ? ptrace_stop+0x74d/0x970
[   76.204567][ T3718]  ? do_sys_open+0x220/0x220
[   76.209151][ T3718]  ? lockdep_hardirqs_on+0x8d/0x130
[   76.214340][ T3718]  ? _raw_spin_unlock_irq+0x2a/0x40
[   76.219531][ T3718]  ? ptrace_notify+0x245/0x340
[   76.224287][ T3718]  __x64_sys_openat+0x243/0x290
[   76.229131][ T3718]  ? __ia32_sys_open+0x270/0x270
[   76.234061][ T3718]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   76.240035][ T3718]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   76.246007][ T3718]  do_syscall_64+0x3d/0xb0
[   76.250414][ T3718]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.256297][ T3718] RIP: 0033:0x7fc8868064d9
[   76.260702][ T3718] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.280313][ T3718] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   76.288718][ T3718] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3719] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3718] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3718] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3718] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3717] exit_group(0 <unfinished ...>
[pid  3718] <... futex resumed>)        = ?
[pid  3717] <... exit_group resumed>)   = ?
[pid  3718] +++ exited with 0 +++
[pid  3719] <... futex resumed>)        = ?
[pid  3719] +++ exited with 0 +++
[pid  3717] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3717, si_uid=0, si_status=0, si_utime=1, si_stime=32} ---
umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./28/binderfs")                 = 0
[   76.296694][ T3718] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   76.304657][ T3718] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   76.312615][ T3718] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   76.320574][ T3718] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   76.328549][ T3718]  </TASK>
[   76.333168][   T14] cfg80211: failed to load regulatory.db
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./28/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./28")                           = 0
mkdir("./29", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3720
./strace-static-x86_64: Process 3720 attached
[pid  3720] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3720] chdir("./29")               = 0
[pid  3720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3720] setpgid(0, 0)               = 0
[pid  3720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3720] write(3, "1000", 4)         = 4
[pid  3720] close(3)                    = 0
[pid  3720] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3720] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3720] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3720] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3721 attached
, parent_tid=[3721], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3721
[pid  3720] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3721] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3720] <... futex resumed>)        = 0
[pid  3720] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3721] memfd_create("syzkaller", 0) = 3
[pid  3721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3721] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3721] munmap(0x7fc87e392000, 16777216) = 0
[pid  3721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3721] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3721] close(3)                    = 0
[pid  3721] mkdir("./file0", 0777)      = 0
[   76.648342][ T3721] loop0: detected capacity change from 0 to 32768
[   76.661054][ T3721] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   76.669218][ T3721] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   76.679313][ T3721] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   76.688141][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   76.695369][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3721] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3721] chdir("./file0")            = 0
[pid  3721] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3721] close(4)                    = 0
[pid  3721] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3721] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3720] <... futex resumed>)        = 0
[pid  3720] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3721] <... futex resumed>)        = 0
[pid  3720] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3721] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3721] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3720] <... futex resumed>)        = 0
[pid  3721] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3720] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   76.736219][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   76.744976][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   76.750536][ T3721] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   76.775263][ T3721] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3720] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[   76.784137][ T3721] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   76.784137][ T3721]   inode = 12 2341
[   76.784137][ T3721]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   76.803303][ T3721] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   76.812693][ T3721] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3721 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   76.823162][ T3721] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3720] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3720] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3720] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3722], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3722
[pid  3720] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3722 attached
) = 0
[pid  3722] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3722] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3722] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   76.832280][ T3721] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   76.839810][ T3721] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   76.851672][ T3721] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   76.859941][ T3721] gfs2: fsid=syz:syz.0: File system withdrawn
[   76.866140][ T3721] CPU: 0 PID: 3721 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   76.876560][ T3721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   76.886626][ T3721] Call Trace:
[   76.889911][ T3721]  <TASK>
[   76.892839][ T3721]  dump_stack_lvl+0x1b1/0x28e
[   76.897527][ T3721]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   76.902997][ T3721]  ? panic+0x710/0x710
[   76.907085][ T3721]  ? kobject_uevent_env+0x46b/0x8e0
[   76.912289][ T3721]  ? do_raw_spin_unlock+0x134/0x8a0
[   76.917485][ T3721]  gfs2_withdraw+0xf33/0x1540
[   76.922185][ T3721]  ? gfs2_lm+0x220/0x220
[   76.926443][ T3721]  ? gfs2_dirent_scan+0xb6/0x650
[   76.931392][ T3721]  ? panic+0x710/0x710
[   76.935448][ T3721]  ? gfs2_permission+0x2ff/0x430
[   76.940378][ T3721]  ? gfs2_consist_inode_i+0xf3/0x110
[   76.945675][ T3721]  gfs2_dirent_scan+0x535/0x650
[   76.950540][ T3721]  ? gfs2_dirent_search+0xb10/0xb10
[   76.955736][ T3721]  gfs2_dirent_search+0x2ea/0xb10
[   76.960765][ T3721]  ? gfs2_dirent_search+0xb10/0xb10
[   76.966015][ T3721]  ? gfs2_dir_search+0x2a0/0x2a0
[   76.970963][ T3721]  ? gfs2_permission+0x3bf/0x430
[   76.975914][ T3721]  gfs2_dir_search+0x8c/0x2a0
[   76.980608][ T3721]  ? do_filldir_main+0x530/0x530
[   76.985550][ T3721]  ? inode_go_held+0xe4/0x1f0
[   76.990238][ T3721]  ? gfs2_glock_wait+0x213/0x2a0
[   76.995179][ T3721]  gfs2_lookupi+0x465/0x650
[   76.999698][ T3721]  ? gfs2_lookup_simple+0x170/0x170
[   77.004900][ T3721]  ? __gfs2_lookup+0x8c/0x260
[   77.009592][ T3721]  __gfs2_lookup+0x8c/0x260
[   77.014090][ T3721]  ? gfs2_atomic_open+0x230/0x230
[   77.019108][ T3721]  ? __d_lookup+0x6a4/0x770
[   77.023601][ T3721]  ? d_hash_and_lookup+0x1c0/0x1c0
[   77.028707][ T3721]  gfs2_atomic_open+0xa4/0x230
[   77.033469][ T3721]  path_openat+0xf39/0x2df0
[   77.037984][ T3721]  ? gfs2_rename2+0x3000/0x3000
[   77.042860][ T3721]  ? do_filp_open+0x4f0/0x4f0
[   77.047559][ T3721]  do_filp_open+0x264/0x4f0
[   77.052066][ T3721]  ? vfs_tmpfile+0x490/0x490
[   77.056652][ T3721]  ? do_raw_spin_unlock+0x134/0x8a0
[   77.061934][ T3721]  ? _raw_spin_unlock+0x24/0x40
[   77.066786][ T3721]  ? alloc_fd+0x5a7/0x640
[   77.071148][ T3721]  do_sys_openat2+0x124/0x4e0
[   77.075847][ T3721]  ? print_irqtrace_events+0x220/0x220
[   77.081414][ T3721]  ? ptrace_stop+0x74d/0x970
[   77.086030][ T3721]  ? do_sys_open+0x220/0x220
[   77.090657][ T3721]  ? lockdep_hardirqs_on+0x8d/0x130
[   77.095901][ T3721]  ? _raw_spin_unlock_irq+0x2a/0x40
[   77.101131][ T3721]  ? ptrace_notify+0x245/0x340
[   77.105921][ T3721]  __x64_sys_openat+0x243/0x290
[   77.110814][ T3721]  ? __ia32_sys_open+0x270/0x270
[   77.115806][ T3721]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   77.121819][ T3721]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   77.127827][ T3721]  do_syscall_64+0x3d/0xb0
[   77.132279][ T3721]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.138197][ T3721] RIP: 0033:0x7fc8868064d9
[   77.142629][ T3721] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   77.162260][ T3721] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   77.170698][ T3721] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   77.178680][ T3721] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3722] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3721] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3721] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3721] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3720] exit_group(0 <unfinished ...>
[pid  3721] <... futex resumed>)        = ?
[pid  3720] <... exit_group resumed>)   = ?
[pid  3722] <... futex resumed>)        = ?
[pid  3721] +++ exited with 0 +++
[pid  3722] +++ exited with 0 +++
[pid  3720] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3720, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./29/binderfs")                 = 0
[   77.186644][ T3721] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   77.194607][ T3721] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   77.202568][ T3721] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   77.210563][ T3721]  </TASK>
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./29/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./29")                           = 0
mkdir("./30", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3723
./strace-static-x86_64: Process 3723 attached
[pid  3723] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3723] chdir("./30")               = 0
[pid  3723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3723] setpgid(0, 0)               = 0
[pid  3723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3723] write(3, "1000", 4)         = 4
[pid  3723] close(3)                    = 0
[pid  3723] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3723] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3723] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3723] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3724 attached
, parent_tid=[3724], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3724
[pid  3723] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3724] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3723] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3724] memfd_create("syzkaller", 0) = 3
[pid  3724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3724] munmap(0x7fc87e392000, 16777216) = 0
[pid  3724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3724] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3724] close(3)                    = 0
[pid  3724] mkdir("./file0", 0777)      = 0
[   77.532956][ T3724] loop0: detected capacity change from 0 to 32768
[   77.545406][ T3724] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   77.553671][ T3724] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   77.562897][ T3724] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   77.571720][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   77.578506][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3724] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3724] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3724] chdir("./file0")            = 0
[pid  3724] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3724] close(4)                    = 0
[pid  3724] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3723] <... futex resumed>)        = 0
[pid  3724] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3723] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3724] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3723] <... futex resumed>)        = 0
[pid  3724] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3723] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3724] <... futex resumed>)        = 0
[pid  3723] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3724] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   77.614305][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   77.623171][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   77.628424][ T3724] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3723] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   77.659642][ T3724] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   77.668272][ T3724] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   77.668272][ T3724]   inode = 12 2341
[   77.668272][ T3724]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   77.687874][ T3724] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   77.696967][ T3724] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3724 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3723] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3723] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3723] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3723] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3725], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3725
[pid  3723] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3725 attached
[pid  3725] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3725] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3725] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   77.707225][ T3724] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   77.715783][ T3724] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   77.723252][ T3724] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   77.732111][ T3724] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   77.740764][ T3724] gfs2: fsid=syz:syz.0: File system withdrawn
[   77.746860][ T3724] CPU: 0 PID: 3724 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   77.757307][ T3724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   77.767357][ T3724] Call Trace:
[   77.770639][ T3724]  <TASK>
[   77.773577][ T3724]  dump_stack_lvl+0x1b1/0x28e
[   77.778249][ T3724]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   77.783711][ T3724]  ? panic+0x710/0x710
[   77.787836][ T3724]  ? kobject_uevent_env+0x46b/0x8e0
[   77.793036][ T3724]  ? do_raw_spin_unlock+0x134/0x8a0
[   77.798239][ T3724]  gfs2_withdraw+0xf33/0x1540
[   77.802945][ T3724]  ? gfs2_lm+0x220/0x220
[   77.807194][ T3724]  ? gfs2_dirent_scan+0xb6/0x650
[   77.812133][ T3724]  ? panic+0x710/0x710
[   77.816212][ T3724]  ? gfs2_permission+0x2ff/0x430
[   77.821155][ T3724]  ? gfs2_consist_inode_i+0xf3/0x110
[   77.826434][ T3724]  gfs2_dirent_scan+0x535/0x650
[   77.831284][ T3724]  ? gfs2_dirent_search+0xb10/0xb10
[   77.836481][ T3724]  gfs2_dirent_search+0x2ea/0xb10
[   77.841589][ T3724]  ? gfs2_dirent_search+0xb10/0xb10
[   77.846781][ T3724]  ? gfs2_dir_search+0x2a0/0x2a0
[   77.851712][ T3724]  ? gfs2_permission+0x3bf/0x430
[   77.856647][ T3724]  gfs2_dir_search+0x8c/0x2a0
[   77.861319][ T3724]  ? do_filldir_main+0x530/0x530
[   77.866254][ T3724]  ? inode_go_held+0xe4/0x1f0
[   77.870932][ T3724]  ? gfs2_glock_wait+0x213/0x2a0
[   77.875863][ T3724]  gfs2_lookupi+0x465/0x650
[   77.880369][ T3724]  ? gfs2_lookup_simple+0x170/0x170
[   77.885568][ T3724]  ? __gfs2_lookup+0x8c/0x260
[   77.890243][ T3724]  __gfs2_lookup+0x8c/0x260
[   77.894739][ T3724]  ? gfs2_atomic_open+0x230/0x230
[   77.899787][ T3724]  ? __d_lookup+0x6a4/0x770
[   77.904316][ T3724]  ? d_hash_and_lookup+0x1c0/0x1c0
[   77.909440][ T3724]  gfs2_atomic_open+0xa4/0x230
[   77.914214][ T3724]  path_openat+0xf39/0x2df0
[   77.918738][ T3724]  ? gfs2_rename2+0x3000/0x3000
[   77.923623][ T3724]  ? do_filp_open+0x4f0/0x4f0
[   77.928324][ T3724]  do_filp_open+0x264/0x4f0
[   77.932827][ T3724]  ? vfs_tmpfile+0x490/0x490
[   77.937435][ T3724]  ? do_raw_spin_unlock+0x134/0x8a0
[   77.942629][ T3724]  ? _raw_spin_unlock+0x24/0x40
[   77.947473][ T3724]  ? alloc_fd+0x5a7/0x640
[   77.951802][ T3724]  do_sys_openat2+0x124/0x4e0
[   77.956474][ T3724]  ? print_irqtrace_events+0x220/0x220
[   77.962013][ T3724]  ? ptrace_stop+0x74d/0x970
[   77.966596][ T3724]  ? do_sys_open+0x220/0x220
[   77.971178][ T3724]  ? lockdep_hardirqs_on+0x8d/0x130
[   77.976367][ T3724]  ? _raw_spin_unlock_irq+0x2a/0x40
[   77.981558][ T3724]  ? ptrace_notify+0x245/0x340
[   77.986312][ T3724]  __x64_sys_openat+0x243/0x290
[   77.991158][ T3724]  ? __ia32_sys_open+0x270/0x270
[   77.996139][ T3724]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   78.002135][ T3724]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   78.008108][ T3724]  do_syscall_64+0x3d/0xb0
[   78.012517][ T3724]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   78.018399][ T3724] RIP: 0033:0x7fc8868064d9
[   78.022806][ T3724] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   78.042406][ T3724] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   78.050815][ T3724] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3725] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3724] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3724] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3724] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3723] exit_group(0 <unfinished ...>
[pid  3725] <... futex resumed>)        = ?
[pid  3724] <... futex resumed>)        = ?
[pid  3723] <... exit_group resumed>)   = ?
[pid  3724] +++ exited with 0 +++
[pid  3725] +++ exited with 0 +++
[pid  3723] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3723, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./30/binderfs")                 = 0
[   78.058778][ T3724] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   78.066746][ T3724] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   78.074706][ T3724] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   78.082666][ T3724] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   78.090652][ T3724]  </TASK>
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./30/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./30")                           = 0
mkdir("./31", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3726
./strace-static-x86_64: Process 3726 attached
[pid  3726] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3726] chdir("./31")               = 0
[pid  3726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3726] setpgid(0, 0)               = 0
[pid  3726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3726] write(3, "1000", 4)         = 4
[pid  3726] close(3)                    = 0
[pid  3726] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3726] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3726] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3726] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3727 attached
 <unfinished ...>
[pid  3727] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3726] <... clone resumed>, parent_tid=[3727], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3727
[pid  3727] <... set_robust_list resumed>) = 0
[pid  3726] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3726] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3727] memfd_create("syzkaller", 0) = 3
[pid  3727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3727] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3727] munmap(0x7fc87e392000, 16777216) = 0
[pid  3727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3727] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3727] close(3)                    = 0
[pid  3727] mkdir("./file0", 0777)      = 0
[   78.397680][ T3727] loop0: detected capacity change from 0 to 32768
[   78.411655][ T3727] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   78.419932][ T3727] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   78.430632][ T3727] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   78.439740][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   78.446790][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3727] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3727] chdir("./file0")            = 0
[pid  3727] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3727] close(4)                    = 0
[pid  3727] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3726] <... futex resumed>)        = 0
[pid  3727] <... futex resumed>)        = 1
[pid  3726] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3727] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3726] <... futex resumed>)        = 0
[pid  3727] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3726] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3727] <... futex resumed>)        = 0
[pid  3726] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3726] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3726] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   78.488371][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 41ms
[   78.497335][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   78.502721][ T3727] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3727] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3726] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3726] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3726] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[   78.540881][ T3727] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   78.549333][ T3727] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   78.549333][ T3727]   inode = 12 2341
[   78.549333][ T3727]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   78.568670][ T3727] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   78.580220][ T3727] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3727 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3726] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3728], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3728
[pid  3726] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3728 attached
[pid  3728] set_robust_list(0x7fc87f3919e0, 24) = 0
[   78.590624][ T3727] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   78.595793][ T3728] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   78.601259][ T3727] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   78.608894][ T3728] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   78.616202][ T3727] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   78.625063][ T3728] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3727 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   78.633959][ T3727] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   78.643786][ T3728] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3728 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   78.650350][ T3727] gfs2: fsid=syz:syz.0: File system withdrawn
[   78.661716][ T3728] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   78.666690][ T3727] CPU: 1 PID: 3727 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   78.684929][ T3727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   78.695015][ T3727] Call Trace:
[   78.698295][ T3727]  <TASK>
[   78.701227][ T3727]  dump_stack_lvl+0x1b1/0x28e
[   78.705920][ T3727]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   78.711381][ T3727]  ? panic+0x710/0x710
[   78.715468][ T3727]  ? kobject_uevent_env+0x46b/0x8e0
[   78.720671][ T3727]  ? do_raw_spin_unlock+0x134/0x8a0
[   78.726062][ T3727]  gfs2_withdraw+0xf33/0x1540
[   78.730782][ T3727]  ? gfs2_lm+0x220/0x220
[   78.735055][ T3727]  ? gfs2_dirent_scan+0xb6/0x650
[   78.740015][ T3727]  ? panic+0x710/0x710
[   78.744086][ T3727]  ? gfs2_permission+0x2ff/0x430
[   78.749048][ T3727]  ? gfs2_consist_inode_i+0xf3/0x110
[   78.754355][ T3727]  gfs2_dirent_scan+0x535/0x650
[   78.759225][ T3727]  ? gfs2_dirent_search+0xb10/0xb10
[   78.764449][ T3727]  gfs2_dirent_search+0x2ea/0xb10
[   78.769482][ T3727]  ? gfs2_dirent_search+0xb10/0xb10
[   78.774721][ T3727]  ? gfs2_dir_search+0x2a0/0x2a0
[   78.779681][ T3727]  ? gfs2_permission+0x3bf/0x430
[   78.784724][ T3727]  gfs2_dir_search+0x8c/0x2a0
[pid  3728] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3726] exit_group(0)               = ?
[   78.789427][ T3727]  ? do_filldir_main+0x530/0x530
[   78.794370][ T3727]  ? inode_go_held+0xe4/0x1f0
[   78.799075][ T3727]  ? gfs2_glock_wait+0x213/0x2a0
[   78.804030][ T3727]  gfs2_lookupi+0x465/0x650
[   78.808560][ T3727]  ? gfs2_lookup_simple+0x170/0x170
[   78.813766][ T3727]  ? __gfs2_lookup+0x8c/0x260
[   78.818471][ T3727]  __gfs2_lookup+0x8c/0x260
[   78.822993][ T3727]  ? gfs2_atomic_open+0x230/0x230
[   78.828039][ T3727]  ? __d_lookup+0x6a4/0x770
[   78.832558][ T3727]  ? d_hash_and_lookup+0x1c0/0x1c0
[   78.837675][ T3727]  gfs2_atomic_open+0xa4/0x230
[   78.842492][ T3727]  path_openat+0xf39/0x2df0
[   78.847000][ T3727]  ? gfs2_rename2+0x3000/0x3000
[   78.851869][ T3727]  ? do_filp_open+0x4f0/0x4f0
[   78.856550][ T3727]  do_filp_open+0x264/0x4f0
[   78.861046][ T3727]  ? vfs_tmpfile+0x490/0x490
[   78.865649][ T3727]  ? do_raw_spin_unlock+0x134/0x8a0
[   78.870875][ T3727]  ? _raw_spin_unlock+0x24/0x40
[   78.875747][ T3727]  ? alloc_fd+0x5a7/0x640
[   78.880287][ T3727]  do_sys_openat2+0x124/0x4e0
[   78.884983][ T3727]  ? print_irqtrace_events+0x220/0x220
[   78.890462][ T3727]  ? ptrace_stop+0x74d/0x970
[   78.895063][ T3727]  ? do_sys_open+0x220/0x220
[   78.899645][ T3727]  ? lockdep_hardirqs_on+0x8d/0x130
[   78.904834][ T3727]  ? _raw_spin_unlock_irq+0x2a/0x40
[   78.910035][ T3727]  ? ptrace_notify+0x245/0x340
[   78.914804][ T3727]  __x64_sys_openat+0x243/0x290
[   78.919746][ T3727]  ? __ia32_sys_open+0x270/0x270
[   78.924678][ T3727]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   78.930664][ T3727]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   78.936649][ T3727]  do_syscall_64+0x3d/0xb0
[   78.941060][ T3727]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   78.947209][ T3727] RIP: 0033:0x7fc8868064d9
[   78.951635][ T3727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   78.971238][ T3727] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   78.979650][ T3727] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3728] <... openat resumed>)       = ?
[pid  3727] <... openat resumed>)       = ?
[pid  3728] +++ exited with 0 +++
[pid  3727] +++ exited with 0 +++
[pid  3726] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3726, si_uid=0, si_status=0, si_utime=0, si_stime=39} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./31/binderfs")                 = 0
[   78.987873][ T3727] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   78.995862][ T3727] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   79.003824][ T3727] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   79.011796][ T3727] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   79.019804][ T3727]  </TASK>
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./31/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./31")                           = 0
mkdir("./32", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3729
./strace-static-x86_64: Process 3729 attached
[pid  3729] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3729] chdir("./32")               = 0
[pid  3729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3729] setpgid(0, 0)               = 0
[pid  3729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3729] write(3, "1000", 4)         = 4
[pid  3729] close(3)                    = 0
[pid  3729] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3729] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3729] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3729] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3730 attached
, parent_tid=[3730], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3730
[pid  3729] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3730] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3729] <... futex resumed>)        = 0
[pid  3730] <... set_robust_list resumed>) = 0
[pid  3729] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3730] memfd_create("syzkaller", 0) = 3
[pid  3730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3730] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3730] munmap(0x7fc87e392000, 16777216) = 0
[pid  3730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3730] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3730] close(3)                    = 0
[pid  3730] mkdir("./file0", 0777)      = 0
[   79.330242][ T3730] loop0: detected capacity change from 0 to 32768
[   79.342496][ T3730] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   79.351019][ T3730] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   79.360213][ T3730] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   79.368982][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   79.376271][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3730] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3730] chdir("./file0")            = 0
[pid  3730] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3730] close(4)                    = 0
[pid  3730] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3729] <... futex resumed>)        = 0
[pid  3729] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3729] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3730] <... futex resumed>)        = 1
[pid  3730] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3730] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3729] <... futex resumed>)        = 0
[pid  3729] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3729] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3730] <... futex resumed>)        = 1
[   79.410616][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[   79.419313][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   79.424688][ T3730] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   79.443682][ T3730] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3730] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3729] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3729] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3729] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3729] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3731], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3731
[pid  3729] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3731 attached
[   79.455430][ T3730] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   79.455430][ T3730]   inode = 12 2341
[   79.455430][ T3730]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   79.475103][ T3730] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   79.484797][ T3730] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3730 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   79.495125][ T3730] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   79.503791][ T3730] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3731] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3731] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3731] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   79.511263][ T3730] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   79.521597][ T3730] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   79.528205][ T3730] gfs2: fsid=syz:syz.0: File system withdrawn
[   79.534588][ T3730] CPU: 0 PID: 3730 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   79.545017][ T3730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   79.555079][ T3730] Call Trace:
[   79.558375][ T3730]  <TASK>
[   79.561323][ T3730]  dump_stack_lvl+0x1b1/0x28e
[   79.566179][ T3730]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   79.571641][ T3730]  ? panic+0x710/0x710
[   79.575707][ T3730]  ? kobject_uevent_env+0x46b/0x8e0
[   79.580909][ T3730]  ? do_raw_spin_unlock+0x134/0x8a0
[   79.586127][ T3730]  gfs2_withdraw+0xf33/0x1540
[   79.590815][ T3730]  ? gfs2_lm+0x220/0x220
[   79.595057][ T3730]  ? gfs2_dirent_scan+0xb6/0x650
[   79.599992][ T3730]  ? panic+0x710/0x710
[   79.604051][ T3730]  ? gfs2_permission+0x2ff/0x430
[   79.608986][ T3730]  ? gfs2_consist_inode_i+0xf3/0x110
[   79.614263][ T3730]  gfs2_dirent_scan+0x535/0x650
[   79.619113][ T3730]  ? gfs2_dirent_search+0xb10/0xb10
[   79.624312][ T3730]  gfs2_dirent_search+0x2ea/0xb10
[   79.629340][ T3730]  ? gfs2_dirent_search+0xb10/0xb10
[   79.634534][ T3730]  ? gfs2_dir_search+0x2a0/0x2a0
[   79.639473][ T3730]  ? gfs2_permission+0x3bf/0x430
[   79.644583][ T3730]  gfs2_dir_search+0x8c/0x2a0
[   79.649257][ T3730]  ? do_filldir_main+0x530/0x530
[   79.654194][ T3730]  ? inode_go_held+0xe4/0x1f0
[   79.658866][ T3730]  ? gfs2_glock_wait+0x213/0x2a0
[   79.663795][ T3730]  gfs2_lookupi+0x465/0x650
[   79.668302][ T3730]  ? gfs2_lookup_simple+0x170/0x170
[   79.673492][ T3730]  ? __gfs2_lookup+0x8c/0x260
[   79.678166][ T3730]  __gfs2_lookup+0x8c/0x260
[   79.682664][ T3730]  ? gfs2_atomic_open+0x230/0x230
[   79.687683][ T3730]  ? __d_lookup+0x6a4/0x770
[   79.692175][ T3730]  ? d_hash_and_lookup+0x1c0/0x1c0
[   79.697276][ T3730]  gfs2_atomic_open+0xa4/0x230
[   79.702039][ T3730]  path_openat+0xf39/0x2df0
[   79.706539][ T3730]  ? gfs2_rename2+0x3000/0x3000
[   79.711394][ T3730]  ? do_filp_open+0x4f0/0x4f0
[   79.716074][ T3730]  do_filp_open+0x264/0x4f0
[   79.720568][ T3730]  ? vfs_tmpfile+0x490/0x490
[   79.725155][ T3730]  ? do_raw_spin_unlock+0x134/0x8a0
[   79.730350][ T3730]  ? _raw_spin_unlock+0x24/0x40
[   79.735196][ T3730]  ? alloc_fd+0x5a7/0x640
[   79.739565][ T3730]  do_sys_openat2+0x124/0x4e0
[   79.744583][ T3730]  ? print_irqtrace_events+0x220/0x220
[   79.750380][ T3730]  ? ptrace_stop+0x74d/0x970
[   79.754970][ T3730]  ? do_sys_open+0x220/0x220
[   79.759647][ T3730]  ? lockdep_hardirqs_on+0x8d/0x130
[   79.764962][ T3730]  ? _raw_spin_unlock_irq+0x2a/0x40
[   79.770176][ T3730]  ? ptrace_notify+0x245/0x340
[   79.775004][ T3730]  __x64_sys_openat+0x243/0x290
[   79.779859][ T3730]  ? __ia32_sys_open+0x270/0x270
[   79.784794][ T3730]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   79.790781][ T3730]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   79.796757][ T3730]  do_syscall_64+0x3d/0xb0
[   79.801256][ T3730]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   79.807316][ T3730] RIP: 0033:0x7fc8868064d9
[   79.811736][ T3730] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   79.831334][ T3730] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   79.839827][ T3730] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   79.847788][ T3730] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3731] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3730] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3730] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3730] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3729] exit_group(0 <unfinished ...>
[pid  3730] <... futex resumed>)        = ?
[pid  3729] <... exit_group resumed>)   = ?
[pid  3730] +++ exited with 0 +++
[pid  3731] <... futex resumed>)        = ?
[pid  3731] +++ exited with 0 +++
[pid  3729] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3729, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./32/binderfs")                 = 0
[   79.855750][ T3730] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   79.863717][ T3730] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   79.871686][ T3730] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   79.879769][ T3730]  </TASK>
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./32/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./32")                           = 0
mkdir("./33", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3732
./strace-static-x86_64: Process 3732 attached
[pid  3732] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3732] chdir("./33")               = 0
[pid  3732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3732] setpgid(0, 0)               = 0
[pid  3732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3732] write(3, "1000", 4)         = 4
[pid  3732] close(3)                    = 0
[pid  3732] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3732] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3732] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3732] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3733 attached
, parent_tid=[3733], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3733
[pid  3733] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3733] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3732] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3733] <... futex resumed>)        = 0
[pid  3732] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3733] memfd_create("syzkaller", 0) = 3
[pid  3733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3733] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3733] munmap(0x7fc87e392000, 16777216) = 0
[pid  3733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3733] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3733] close(3)                    = 0
[pid  3733] mkdir("./file0", 0777)      = 0
[   80.192653][ T3733] loop0: detected capacity change from 0 to 32768
[   80.204671][ T3733] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   80.212916][ T3733] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   80.222904][ T3733] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   80.231515][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   80.238327][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3733] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3733] chdir("./file0")            = 0
[pid  3733] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3733] close(4)                    = 0
[pid  3733] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3732] <... futex resumed>)        = 0
[pid  3732] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3732] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3733] <... futex resumed>)        = 1
[pid  3733] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3733] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3732] <... futex resumed>)        = 0
[pid  3732] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3732] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3733] <... futex resumed>)        = 1
[   80.273961][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   80.281572][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   80.286803][ T3733] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   80.316377][ T3733] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   80.325854][ T3733] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   80.325854][ T3733]   inode = 12 2341
[   80.325854][ T3733]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   80.345136][ T3733] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   80.354729][ T3733] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3733 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3733] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3732] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3732] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3732] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3732] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3734], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3734
[pid  3732] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3734 attached
[   80.365111][ T3733] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   80.374275][ T3733] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   80.381876][ T3733] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   80.391151][ T3733] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   80.397745][ T3733] gfs2: fsid=syz:syz.0: File system withdrawn
[   80.404206][ T3733] CPU: 0 PID: 3733 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[pid  3734] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3734] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3734] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   80.414629][ T3733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   80.424679][ T3733] Call Trace:
[   80.427959][ T3733]  <TASK>
[   80.430891][ T3733]  dump_stack_lvl+0x1b1/0x28e
[   80.435573][ T3733]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   80.441043][ T3733]  ? panic+0x710/0x710
[   80.445141][ T3733]  ? kobject_uevent_env+0x46b/0x8e0
[   80.450435][ T3733]  ? do_raw_spin_unlock+0x134/0x8a0
[   80.455893][ T3733]  gfs2_withdraw+0xf33/0x1540
[   80.460591][ T3733]  ? gfs2_lm+0x220/0x220
[   80.464846][ T3733]  ? gfs2_dirent_scan+0xb6/0x650
[   80.469792][ T3733]  ? panic+0x710/0x710
[   80.473868][ T3733]  ? gfs2_permission+0x2ff/0x430
[   80.478821][ T3733]  ? gfs2_consist_inode_i+0xf3/0x110
[   80.484123][ T3733]  gfs2_dirent_scan+0x535/0x650
[   80.488998][ T3733]  ? gfs2_dirent_search+0xb10/0xb10
[   80.494209][ T3733]  gfs2_dirent_search+0x2ea/0xb10
[   80.499228][ T3733]  ? gfs2_dirent_search+0xb10/0xb10
[   80.504433][ T3733]  ? gfs2_dir_search+0x2a0/0x2a0
[   80.509382][ T3733]  ? gfs2_permission+0x3bf/0x430
[   80.514323][ T3733]  gfs2_dir_search+0x8c/0x2a0
[   80.519005][ T3733]  ? do_filldir_main+0x530/0x530
[   80.523939][ T3733]  ? inode_go_held+0xe4/0x1f0
[   80.528614][ T3733]  ? gfs2_glock_wait+0x213/0x2a0
[   80.533549][ T3733]  gfs2_lookupi+0x465/0x650
[   80.538054][ T3733]  ? gfs2_lookup_simple+0x170/0x170
[   80.543258][ T3733]  ? __gfs2_lookup+0x8c/0x260
[   80.547939][ T3733]  __gfs2_lookup+0x8c/0x260
[   80.552441][ T3733]  ? gfs2_atomic_open+0x230/0x230
[   80.557465][ T3733]  ? __d_lookup+0x6a4/0x770
[   80.561964][ T3733]  ? d_hash_and_lookup+0x1c0/0x1c0
[   80.567078][ T3733]  gfs2_atomic_open+0xa4/0x230
[   80.571841][ T3733]  path_openat+0xf39/0x2df0
[   80.576362][ T3733]  ? gfs2_rename2+0x3000/0x3000
[   80.581227][ T3733]  ? do_filp_open+0x4f0/0x4f0
[   80.585906][ T3733]  do_filp_open+0x264/0x4f0
[   80.590400][ T3733]  ? vfs_tmpfile+0x490/0x490
[   80.594990][ T3733]  ? do_raw_spin_unlock+0x134/0x8a0
[   80.600187][ T3733]  ? _raw_spin_unlock+0x24/0x40
[   80.605048][ T3733]  ? alloc_fd+0x5a7/0x640
[   80.609404][ T3733]  do_sys_openat2+0x124/0x4e0
[   80.614093][ T3733]  ? print_irqtrace_events+0x220/0x220
[   80.619552][ T3733]  ? ptrace_stop+0x74d/0x970
[   80.624137][ T3733]  ? do_sys_open+0x220/0x220
[   80.628719][ T3733]  ? lockdep_hardirqs_on+0x8d/0x130
[   80.633908][ T3733]  ? _raw_spin_unlock_irq+0x2a/0x40
[   80.639102][ T3733]  ? ptrace_notify+0x245/0x340
[   80.643860][ T3733]  __x64_sys_openat+0x243/0x290
[   80.648705][ T3733]  ? __ia32_sys_open+0x270/0x270
[   80.653671][ T3733]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   80.659648][ T3733]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   80.665624][ T3733]  do_syscall_64+0x3d/0xb0
[   80.670038][ T3733]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   80.675931][ T3733] RIP: 0033:0x7fc8868064d9
[   80.680339][ T3733] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   80.699936][ T3733] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   80.708344][ T3733] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3734] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3733] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3733] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3733] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3732] exit_group(0 <unfinished ...>
[pid  3733] <... futex resumed>)        = ?
[pid  3732] <... exit_group resumed>)   = ?
[pid  3733] +++ exited with 0 +++
[pid  3734] <... futex resumed>)        = ?
[pid  3734] +++ exited with 0 +++
[pid  3732] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3732, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./33/binderfs")                 = 0
[   80.716306][ T3733] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   80.724265][ T3733] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   80.732250][ T3733] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   80.740224][ T3733] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   80.748218][ T3733]  </TASK>
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./33/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./33")                           = 0
mkdir("./34", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3735
./strace-static-x86_64: Process 3735 attached
[pid  3735] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3735] chdir("./34")               = 0
[pid  3735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3735] setpgid(0, 0)               = 0
[pid  3735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3735] write(3, "1000", 4)         = 4
[pid  3735] close(3)                    = 0
[pid  3735] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3735] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3735] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3735] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3736], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3736
[pid  3735] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3735] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3736 attached
 <unfinished ...>
[pid  3736] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3736] memfd_create("syzkaller", 0) = 3
[pid  3736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3736] munmap(0x7fc87e392000, 16777216) = 0
[pid  3736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3736] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3736] close(3)                    = 0
[pid  3736] mkdir("./file0", 0777)      = 0
[   81.075774][ T3736] loop0: detected capacity change from 0 to 32768
[   81.086025][ T3736] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   81.094792][ T3736] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   81.104169][ T3736] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   81.112774][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   81.119552][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3736] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3736] chdir("./file0")            = 0
[pid  3736] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3736] close(4)                    = 0
[pid  3736] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3735] <... futex resumed>)        = 0
[pid  3735] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3735] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3736] <... futex resumed>)        = 1
[pid  3736] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3736] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3735] <... futex resumed>)        = 0
[pid  3735] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3735] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3736] <... futex resumed>)        = 1
[   81.157201][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[   81.164809][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   81.170067][ T3736] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   81.184701][ T3736] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   81.193276][ T3736] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   81.193276][ T3736]   inode = 12 2341
[pid  3736] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3735] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3735] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   81.193276][ T3736]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   81.212638][ T3736] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   81.222582][ T3736] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3736 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   81.233016][ T3736] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   81.241935][ T3736] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3735] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3735] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3737], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3737
[pid  3735] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3737 attached
[pid  3737] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3737] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3737] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   81.249192][ T3736] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   81.258315][ T3736] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   81.265264][ T3736] gfs2: fsid=syz:syz.0: File system withdrawn
[   81.271660][ T3736] CPU: 0 PID: 3736 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   81.282184][ T3736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   81.292246][ T3736] Call Trace:
[   81.295516][ T3736]  <TASK>
[   81.298450][ T3736]  dump_stack_lvl+0x1b1/0x28e
[   81.303139][ T3736]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   81.308589][ T3736]  ? panic+0x710/0x710
[   81.312659][ T3736]  ? kobject_uevent_env+0x46b/0x8e0
[   81.317857][ T3736]  ? do_raw_spin_unlock+0x134/0x8a0
[   81.323060][ T3736]  gfs2_withdraw+0xf33/0x1540
[   81.327763][ T3736]  ? gfs2_lm+0x220/0x220
[   81.332034][ T3736]  ? gfs2_dirent_scan+0xb6/0x650
[   81.337058][ T3736]  ? panic+0x710/0x710
[   81.341121][ T3736]  ? gfs2_permission+0x2ff/0x430
[   81.346150][ T3736]  ? gfs2_consist_inode_i+0xf3/0x110
[   81.351434][ T3736]  gfs2_dirent_scan+0x535/0x650
[   81.356283][ T3736]  ? gfs2_dirent_search+0xb10/0xb10
[   81.361478][ T3736]  gfs2_dirent_search+0x2ea/0xb10
[   81.366501][ T3736]  ? gfs2_dirent_search+0xb10/0xb10
[   81.371771][ T3736]  ? gfs2_dir_search+0x2a0/0x2a0
[   81.376706][ T3736]  ? gfs2_permission+0x3bf/0x430
[   81.381644][ T3736]  gfs2_dir_search+0x8c/0x2a0
[   81.386320][ T3736]  ? do_filldir_main+0x530/0x530
[   81.391443][ T3736]  ? inode_go_held+0xe4/0x1f0
[   81.396157][ T3736]  ? gfs2_glock_wait+0x213/0x2a0
[   81.401101][ T3736]  gfs2_lookupi+0x465/0x650
[   81.405619][ T3736]  ? gfs2_lookup_simple+0x170/0x170
[   81.410815][ T3736]  ? __gfs2_lookup+0x8c/0x260
[   81.415579][ T3736]  __gfs2_lookup+0x8c/0x260
[   81.420078][ T3736]  ? gfs2_atomic_open+0x230/0x230
[   81.425121][ T3736]  ? __d_lookup+0x6a4/0x770
[   81.429615][ T3736]  ? d_hash_and_lookup+0x1c0/0x1c0
[   81.434721][ T3736]  gfs2_atomic_open+0xa4/0x230
[   81.439495][ T3736]  path_openat+0xf39/0x2df0
[   81.443997][ T3736]  ? gfs2_rename2+0x3000/0x3000
[   81.448855][ T3736]  ? do_filp_open+0x4f0/0x4f0
[   81.453538][ T3736]  do_filp_open+0x264/0x4f0
[   81.458033][ T3736]  ? vfs_tmpfile+0x490/0x490
[   81.462625][ T3736]  ? do_raw_spin_unlock+0x134/0x8a0
[   81.467822][ T3736]  ? _raw_spin_unlock+0x24/0x40
[   81.472680][ T3736]  ? alloc_fd+0x5a7/0x640
[   81.477018][ T3736]  do_sys_openat2+0x124/0x4e0
[   81.481687][ T3736]  ? print_irqtrace_events+0x220/0x220
[   81.487142][ T3736]  ? ptrace_stop+0x74d/0x970
[   81.491725][ T3736]  ? do_sys_open+0x220/0x220
[   81.496307][ T3736]  ? lockdep_hardirqs_on+0x8d/0x130
[   81.501584][ T3736]  ? _raw_spin_unlock_irq+0x2a/0x40
[   81.506775][ T3736]  ? ptrace_notify+0x245/0x340
[   81.511536][ T3736]  __x64_sys_openat+0x243/0x290
[   81.516381][ T3736]  ? __ia32_sys_open+0x270/0x270
[   81.521315][ T3736]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   81.527291][ T3736]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   81.533268][ T3736]  do_syscall_64+0x3d/0xb0
[   81.537678][ T3736]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   81.543560][ T3736] RIP: 0033:0x7fc8868064d9
[   81.547966][ T3736] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   81.567566][ T3736] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   81.575970][ T3736] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   81.583929][ T3736] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   81.591915][ T3736] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   81.599962][ T3736] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3737] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3736] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3736] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3736] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3735] exit_group(0 <unfinished ...>
[pid  3737] <... futex resumed>)        = ?
[pid  3736] <... futex resumed>)        = ?
[pid  3735] <... exit_group resumed>)   = ?
[pid  3737] +++ exited with 0 +++
[pid  3736] +++ exited with 0 +++
[pid  3735] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3735, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./34/binderfs")                 = 0
[   81.607923][ T3736] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   81.616156][ T3736]  </TASK>
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./34/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./34")                           = 0
mkdir("./35", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3738
./strace-static-x86_64: Process 3738 attached
[pid  3738] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3738] chdir("./35")               = 0
[pid  3738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3738] setpgid(0, 0)               = 0
[pid  3738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3738] write(3, "1000", 4)         = 4
[pid  3738] close(3)                    = 0
[pid  3738] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3738] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3738] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3738] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3739], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3739
[pid  3738] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3738] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3739 attached
 <unfinished ...>
[pid  3739] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3739] memfd_create("syzkaller", 0) = 3
[pid  3739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3739] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3739] munmap(0x7fc87e392000, 16777216) = 0
[pid  3739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3739] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3739] close(3)                    = 0
[pid  3739] mkdir("./file0", 0777)      = 0
[   81.928163][ T3739] loop0: detected capacity change from 0 to 32768
[   81.939739][ T3739] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   81.948239][ T3739] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   81.958628][ T3739] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   81.967628][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   81.974599][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3739] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3739] chdir("./file0")            = 0
[pid  3739] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3739] close(4)                    = 0
[pid  3739] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3738] <... futex resumed>)        = 0
[pid  3738] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3738] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3739] <... futex resumed>)        = 1
[pid  3739] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3739] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3738] <... futex resumed>)        = 0
[pid  3738] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3738] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3739] <... futex resumed>)        = 1
[   82.014462][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   82.022773][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   82.028273][ T3739] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   82.050269][ T3739] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3739] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3738] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3738] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3738] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3738] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3740], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3740
[pid  3738] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3740 attached
[pid  3740] set_robust_list(0x7fc87f3919e0, 24) = 0
[   82.058824][ T3739] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   82.058824][ T3739]   inode = 12 2341
[   82.058824][ T3739]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   82.078297][ T3739] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   82.087637][ T3739] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3739 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   82.097869][ T3739] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   82.106601][ T3740] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   82.107385][ T3739] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   82.115778][ T3740] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   82.122726][ T3739] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   82.131911][ T3740] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3739 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   82.140487][ T3739] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   82.150183][ T3740] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3740 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   82.157090][ T3739] gfs2: fsid=syz:syz.0: File system withdrawn
[   82.168415][ T3740] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   82.173307][ T3739] CPU: 1 PID: 3739 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   82.191628][ T3739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   82.201762][ T3739] Call Trace:
[   82.205031][ T3739]  <TASK>
[   82.207967][ T3739]  dump_stack_lvl+0x1b1/0x28e
[   82.212638][ T3739]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   82.218088][ T3739]  ? panic+0x710/0x710
[   82.222150][ T3739]  ? kobject_uevent_env+0x46b/0x8e0
[   82.227341][ T3739]  ? do_raw_spin_unlock+0x134/0x8a0
[   82.232543][ T3739]  gfs2_withdraw+0xf33/0x1540
[   82.237226][ T3739]  ? gfs2_lm+0x220/0x220
[   82.241456][ T3739]  ? gfs2_dirent_scan+0xb6/0x650
[   82.246387][ T3739]  ? panic+0x710/0x710
[   82.250448][ T3739]  ? gfs2_permission+0x2ff/0x430
[   82.255383][ T3739]  ? gfs2_consist_inode_i+0xf3/0x110
[   82.260666][ T3739]  gfs2_dirent_scan+0x535/0x650
[   82.265517][ T3739]  ? gfs2_dirent_search+0xb10/0xb10
[   82.270718][ T3739]  gfs2_dirent_search+0x2ea/0xb10
[   82.275740][ T3739]  ? gfs2_dirent_search+0xb10/0xb10
[   82.280936][ T3739]  ? gfs2_dir_search+0x2a0/0x2a0
[   82.285871][ T3739]  ? gfs2_permission+0x3bf/0x430
[   82.290812][ T3739]  gfs2_dir_search+0x8c/0x2a0
[   82.295487][ T3739]  ? do_filldir_main+0x530/0x530
[   82.300421][ T3739]  ? inode_go_held+0xe4/0x1f0
[   82.305093][ T3739]  ? gfs2_glock_wait+0x213/0x2a0
[   82.310548][ T3739]  gfs2_lookupi+0x465/0x650
[   82.315051][ T3739]  ? gfs2_lookup_simple+0x170/0x170
[   82.320251][ T3739]  ? __gfs2_lookup+0x8c/0x260
[   82.324945][ T3739]  __gfs2_lookup+0x8c/0x260
[   82.329451][ T3739]  ? gfs2_atomic_open+0x230/0x230
[   82.334487][ T3739]  ? __d_lookup+0x6a4/0x770
[   82.338989][ T3739]  ? d_hash_and_lookup+0x1c0/0x1c0
[   82.344112][ T3739]  gfs2_atomic_open+0xa4/0x230
[   82.348882][ T3739]  path_openat+0xf39/0x2df0
[   82.353391][ T3739]  ? gfs2_rename2+0x3000/0x3000
[   82.358446][ T3739]  ? do_filp_open+0x4f0/0x4f0
[   82.363223][ T3739]  do_filp_open+0x264/0x4f0
[   82.367738][ T3739]  ? vfs_tmpfile+0x490/0x490
[   82.372331][ T3739]  ? do_raw_spin_unlock+0x134/0x8a0
[   82.377555][ T3739]  ? _raw_spin_unlock+0x24/0x40
[   82.382404][ T3739]  ? alloc_fd+0x5a7/0x640
[   82.386752][ T3739]  do_sys_openat2+0x124/0x4e0
[   82.391425][ T3739]  ? print_irqtrace_events+0x220/0x220
[   82.396874][ T3739]  ? ptrace_stop+0x74d/0x970
[   82.401460][ T3739]  ? do_sys_open+0x220/0x220
[   82.406047][ T3739]  ? lockdep_hardirqs_on+0x8d/0x130
[   82.411241][ T3739]  ? _raw_spin_unlock_irq+0x2a/0x40
[   82.416445][ T3739]  ? ptrace_notify+0x245/0x340
[   82.421201][ T3739]  __x64_sys_openat+0x243/0x290
[   82.426049][ T3739]  ? __ia32_sys_open+0x270/0x270
[   82.430982][ T3739]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   82.436968][ T3739]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   82.442947][ T3739]  do_syscall_64+0x3d/0xb0
[   82.447355][ T3739]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   82.453242][ T3739] RIP: 0033:0x7fc8868064d9
[   82.457652][ T3739] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   82.477254][ T3739] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   82.485663][ T3739] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   82.493627][ T3739] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   82.501593][ T3739] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3740] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3739] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3739] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3739] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3740] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3740] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3740] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3738] exit_group(0 <unfinished ...>
[pid  3739] <... futex resumed>)        = ?
[pid  3738] <... exit_group resumed>)   = ?
[pid  3739] +++ exited with 0 +++
[pid  3740] <... futex resumed>)        = ?
[pid  3740] +++ exited with 0 +++
[pid  3738] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3738, si_uid=0, si_status=0, si_utime=0, si_stime=39} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./35/binderfs")                 = 0
[   82.509557][ T3739] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   82.517517][ T3739] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   82.525491][ T3739]  </TASK>
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./35/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./35")                           = 0
mkdir("./36", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3741
./strace-static-x86_64: Process 3741 attached
[pid  3741] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3741] chdir("./36")               = 0
[pid  3741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3741] setpgid(0, 0)               = 0
[pid  3741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3741] write(3, "1000", 4)         = 4
[pid  3741] close(3)                    = 0
[pid  3741] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3741] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3741] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3741] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3742], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3742
[pid  3741] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3741] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3742 attached
 <unfinished ...>
[pid  3742] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3742] memfd_create("syzkaller", 0) = 3
[pid  3742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3742] munmap(0x7fc87e392000, 16777216) = 0
[pid  3742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3742] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3742] close(3)                    = 0
[pid  3742] mkdir("./file0", 0777)      = 0
[   82.842846][ T3742] loop0: detected capacity change from 0 to 32768
[   82.854900][ T3742] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   82.863149][ T3742] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   82.873265][ T3742] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   82.882243][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   82.889125][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3742] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3742] chdir("./file0")            = 0
[pid  3742] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3742] close(4)                    = 0
[pid  3742] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3741] <... futex resumed>)        = 0
[pid  3742] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3741] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3742] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3741] <... futex resumed>)        = 0
[pid  3742] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3741] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3742] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3742] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3741] <... futex resumed>)        = 0
[pid  3742] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3741] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3742] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3741] <... futex resumed>)        = 0
[pid  3742] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   82.922591][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   82.931558][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   82.936791][ T3742] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   82.975552][ T3742] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   82.985897][ T3742] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   82.985897][ T3742]   inode = 12 2341
[   82.985897][ T3742]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   83.005410][ T3742] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   83.014796][ T3742] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3742 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3741] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3741] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[   83.024992][ T3742] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   83.033608][ T3742] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   83.040994][ T3742] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   83.049814][ T3742] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   83.057424][ T3742] gfs2: fsid=syz:syz.0: File system withdrawn
[   83.063867][ T3742] CPU: 0 PID: 3742 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   83.074389][ T3742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   83.084474][ T3742] Call Trace:
[   83.087758][ T3742]  <TASK>
[   83.090683][ T3742]  dump_stack_lvl+0x1b1/0x28e
[   83.095376][ T3742]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   83.100947][ T3742]  ? panic+0x710/0x710
[   83.105039][ T3742]  ? kobject_uevent_env+0x46b/0x8e0
[   83.110247][ T3742]  ? do_raw_spin_unlock+0x134/0x8a0
[   83.115533][ T3742]  gfs2_withdraw+0xf33/0x1540
[   83.120232][ T3742]  ? gfs2_lm+0x220/0x220
[   83.124495][ T3742]  ? gfs2_dirent_scan+0xb6/0x650
[   83.129454][ T3742]  ? panic+0x710/0x710
[   83.133651][ T3742]  ? gfs2_permission+0x2ff/0x430
[   83.138606][ T3742]  ? gfs2_consist_inode_i+0xf3/0x110
[   83.143909][ T3742]  gfs2_dirent_scan+0x535/0x650
[   83.148797][ T3742]  ? gfs2_dirent_search+0xb10/0xb10
[   83.154007][ T3742]  gfs2_dirent_search+0x2ea/0xb10
[   83.159208][ T3742]  ? gfs2_dirent_search+0xb10/0xb10
[   83.164403][ T3742]  ? gfs2_dir_search+0x2a0/0x2a0
[   83.169355][ T3742]  ? gfs2_permission+0x3bf/0x430
[   83.174312][ T3742]  gfs2_dir_search+0x8c/0x2a0
[   83.179013][ T3742]  ? do_filldir_main+0x530/0x530
[   83.183958][ T3742]  ? inode_go_held+0xe4/0x1f0
[   83.188633][ T3742]  ? gfs2_glock_wait+0x213/0x2a0
[   83.193565][ T3742]  gfs2_lookupi+0x465/0x650
[   83.198072][ T3742]  ? gfs2_lookup_simple+0x170/0x170
[   83.203275][ T3742]  ? __gfs2_lookup+0x8c/0x260
[   83.207954][ T3742]  __gfs2_lookup+0x8c/0x260
[   83.212454][ T3742]  ? gfs2_atomic_open+0x230/0x230
[   83.217476][ T3742]  ? __d_lookup+0x6a4/0x770
[   83.221970][ T3742]  ? d_hash_and_lookup+0x1c0/0x1c0
[   83.227077][ T3742]  gfs2_atomic_open+0xa4/0x230
[   83.231843][ T3742]  path_openat+0xf39/0x2df0
[   83.236344][ T3742]  ? gfs2_rename2+0x3000/0x3000
[   83.241204][ T3742]  ? do_filp_open+0x4f0/0x4f0
[   83.245979][ T3742]  do_filp_open+0x264/0x4f0
[   83.250476][ T3742]  ? vfs_tmpfile+0x490/0x490
[   83.255092][ T3742]  ? do_raw_spin_unlock+0x134/0x8a0
[   83.260383][ T3742]  ? _raw_spin_unlock+0x24/0x40
[   83.265230][ T3742]  ? alloc_fd+0x5a7/0x640
[   83.269564][ T3742]  do_sys_openat2+0x124/0x4e0
[   83.274239][ T3742]  ? print_irqtrace_events+0x220/0x220
[   83.279691][ T3742]  ? ptrace_stop+0x74d/0x970
[   83.284548][ T3742]  ? do_sys_open+0x220/0x220
[   83.289134][ T3742]  ? lockdep_hardirqs_on+0x8d/0x130
[   83.294325][ T3742]  ? _raw_spin_unlock_irq+0x2a/0x40
[   83.299528][ T3742]  ? ptrace_notify+0x245/0x340
[   83.304283][ T3742]  __x64_sys_openat+0x243/0x290
[   83.309161][ T3742]  ? __ia32_sys_open+0x270/0x270
[   83.314094][ T3742]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   83.320080][ T3742]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   83.326067][ T3742]  do_syscall_64+0x3d/0xb0
[   83.330479][ T3742]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   83.336371][ T3742] RIP: 0033:0x7fc8868064d9
[   83.340778][ T3742] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   83.360387][ T3742] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   83.368813][ T3742] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3741] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  3742] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3741] <... mprotect resumed>)     = 0
[pid  3742] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3741] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3743 attached
 <unfinished ...>
[pid  3742] <... futex resumed>)        = 0
[pid  3741] <... clone resumed>, parent_tid=[3743], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3743
[pid  3743] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3743] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3742] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3741] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3743] <... futex resumed>)        = 0
[pid  3741] <... futex resumed>)        = 1
[pid  3743] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3743] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3743] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3741] exit_group(0)               = ?
[pid  3743] <... futex resumed>)        = ?
[pid  3742] <... futex resumed>)        = ?
[pid  3743] +++ exited with 0 +++
[pid  3742] +++ exited with 0 +++
[pid  3741] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3741, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./36/binderfs")                 = 0
[   83.376790][ T3742] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   83.384783][ T3742] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   83.392749][ T3742] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   83.400712][ T3742] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   83.408687][ T3742]  </TASK>
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./36/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./36")                           = 0
mkdir("./37", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3744
./strace-static-x86_64: Process 3744 attached
[pid  3744] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3744] chdir("./37")               = 0
[pid  3744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3744] setpgid(0, 0)               = 0
[pid  3744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3744] write(3, "1000", 4)         = 4
[pid  3744] close(3)                    = 0
[pid  3744] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3744] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3744] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3744] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3745 attached
, parent_tid=[3745], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3745
[pid  3744] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3744] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3745] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3745] memfd_create("syzkaller", 0) = 3
[pid  3745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3745] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3745] munmap(0x7fc87e392000, 16777216) = 0
[pid  3745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3745] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3745] close(3)                    = 0
[pid  3745] mkdir("./file0", 0777)      = 0
[   83.730790][ T3745] loop0: detected capacity change from 0 to 32768
[   83.741732][ T3745] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   83.749903][ T3745] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   83.759461][ T3745] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   83.768470][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   83.775602][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3745] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3745] chdir("./file0")            = 0
[pid  3745] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3745] close(4)                    = 0
[pid  3745] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3744] <... futex resumed>)        = 0
[pid  3745] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3744] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3745] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3744] <... futex resumed>)        = 0
[pid  3745] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3744] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3745] <... futex resumed>)        = 0
[pid  3744] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3745] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3744] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   83.816279][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[   83.823817][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[   83.829068][ T3745] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   83.855517][ T3745] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3744] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3744] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3744] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3744] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3746], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3746
[pid  3744] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3746 attached
[pid  3746] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3746] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[   83.864078][ T3745] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   83.864078][ T3745]   inode = 12 2341
[   83.864078][ T3745]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   83.882930][ T3745] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   83.892009][ T3745] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3745 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   83.902052][ T3745] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3746] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   83.910548][ T3745] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   83.918267][ T3745] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   83.927447][ T3745] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   83.934154][ T3745] gfs2: fsid=syz:syz.0: File system withdrawn
[   83.940331][ T3745] CPU: 1 PID: 3745 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   83.950753][ T3745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   83.961004][ T3745] Call Trace:
[   83.964297][ T3745]  <TASK>
[   83.967221][ T3745]  dump_stack_lvl+0x1b1/0x28e
[   83.971908][ T3745]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   83.977463][ T3745]  ? panic+0x710/0x710
[   83.981553][ T3745]  ? kobject_uevent_env+0x46b/0x8e0
[   83.986761][ T3745]  ? do_raw_spin_unlock+0x134/0x8a0
[   83.993607][ T3745]  gfs2_withdraw+0xf33/0x1540
[   83.998286][ T3745]  ? gfs2_lm+0x220/0x220
[   84.002520][ T3745]  ? gfs2_dirent_scan+0xb6/0x650
[   84.007462][ T3745]  ? panic+0x710/0x710
[   84.011545][ T3745]  ? gfs2_permission+0x2ff/0x430
[pid  3746] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3744] exit_group(0 <unfinished ...>
[pid  3746] <... futex resumed>)        = ?
[pid  3744] <... exit_group resumed>)   = ?
[pid  3746] +++ exited with 0 +++
[   84.016505][ T3745]  ? gfs2_consist_inode_i+0xf3/0x110
[   84.021796][ T3745]  gfs2_dirent_scan+0x535/0x650
[   84.026643][ T3745]  ? gfs2_dirent_search+0xb10/0xb10
[   84.031949][ T3745]  gfs2_dirent_search+0x2ea/0xb10
[   84.037001][ T3745]  ? gfs2_dirent_search+0xb10/0xb10
[   84.042409][ T3745]  ? gfs2_dir_search+0x2a0/0x2a0
[   84.047370][ T3745]  ? gfs2_permission+0x3bf/0x430
[   84.052328][ T3745]  gfs2_dir_search+0x8c/0x2a0
[   84.057012][ T3745]  ? do_filldir_main+0x530/0x530
[   84.061963][ T3745]  ? inode_go_held+0xe4/0x1f0
[   84.066647][ T3745]  ? gfs2_glock_wait+0x213/0x2a0
[   84.071597][ T3745]  gfs2_lookupi+0x465/0x650
[   84.076097][ T3745]  ? gfs2_lookup_simple+0x170/0x170
[   84.081287][ T3745]  ? __gfs2_lookup+0x8c/0x260
[   84.085978][ T3745]  __gfs2_lookup+0x8c/0x260
[   84.090489][ T3745]  ? gfs2_atomic_open+0x230/0x230
[   84.095694][ T3745]  ? __d_lookup+0x6a4/0x770
[   84.100201][ T3745]  ? d_hash_and_lookup+0x1c0/0x1c0
[   84.105319][ T3745]  gfs2_atomic_open+0xa4/0x230
[   84.110103][ T3745]  path_openat+0xf39/0x2df0
[   84.114615][ T3745]  ? gfs2_rename2+0x3000/0x3000
[   84.119471][ T3745]  ? do_filp_open+0x4f0/0x4f0
[   84.124148][ T3745]  do_filp_open+0x264/0x4f0
[   84.128655][ T3745]  ? vfs_tmpfile+0x490/0x490
[   84.133255][ T3745]  ? do_raw_spin_unlock+0x134/0x8a0
[   84.138463][ T3745]  ? _raw_spin_unlock+0x24/0x40
[   84.143331][ T3745]  ? alloc_fd+0x5a7/0x640
[   84.147657][ T3745]  do_sys_openat2+0x124/0x4e0
[   84.152364][ T3745]  ? print_irqtrace_events+0x220/0x220
[   84.157827][ T3745]  ? ptrace_stop+0x74d/0x970
[   84.162432][ T3745]  ? do_sys_open+0x220/0x220
[   84.167018][ T3745]  ? lockdep_hardirqs_on+0x8d/0x130
[   84.172214][ T3745]  ? _raw_spin_unlock_irq+0x2a/0x40
[   84.177498][ T3745]  ? ptrace_notify+0x245/0x340
[   84.182255][ T3745]  __x64_sys_openat+0x243/0x290
[   84.187102][ T3745]  ? __ia32_sys_open+0x270/0x270
[   84.192044][ T3745]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   84.198038][ T3745]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   84.204012][ T3745]  do_syscall_64+0x3d/0xb0
[   84.208423][ T3745]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   84.214317][ T3745] RIP: 0033:0x7fc8868064d9
[   84.218743][ T3745] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   84.238343][ T3745] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   84.246748][ T3745] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   84.254715][ T3745] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3745] <... openat resumed>)       = ?
[pid  3745] +++ exited with 0 +++
[pid  3744] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3744, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./37/binderfs")                 = 0
[   84.262770][ T3745] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   84.270749][ T3745] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   84.278728][ T3745] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   84.286701][ T3745]  </TASK>
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./37/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./37")                           = 0
mkdir("./38", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3747
./strace-static-x86_64: Process 3747 attached
[pid  3747] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3747] chdir("./38")               = 0
[pid  3747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3747] setpgid(0, 0)               = 0
[pid  3747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3747] write(3, "1000", 4)         = 4
[pid  3747] close(3)                    = 0
[pid  3747] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3747] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3747] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3747] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3748], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3748
[pid  3747] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3747] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3748 attached
 <unfinished ...>
[pid  3748] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3748] memfd_create("syzkaller", 0) = 3
[pid  3748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3748] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3748] munmap(0x7fc87e392000, 16777216) = 0
[pid  3748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3748] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3748] close(3)                    = 0
[pid  3748] mkdir("./file0", 0777)      = 0
[   84.608388][ T3748] loop0: detected capacity change from 0 to 32768
[   84.618834][ T3748] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   84.627607][ T3748] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   84.636921][ T3748] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   84.645572][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   84.652428][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3748] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3748] chdir("./file0")            = 0
[pid  3748] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3748] close(4)                    = 0
[pid  3748] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3747] <... futex resumed>)        = 0
[pid  3747] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3747] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3748] <... futex resumed>)        = 1
[pid  3748] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3748] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3747] <... futex resumed>)        = 0
[pid  3747] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3747] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3748] <... futex resumed>)        = 1
[   84.687853][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   84.695431][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   84.700737][ T3748] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   84.715314][ T3748] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   84.723864][ T3748] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   84.723864][ T3748]   inode = 12 2341
[pid  3748] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3747] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3747] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   84.723864][ T3748]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   84.742704][ T3748] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   84.752037][ T3748] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3748 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   84.762235][ T3748] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   84.770839][ T3748] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   84.778128][ T3748] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3747] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3747] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3749], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3749
[pid  3747] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3749 attached
[pid  3749] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3749] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3749] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   84.787053][ T3748] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   84.793694][ T3748] gfs2: fsid=syz:syz.0: File system withdrawn
[   84.799801][ T3748] CPU: 0 PID: 3748 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   84.810209][ T3748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   84.820263][ T3748] Call Trace:
[   84.823635][ T3748]  <TASK>
[   84.826570][ T3748]  dump_stack_lvl+0x1b1/0x28e
[   84.831351][ T3748]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   84.836805][ T3748]  ? panic+0x710/0x710
[   84.840878][ T3748]  ? kobject_uevent_env+0x46b/0x8e0
[   84.846082][ T3748]  ? do_raw_spin_unlock+0x134/0x8a0
[   84.851280][ T3748]  gfs2_withdraw+0xf33/0x1540
[   84.855958][ T3748]  ? gfs2_lm+0x220/0x220
[   84.860196][ T3748]  ? gfs2_dirent_scan+0xb6/0x650
[   84.865127][ T3748]  ? panic+0x710/0x710
[   84.869192][ T3748]  ? gfs2_permission+0x2ff/0x430
[   84.874140][ T3748]  ? gfs2_consist_inode_i+0xf3/0x110
[   84.879418][ T3748]  gfs2_dirent_scan+0x535/0x650
[   84.884275][ T3748]  ? gfs2_dirent_search+0xb10/0xb10
[   84.889467][ T3748]  gfs2_dirent_search+0x2ea/0xb10
[   84.894498][ T3748]  ? gfs2_dirent_search+0xb10/0xb10
[   84.899707][ T3748]  ? gfs2_dir_search+0x2a0/0x2a0
[   84.904639][ T3748]  ? gfs2_permission+0x3bf/0x430
[   84.909579][ T3748]  gfs2_dir_search+0x8c/0x2a0
[   84.914257][ T3748]  ? do_filldir_main+0x530/0x530
[   84.919193][ T3748]  ? inode_go_held+0xe4/0x1f0
[   84.923871][ T3748]  ? gfs2_glock_wait+0x213/0x2a0
[   84.928801][ T3748]  gfs2_lookupi+0x465/0x650
[   84.933309][ T3748]  ? gfs2_lookup_simple+0x170/0x170
[   84.938504][ T3748]  ? __gfs2_lookup+0x8c/0x260
[   84.943200][ T3748]  __gfs2_lookup+0x8c/0x260
[   84.949352][ T3748]  ? gfs2_atomic_open+0x230/0x230
[   84.954374][ T3748]  ? __d_lookup+0x6a4/0x770
[   84.958869][ T3748]  ? d_hash_and_lookup+0x1c0/0x1c0
[   84.963978][ T3748]  gfs2_atomic_open+0xa4/0x230
[   84.968747][ T3748]  path_openat+0xf39/0x2df0
[   84.973249][ T3748]  ? gfs2_rename2+0x3000/0x3000
[   84.978124][ T3748]  ? do_filp_open+0x4f0/0x4f0
[   84.982807][ T3748]  do_filp_open+0x264/0x4f0
[   84.987318][ T3748]  ? vfs_tmpfile+0x490/0x490
[   84.991908][ T3748]  ? do_raw_spin_unlock+0x134/0x8a0
[   84.997102][ T3748]  ? _raw_spin_unlock+0x24/0x40
[   85.001944][ T3748]  ? alloc_fd+0x5a7/0x640
[   85.006278][ T3748]  do_sys_openat2+0x124/0x4e0
[   85.010965][ T3748]  ? print_irqtrace_events+0x220/0x220
[   85.016418][ T3748]  ? ptrace_stop+0x74d/0x970
[   85.021003][ T3748]  ? do_sys_open+0x220/0x220
[   85.025588][ T3748]  ? lockdep_hardirqs_on+0x8d/0x130
[   85.030779][ T3748]  ? _raw_spin_unlock_irq+0x2a/0x40
[   85.035976][ T3748]  ? ptrace_notify+0x245/0x340
[   85.040753][ T3748]  __x64_sys_openat+0x243/0x290
[   85.045599][ T3748]  ? __ia32_sys_open+0x270/0x270
[   85.050531][ T3748]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   85.056507][ T3748]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   85.062483][ T3748]  do_syscall_64+0x3d/0xb0
[   85.066890][ T3748]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.072771][ T3748] RIP: 0033:0x7fc8868064d9
[   85.077183][ T3748] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   85.096779][ T3748] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   85.105185][ T3748] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   85.113167][ T3748] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   85.121128][ T3748] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   85.129090][ T3748] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3749] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3748] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3748] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3748] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3747] exit_group(0 <unfinished ...>
[pid  3748] <... futex resumed>)        = ?
[pid  3747] <... exit_group resumed>)   = ?
[pid  3748] +++ exited with 0 +++
[pid  3749] <... futex resumed>)        = ?
[pid  3749] +++ exited with 0 +++
[pid  3747] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3747, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./38/binderfs")                 = 0
[   85.137067][ T3748] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   85.145041][ T3748]  </TASK>
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./38/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./38")                           = 0
mkdir("./39", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3750
./strace-static-x86_64: Process 3750 attached
[pid  3750] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3750] chdir("./39")               = 0
[pid  3750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3750] setpgid(0, 0)               = 0
[pid  3750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3750] write(3, "1000", 4)         = 4
[pid  3750] close(3)                    = 0
[pid  3750] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3750] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3750] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3750] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3751], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3751
./strace-static-x86_64: Process 3751 attached
[pid  3750] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3750] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3751] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3751] memfd_create("syzkaller", 0) = 3
[pid  3751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3751] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3751] munmap(0x7fc87e392000, 16777216) = 0
[pid  3751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3751] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3751] close(3)                    = 0
[pid  3751] mkdir("./file0", 0777)      = 0
[   85.440584][ T3751] loop0: detected capacity change from 0 to 32768
[   85.452071][ T3751] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   85.460392][ T3751] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   85.469299][ T3751] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   85.478378][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   85.485207][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3751] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3751] chdir("./file0")            = 0
[pid  3751] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3751] close(4)                    = 0
[pid  3751] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3750] <... futex resumed>)        = 0
[pid  3750] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3750] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3751] <... futex resumed>)        = 1
[pid  3751] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3751] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3750] <... futex resumed>)        = 0
[pid  3750] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3750] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3751] <... futex resumed>)        = 1
[   85.526813][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 41ms
[   85.535049][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   85.540521][ T3751] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   85.563199][ T3751] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3751] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3750] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   85.571922][ T3751] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   85.571922][ T3751]   inode = 12 2341
[   85.571922][ T3751]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   85.591544][ T3751] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   85.601971][ T3751] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3751 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   85.612719][ T3751] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3750] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3750] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3750] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3752], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3752
[pid  3750] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3752 attached
[pid  3752] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3752] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3752] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   85.621707][ T3751] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   85.629302][ T3751] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   85.638693][ T3751] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   85.645509][ T3751] gfs2: fsid=syz:syz.0: File system withdrawn
[   85.652009][ T3751] CPU: 0 PID: 3751 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   85.662473][ T3751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   85.672550][ T3751] Call Trace:
[   85.675825][ T3751]  <TASK>
[   85.678786][ T3751]  dump_stack_lvl+0x1b1/0x28e
[   85.683461][ T3751]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   85.688933][ T3751]  ? panic+0x710/0x710
[   85.693008][ T3751]  ? kobject_uevent_env+0x46b/0x8e0
[   85.698219][ T3751]  ? do_raw_spin_unlock+0x134/0x8a0
[   85.703504][ T3751]  gfs2_withdraw+0xf33/0x1540
[   85.708184][ T3751]  ? gfs2_lm+0x220/0x220
[   85.712421][ T3751]  ? gfs2_dirent_scan+0xb6/0x650
[   85.717356][ T3751]  ? panic+0x710/0x710
[   85.721417][ T3751]  ? gfs2_permission+0x2ff/0x430
[   85.726388][ T3751]  ? gfs2_consist_inode_i+0xf3/0x110
[   85.731668][ T3751]  gfs2_dirent_scan+0x535/0x650
[   85.736522][ T3751]  ? gfs2_dirent_search+0xb10/0xb10
[   85.741719][ T3751]  gfs2_dirent_search+0x2ea/0xb10
[   85.746742][ T3751]  ? gfs2_dirent_search+0xb10/0xb10
[   85.751936][ T3751]  ? gfs2_dir_search+0x2a0/0x2a0
[   85.756863][ T3751]  ? gfs2_permission+0x3bf/0x430
[   85.761798][ T3751]  gfs2_dir_search+0x8c/0x2a0
[   85.766482][ T3751]  ? do_filldir_main+0x530/0x530
[   85.771412][ T3751]  ? inode_go_held+0xe4/0x1f0
[   85.776086][ T3751]  ? gfs2_glock_wait+0x213/0x2a0
[   85.781024][ T3751]  gfs2_lookupi+0x465/0x650
[   85.785528][ T3751]  ? gfs2_lookup_simple+0x170/0x170
[   85.790734][ T3751]  ? __gfs2_lookup+0x8c/0x260
[   85.795523][ T3751]  __gfs2_lookup+0x8c/0x260
[   85.800041][ T3751]  ? gfs2_atomic_open+0x230/0x230
[   85.805082][ T3751]  ? __d_lookup+0x6a4/0x770
[   85.809584][ T3751]  ? d_hash_and_lookup+0x1c0/0x1c0
[   85.814781][ T3751]  gfs2_atomic_open+0xa4/0x230
[   85.819543][ T3751]  path_openat+0xf39/0x2df0
[   85.824045][ T3751]  ? gfs2_rename2+0x3000/0x3000
[   85.828906][ T3751]  ? do_filp_open+0x4f0/0x4f0
[   85.833588][ T3751]  do_filp_open+0x264/0x4f0
[   85.838084][ T3751]  ? vfs_tmpfile+0x490/0x490
[   85.842701][ T3751]  ? do_raw_spin_unlock+0x134/0x8a0
[   85.847894][ T3751]  ? _raw_spin_unlock+0x24/0x40
[   85.852740][ T3751]  ? alloc_fd+0x5a7/0x640
[   85.857090][ T3751]  do_sys_openat2+0x124/0x4e0
[   85.861764][ T3751]  ? print_irqtrace_events+0x220/0x220
[   85.867212][ T3751]  ? ptrace_stop+0x74d/0x970
[   85.871792][ T3751]  ? do_sys_open+0x220/0x220
[   85.876378][ T3751]  ? lockdep_hardirqs_on+0x8d/0x130
[   85.881567][ T3751]  ? _raw_spin_unlock_irq+0x2a/0x40
[   85.886763][ T3751]  ? ptrace_notify+0x245/0x340
[   85.891536][ T3751]  __x64_sys_openat+0x243/0x290
[   85.896383][ T3751]  ? __ia32_sys_open+0x270/0x270
[   85.901314][ T3751]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   85.907287][ T3751]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   85.913259][ T3751]  do_syscall_64+0x3d/0xb0
[   85.917685][ T3751]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   85.923581][ T3751] RIP: 0033:0x7fc8868064d9
[   85.928010][ T3751] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   85.947620][ T3751] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   85.956042][ T3751] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   85.964011][ T3751] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3752] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3751] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3751] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3750] exit_group(0 <unfinished ...>
[pid  3752] <... futex resumed>)        = ?
[pid  3751] <... futex resumed>)        = ?
[pid  3750] <... exit_group resumed>)   = ?
[pid  3752] +++ exited with 0 +++
[pid  3751] +++ exited with 0 +++
[pid  3750] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3750, si_uid=0, si_status=0, si_utime=0, si_stime=27} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./39/binderfs")                 = 0
[   85.971971][ T3751] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   85.979930][ T3751] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   85.987889][ T3751] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   85.995867][ T3751]  </TASK>
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./39/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./39")                           = 0
mkdir("./40", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3753
./strace-static-x86_64: Process 3753 attached
[pid  3753] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3753] chdir("./40")               = 0
[pid  3753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3753] setpgid(0, 0)               = 0
[pid  3753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3753] write(3, "1000", 4)         = 4
[pid  3753] close(3)                    = 0
[pid  3753] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3753] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3753] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3753] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3754], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3754
./strace-static-x86_64: Process 3754 attached
[pid  3753] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3753] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3754] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3754] memfd_create("syzkaller", 0) = 3
[pid  3754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3754] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3754] munmap(0x7fc87e392000, 16777216) = 0
[pid  3754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3754] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3754] close(3)                    = 0
[pid  3754] mkdir("./file0", 0777)      = 0
[   86.309470][ T3754] loop0: detected capacity change from 0 to 32768
[   86.321642][ T3754] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   86.329857][ T3754] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   86.339794][ T3754] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   86.348867][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   86.355786][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3754] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3754] chdir("./file0")            = 0
[pid  3754] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3754] close(4)                    = 0
[pid  3754] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3753] <... futex resumed>)        = 0
[pid  3754] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3753] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3754] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3753] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3754] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3753] <... futex resumed>)        = 0
[pid  3753] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3754] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3753] <... futex resumed>)        = 0
[   86.389668][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   86.398473][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   86.403998][ T3754] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   86.445066][ T3754] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   86.453978][ T3754] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   86.453978][ T3754]   inode = 12 2341
[   86.453978][ T3754]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   86.473247][ T3754] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   86.482349][ T3754] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3754 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3753] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3753] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3753] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3753] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3755], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3755
[pid  3753] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3755 attached
[pid  3755] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3755] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3755] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   86.492396][ T3754] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   86.500862][ T3754] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   86.508139][ T3754] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   86.517028][ T3754] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   86.523653][ T3754] gfs2: fsid=syz:syz.0: File system withdrawn
[   86.529753][ T3754] CPU: 0 PID: 3754 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   86.540183][ T3754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   86.550263][ T3754] Call Trace:
[   86.553554][ T3754]  <TASK>
[   86.556485][ T3754]  dump_stack_lvl+0x1b1/0x28e
[   86.561162][ T3754]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   86.566611][ T3754]  ? panic+0x710/0x710
[   86.570673][ T3754]  ? kobject_uevent_env+0x46b/0x8e0
[   86.575863][ T3754]  ? do_raw_spin_unlock+0x134/0x8a0
[   86.581083][ T3754]  gfs2_withdraw+0xf33/0x1540
[   86.585784][ T3754]  ? gfs2_lm+0x220/0x220
[   86.590015][ T3754]  ? gfs2_dirent_scan+0xb6/0x650
[   86.594945][ T3754]  ? panic+0x710/0x710
[   86.599005][ T3754]  ? gfs2_permission+0x2ff/0x430
[   86.603943][ T3754]  ? gfs2_consist_inode_i+0xf3/0x110
[   86.609240][ T3754]  gfs2_dirent_scan+0x535/0x650
[   86.614107][ T3754]  ? gfs2_dirent_search+0xb10/0xb10
[   86.619326][ T3754]  gfs2_dirent_search+0x2ea/0xb10
[   86.624451][ T3754]  ? gfs2_dirent_search+0xb10/0xb10
[   86.629650][ T3754]  ? gfs2_dir_search+0x2a0/0x2a0
[   86.634594][ T3754]  ? gfs2_permission+0x3bf/0x430
[   86.639547][ T3754]  gfs2_dir_search+0x8c/0x2a0
[pid  3755] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3753] exit_group(0 <unfinished ...>
[pid  3755] <... futex resumed>)        = ?
[pid  3753] <... exit_group resumed>)   = ?
[pid  3755] +++ exited with 0 +++
[   86.644235][ T3754]  ? do_filldir_main+0x530/0x530
[   86.649284][ T3754]  ? inode_go_held+0xe4/0x1f0
[   86.654061][ T3754]  ? gfs2_glock_wait+0x213/0x2a0
[   86.659001][ T3754]  gfs2_lookupi+0x465/0x650
[   86.663515][ T3754]  ? gfs2_lookup_simple+0x170/0x170
[   86.668709][ T3754]  ? __gfs2_lookup+0x8c/0x260
[   86.673391][ T3754]  __gfs2_lookup+0x8c/0x260
[   86.677891][ T3754]  ? gfs2_atomic_open+0x230/0x230
[   86.682944][ T3754]  ? __d_lookup+0x6a4/0x770
[   86.687443][ T3754]  ? d_hash_and_lookup+0x1c0/0x1c0
[   86.692545][ T3754]  gfs2_atomic_open+0xa4/0x230
[   86.697315][ T3754]  path_openat+0xf39/0x2df0
[   86.701832][ T3754]  ? gfs2_rename2+0x3000/0x3000
[   86.706717][ T3754]  ? do_filp_open+0x4f0/0x4f0
[   86.711426][ T3754]  do_filp_open+0x264/0x4f0
[   86.715922][ T3754]  ? vfs_tmpfile+0x490/0x490
[   86.720528][ T3754]  ? do_raw_spin_unlock+0x134/0x8a0
[   86.725724][ T3754]  ? _raw_spin_unlock+0x24/0x40
[   86.730571][ T3754]  ? alloc_fd+0x5a7/0x640
[   86.734992][ T3754]  do_sys_openat2+0x124/0x4e0
[   86.739682][ T3754]  ? print_irqtrace_events+0x220/0x220
[   86.745140][ T3754]  ? ptrace_stop+0x74d/0x970
[   86.749735][ T3754]  ? do_sys_open+0x220/0x220
[   86.754332][ T3754]  ? lockdep_hardirqs_on+0x8d/0x130
[   86.759519][ T3754]  ? _raw_spin_unlock_irq+0x2a/0x40
[   86.764724][ T3754]  ? ptrace_notify+0x245/0x340
[   86.769494][ T3754]  __x64_sys_openat+0x243/0x290
[   86.774355][ T3754]  ? __ia32_sys_open+0x270/0x270
[   86.779302][ T3754]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   86.785283][ T3754]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   86.791273][ T3754]  do_syscall_64+0x3d/0xb0
[   86.795680][ T3754]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   86.801568][ T3754] RIP: 0033:0x7fc8868064d9
[   86.805977][ T3754] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   86.825608][ T3754] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   86.834046][ T3754] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3754] <... openat resumed>)       = ?
[pid  3754] +++ exited with 0 +++
[pid  3753] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3753, si_uid=0, si_status=0, si_utime=4, si_stime=24} ---
umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./40/binderfs")                 = 0
[   86.842115][ T3754] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   86.850100][ T3754] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   86.858071][ T3754] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   86.866037][ T3754] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   86.874036][ T3754]  </TASK>
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./40/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./40")                           = 0
mkdir("./41", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3756
./strace-static-x86_64: Process 3756 attached
[pid  3756] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3756] chdir("./41")               = 0
[pid  3756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3756] setpgid(0, 0)               = 0
[pid  3756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3756] write(3, "1000", 4)         = 4
[pid  3756] close(3)                    = 0
[pid  3756] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3756] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3756] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3756] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3757], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3757
[pid  3756] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 3757 attached
) = 0
[pid  3757] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3756] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3757] <... set_robust_list resumed>) = 0
[pid  3757] memfd_create("syzkaller", 0) = 3
[pid  3757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3757] munmap(0x7fc87e392000, 16777216) = 0
[pid  3757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3757] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3757] close(3)                    = 0
[pid  3757] mkdir("./file0", 0777)      = 0
[   87.169387][ T3757] loop0: detected capacity change from 0 to 32768
[   87.179987][ T3757] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   87.188254][ T3757] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   87.198073][ T3757] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   87.206928][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   87.213830][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3757] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3757] chdir("./file0")            = 0
[pid  3757] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3757] close(4)                    = 0
[pid  3757] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3756] <... futex resumed>)        = 0
[pid  3756] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3756] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3757] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3757] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3756] <... futex resumed>)        = 0
[pid  3756] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3756] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   87.253132][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   87.260666][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   87.265885][ T3757] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   87.288796][ T3757] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3757] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3756] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3756] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3756] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3756] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3758], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3758
[pid  3756] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3758 attached
[pid  3758] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3758] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3758] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   87.297964][ T3757] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   87.297964][ T3757]   inode = 12 2341
[   87.297964][ T3757]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   87.317089][ T3757] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   87.326556][ T3757] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3757 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   87.336830][ T3757] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   87.345895][ T3757] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   87.353551][ T3757] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   87.362495][ T3757] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   87.369040][ T3757] gfs2: fsid=syz:syz.0: File system withdrawn
[   87.375229][ T3757] CPU: 0 PID: 3757 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   87.385647][ T3757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   87.395694][ T3757] Call Trace:
[   87.398965][ T3757]  <TASK>
[   87.401892][ T3757]  dump_stack_lvl+0x1b1/0x28e
[   87.406564][ T3757]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   87.412020][ T3757]  ? panic+0x710/0x710
[   87.416436][ T3757]  ? kobject_uevent_env+0x46b/0x8e0
[   87.421620][ T3757]  ? do_raw_spin_unlock+0x134/0x8a0
[   87.426825][ T3757]  gfs2_withdraw+0xf33/0x1540
[   87.431529][ T3757]  ? gfs2_lm+0x220/0x220
[   87.435759][ T3757]  ? gfs2_dirent_scan+0xb6/0x650
[   87.440682][ T3757]  ? panic+0x710/0x710
[   87.444735][ T3757]  ? gfs2_permission+0x2ff/0x430
[   87.449697][ T3757]  ? gfs2_consist_inode_i+0xf3/0x110
[   87.454984][ T3757]  gfs2_dirent_scan+0x535/0x650
[   87.459845][ T3757]  ? gfs2_dirent_search+0xb10/0xb10
[   87.465131][ T3757]  gfs2_dirent_search+0x2ea/0xb10
[   87.470159][ T3757]  ? gfs2_dirent_search+0xb10/0xb10
[   87.475347][ T3757]  ? gfs2_dir_search+0x2a0/0x2a0
[   87.480280][ T3757]  ? gfs2_permission+0x3bf/0x430
[   87.485477][ T3757]  gfs2_dir_search+0x8c/0x2a0
[   87.490149][ T3757]  ? do_filldir_main+0x530/0x530
[   87.495077][ T3757]  ? inode_go_held+0xe4/0x1f0
[   87.499749][ T3757]  ? gfs2_glock_wait+0x213/0x2a0
[   87.504673][ T3757]  gfs2_lookupi+0x465/0x650
[   87.509169][ T3757]  ? gfs2_lookup_simple+0x170/0x170
[   87.514356][ T3757]  ? __gfs2_lookup+0x8c/0x260
[   87.519119][ T3757]  __gfs2_lookup+0x8c/0x260
[   87.523631][ T3757]  ? gfs2_atomic_open+0x230/0x230
[   87.528658][ T3757]  ? __d_lookup+0x6a4/0x770
[   87.533157][ T3757]  ? d_hash_and_lookup+0x1c0/0x1c0
[   87.538270][ T3757]  gfs2_atomic_open+0xa4/0x230
[   87.543026][ T3757]  path_openat+0xf39/0x2df0
[   87.547540][ T3757]  ? gfs2_rename2+0x3000/0x3000
[pid  3758] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3756] exit_group(0 <unfinished ...>
[pid  3758] <... futex resumed>)        = ?
[pid  3756] <... exit_group resumed>)   = ?
[pid  3758] +++ exited with 0 +++
[   87.552413][ T3757]  ? do_filp_open+0x4f0/0x4f0
[   87.557276][ T3757]  do_filp_open+0x264/0x4f0
[   87.561768][ T3757]  ? vfs_tmpfile+0x490/0x490
[   87.566353][ T3757]  ? do_raw_spin_unlock+0x134/0x8a0
[   87.571555][ T3757]  ? _raw_spin_unlock+0x24/0x40
[   87.576410][ T3757]  ? alloc_fd+0x5a7/0x640
[   87.580743][ T3757]  do_sys_openat2+0x124/0x4e0
[   87.585416][ T3757]  ? print_irqtrace_events+0x220/0x220
[   87.590870][ T3757]  ? ptrace_stop+0x74d/0x970
[   87.595470][ T3757]  ? do_sys_open+0x220/0x220
[   87.600070][ T3757]  ? lockdep_hardirqs_on+0x8d/0x130
[   87.605272][ T3757]  ? _raw_spin_unlock_irq+0x2a/0x40
[   87.610470][ T3757]  ? ptrace_notify+0x245/0x340
[   87.615236][ T3757]  __x64_sys_openat+0x243/0x290
[   87.620087][ T3757]  ? __ia32_sys_open+0x270/0x270
[   87.625028][ T3757]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   87.631014][ T3757]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   87.637003][ T3757]  do_syscall_64+0x3d/0xb0
[   87.641406][ T3757]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   87.647286][ T3757] RIP: 0033:0x7fc8868064d9
[   87.651703][ T3757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   87.671392][ T3757] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   87.679795][ T3757] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   87.687764][ T3757] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   87.695733][ T3757] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3757] <... openat resumed>)       = ?
[pid  3757] +++ exited with 0 +++
[pid  3756] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3756, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./41/binderfs")                 = 0
[   87.703720][ T3757] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   87.711708][ T3757] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   87.719691][ T3757]  </TASK>
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./41/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./41")                           = 0
mkdir("./42", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3759
./strace-static-x86_64: Process 3759 attached
[pid  3759] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3759] chdir("./42")               = 0
[pid  3759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3759] setpgid(0, 0)               = 0
[pid  3759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3759] write(3, "1000", 4)         = 4
[pid  3759] close(3)                    = 0
[pid  3759] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3759] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3759] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3759] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3760 attached
, parent_tid=[3760], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3760
[pid  3760] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3759] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3760] <... set_robust_list resumed>) = 0
[pid  3759] <... futex resumed>)        = 0
[pid  3759] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3760] memfd_create("syzkaller", 0) = 3
[pid  3760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3760] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3760] munmap(0x7fc87e392000, 16777216) = 0
[pid  3760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3760] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3760] close(3)                    = 0
[pid  3760] mkdir("./file0", 0777)      = 0
[   88.014108][ T3760] loop0: detected capacity change from 0 to 32768
[   88.026566][ T3760] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   88.034991][ T3760] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   88.044107][ T3760] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   88.052744][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   88.059519][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3760] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3760] chdir("./file0")            = 0
[pid  3760] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3760] close(4)                    = 0
[pid  3760] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3760] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3759] <... futex resumed>)        = 0
[pid  3759] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3760] <... futex resumed>)        = 0
[pid  3759] <... futex resumed>)        = 1
[pid  3760] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3759] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3760] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3760] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3759] <... futex resumed>)        = 0
[pid  3760] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3759] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3760] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3759] <... futex resumed>)        = 0
[pid  3760] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   88.095182][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   88.102772][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   88.108580][ T3760] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   88.141038][ T3760] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   88.149423][ T3760] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   88.149423][ T3760]   inode = 12 2341
[   88.149423][ T3760]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   88.168294][ T3760] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   88.177803][ T3760] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3760 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3759] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3759] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3759] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3759] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3761], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3761
[pid  3759] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3761 attached
[pid  3761] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3761] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3761] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   88.187894][ T3760] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   88.196675][ T3760] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   88.204564][ T3760] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   88.213635][ T3760] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   88.221421][ T3760] gfs2: fsid=syz:syz.0: File system withdrawn
[   88.227516][ T3760] CPU: 0 PID: 3760 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   88.237930][ T3760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   88.247973][ T3760] Call Trace:
[   88.251246][ T3760]  <TASK>
[   88.254165][ T3760]  dump_stack_lvl+0x1b1/0x28e
[   88.258831][ T3760]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   88.264275][ T3760]  ? panic+0x710/0x710
[   88.268335][ T3760]  ? kobject_uevent_env+0x46b/0x8e0
[   88.273527][ T3760]  ? do_raw_spin_unlock+0x134/0x8a0
[   88.278720][ T3760]  gfs2_withdraw+0xf33/0x1540
[   88.283399][ T3760]  ? gfs2_lm+0x220/0x220
[pid  3761] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3759] exit_group(0 <unfinished ...>
[pid  3761] <... futex resumed>)        = ?
[pid  3759] <... exit_group resumed>)   = ?
[pid  3761] +++ exited with 0 +++
[   88.287626][ T3760]  ? gfs2_dirent_scan+0xb6/0x650
[   88.292550][ T3760]  ? panic+0x710/0x710
[   88.296695][ T3760]  ? gfs2_permission+0x2ff/0x430
[   88.301661][ T3760]  ? gfs2_consist_inode_i+0xf3/0x110
[   88.306951][ T3760]  gfs2_dirent_scan+0x535/0x650
[   88.311807][ T3760]  ? gfs2_dirent_search+0xb10/0xb10
[   88.317010][ T3760]  gfs2_dirent_search+0x2ea/0xb10
[   88.322025][ T3760]  ? gfs2_dirent_search+0xb10/0xb10
[   88.327215][ T3760]  ? gfs2_dir_search+0x2a0/0x2a0
[   88.332139][ T3760]  ? gfs2_permission+0x3bf/0x430
[   88.337091][ T3760]  gfs2_dir_search+0x8c/0x2a0
[   88.341774][ T3760]  ? do_filldir_main+0x530/0x530
[   88.346698][ T3760]  ? inode_go_held+0xe4/0x1f0
[   88.351364][ T3760]  ? gfs2_glock_wait+0x213/0x2a0
[   88.356286][ T3760]  gfs2_lookupi+0x465/0x650
[   88.360777][ T3760]  ? gfs2_lookup_simple+0x170/0x170
[   88.365971][ T3760]  ? __gfs2_lookup+0x8c/0x260
[   88.370644][ T3760]  __gfs2_lookup+0x8c/0x260
[   88.375162][ T3760]  ? gfs2_atomic_open+0x230/0x230
[   88.380189][ T3760]  ? __d_lookup+0x6a4/0x770
[   88.384692][ T3760]  ? d_hash_and_lookup+0x1c0/0x1c0
[   88.389797][ T3760]  gfs2_atomic_open+0xa4/0x230
[   88.394564][ T3760]  path_openat+0xf39/0x2df0
[   88.399074][ T3760]  ? gfs2_rename2+0x3000/0x3000
[   88.403921][ T3760]  ? do_filp_open+0x4f0/0x4f0
[   88.408615][ T3760]  do_filp_open+0x264/0x4f0
[   88.413120][ T3760]  ? vfs_tmpfile+0x490/0x490
[   88.417701][ T3760]  ? do_raw_spin_unlock+0x134/0x8a0
[   88.422910][ T3760]  ? _raw_spin_unlock+0x24/0x40
[   88.427768][ T3760]  ? alloc_fd+0x5a7/0x640
[   88.432093][ T3760]  do_sys_openat2+0x124/0x4e0
[   88.436759][ T3760]  ? print_irqtrace_events+0x220/0x220
[   88.442200][ T3760]  ? ptrace_stop+0x74d/0x970
[   88.446785][ T3760]  ? do_sys_open+0x220/0x220
[   88.451379][ T3760]  ? lockdep_hardirqs_on+0x8d/0x130
[   88.456574][ T3760]  ? _raw_spin_unlock_irq+0x2a/0x40
[   88.461781][ T3760]  ? ptrace_notify+0x245/0x340
[   88.466532][ T3760]  __x64_sys_openat+0x243/0x290
[   88.471377][ T3760]  ? __ia32_sys_open+0x270/0x270
[   88.476307][ T3760]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   88.482276][ T3760]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   88.488257][ T3760]  do_syscall_64+0x3d/0xb0
[   88.492680][ T3760]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   88.498576][ T3760] RIP: 0033:0x7fc8868064d9
[   88.502976][ T3760] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   88.522584][ T3760] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   88.531019][ T3760] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3760] <... openat resumed>)       = ?
[pid  3760] +++ exited with 0 +++
[pid  3759] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3759, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./42/binderfs")                 = 0
[   88.539003][ T3760] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   88.546976][ T3760] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   88.554957][ T3760] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   88.562916][ T3760] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   88.570906][ T3760]  </TASK>
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./42/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./42")                           = 0
mkdir("./43", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3762
./strace-static-x86_64: Process 3762 attached
[pid  3762] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3762] chdir("./43")               = 0
[pid  3762] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3762] setpgid(0, 0)               = 0
[pid  3762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3762] write(3, "1000", 4)         = 4
[pid  3762] close(3)                    = 0
[pid  3762] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3762] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3762] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3762] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3763 attached
, parent_tid=[3763], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3763
[pid  3763] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3763] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3762] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3763] <... futex resumed>)        = 0
[pid  3762] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3763] memfd_create("syzkaller", 0) = 3
[pid  3763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3763] munmap(0x7fc87e392000, 16777216) = 0
[pid  3763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3763] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3763] close(3)                    = 0
[pid  3763] mkdir("./file0", 0777)      = 0
[   88.881270][ T3763] loop0: detected capacity change from 0 to 32768
[   88.891527][ T3763] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   88.899719][ T3763] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   88.908912][ T3763] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   88.918065][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   88.925075][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3763] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3763] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3763] chdir("./file0")            = 0
[pid  3763] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3763] close(4)                    = 0
[pid  3763] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3762] <... futex resumed>)        = 0
[pid  3762] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3762] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3763] <... futex resumed>)        = 1
[pid  3763] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3763] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3762] <... futex resumed>)        = 0
[pid  3762] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3762] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3763] <... futex resumed>)        = 1
[   88.962436][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[   88.970028][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   88.976229][ T3763] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   88.992055][ T3763] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   89.000798][ T3763] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   89.000798][ T3763]   inode = 12 2341
[pid  3763] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3762] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3762] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   89.000798][ T3763]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   89.023897][ T3763] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   89.033351][ T3763] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3763 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   89.043736][ T3763] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   89.052998][ T3763] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3762] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3762] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3764], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3764
[pid  3762] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3764 attached
[   89.060554][ T3763] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   89.069845][ T3763] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   89.077060][ T3763] gfs2: fsid=syz:syz.0: File system withdrawn
[   89.083767][ T3763] CPU: 0 PID: 3763 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   89.094253][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   89.104319][ T3763] Call Trace:
[   89.107589][ T3763]  <TASK>
[   89.110514][ T3763]  dump_stack_lvl+0x1b1/0x28e
[   89.115211][ T3763]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   89.120679][ T3763]  ? panic+0x710/0x710
[   89.124740][ T3763]  ? kobject_uevent_env+0x46b/0x8e0
[   89.129936][ T3763]  ? do_raw_spin_unlock+0x134/0x8a0
[   89.135156][ T3763]  gfs2_withdraw+0xf33/0x1540
[   89.139870][ T3763]  ? gfs2_lm+0x220/0x220
[   89.144124][ T3763]  ? gfs2_dirent_scan+0xb6/0x650
[   89.149068][ T3763]  ? panic+0x710/0x710
[   89.153144][ T3763]  ? gfs2_permission+0x2ff/0x430
[   89.158089][ T3763]  ? gfs2_consist_inode_i+0xf3/0x110
[   89.163385][ T3763]  gfs2_dirent_scan+0x535/0x650
[   89.168243][ T3763]  ? gfs2_dirent_search+0xb10/0xb10
[   89.173468][ T3763]  gfs2_dirent_search+0x2ea/0xb10
[   89.178518][ T3763]  ? gfs2_dirent_search+0xb10/0xb10
[   89.183830][ T3763]  ? gfs2_dir_search+0x2a0/0x2a0
[   89.188868][ T3763]  ? gfs2_permission+0x3bf/0x430
[   89.193812][ T3763]  gfs2_dir_search+0x8c/0x2a0
[   89.198493][ T3763]  ? do_filldir_main+0x530/0x530
[   89.203423][ T3763]  ? inode_go_held+0xe4/0x1f0
[   89.208099][ T3763]  ? gfs2_glock_wait+0x213/0x2a0
[   89.213029][ T3763]  gfs2_lookupi+0x465/0x650
[   89.217531][ T3763]  ? gfs2_lookup_simple+0x170/0x170
[   89.222723][ T3763]  ? __gfs2_lookup+0x8c/0x260
[   89.227398][ T3763]  __gfs2_lookup+0x8c/0x260
[   89.231898][ T3763]  ? gfs2_atomic_open+0x230/0x230
[   89.237003][ T3763]  ? __d_lookup+0x6a4/0x770
[   89.241842][ T3763]  ? d_hash_and_lookup+0x1c0/0x1c0
[   89.246943][ T3763]  gfs2_atomic_open+0xa4/0x230
[   89.251700][ T3763]  path_openat+0xf39/0x2df0
[   89.256200][ T3763]  ? gfs2_rename2+0x3000/0x3000
[   89.261056][ T3763]  ? do_filp_open+0x4f0/0x4f0
[   89.265748][ T3763]  do_filp_open+0x264/0x4f0
[   89.270242][ T3763]  ? vfs_tmpfile+0x490/0x490
[   89.274831][ T3763]  ? do_raw_spin_unlock+0x134/0x8a0
[   89.280026][ T3763]  ? _raw_spin_unlock+0x24/0x40
[   89.284874][ T3763]  ? alloc_fd+0x5a7/0x640
[   89.289206][ T3763]  do_sys_openat2+0x124/0x4e0
[   89.293876][ T3763]  ? print_irqtrace_events+0x220/0x220
[   89.299333][ T3763]  ? ptrace_stop+0x74d/0x970
[   89.303914][ T3763]  ? do_sys_open+0x220/0x220
[   89.308495][ T3763]  ? lockdep_hardirqs_on+0x8d/0x130
[   89.313693][ T3763]  ? _raw_spin_unlock_irq+0x2a/0x40
[   89.318883][ T3763]  ? ptrace_notify+0x245/0x340
[   89.323635][ T3763]  __x64_sys_openat+0x243/0x290
[   89.328487][ T3763]  ? __ia32_sys_open+0x270/0x270
[   89.333417][ T3763]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   89.339391][ T3763]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   89.345362][ T3763]  do_syscall_64+0x3d/0xb0
[   89.349792][ T3763]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   89.355676][ T3763] RIP: 0033:0x7fc8868064d9
[   89.360095][ T3763] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   89.379707][ T3763] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   89.388108][ T3763] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   89.396072][ T3763] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   89.404038][ T3763] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3764] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3764] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3764] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3764] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3763] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3763] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3762] exit_group(0 <unfinished ...>
[pid  3764] <... futex resumed>)        = ?
[pid  3762] <... exit_group resumed>)   = ?
[pid  3764] +++ exited with 0 +++
[pid  3763] +++ exited with 0 +++
[pid  3762] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3762, si_uid=0, si_status=0, si_utime=0, si_stime=32} ---
umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./43/binderfs")                 = 0
[   89.411999][ T3763] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   89.419960][ T3763] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   89.427931][ T3763]  </TASK>
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./43/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./43")                           = 0
mkdir("./44", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3765
./strace-static-x86_64: Process 3765 attached
[pid  3765] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3765] chdir("./44")               = 0
[pid  3765] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3765] setpgid(0, 0)               = 0
[pid  3765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3765] write(3, "1000", 4)         = 4
[pid  3765] close(3)                    = 0
[pid  3765] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3765] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3765] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3765] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3766], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3766
[pid  3765] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3765] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3766 attached
 <unfinished ...>
[pid  3766] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3766] memfd_create("syzkaller", 0) = 3
[pid  3766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3766] munmap(0x7fc87e392000, 16777216) = 0
[pid  3766] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3766] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3766] close(3)                    = 0
[pid  3766] mkdir("./file0", 0777)      = 0
[   89.747976][ T3766] loop0: detected capacity change from 0 to 32768
[   89.759477][ T3766] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   89.768422][ T3766] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   89.778051][ T3766] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   89.786625][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   89.793516][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3766] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3766] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3766] chdir("./file0")            = 0
[pid  3766] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3766] close(4)                    = 0
[pid  3766] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3765] <... futex resumed>)        = 0
[pid  3766] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3765] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3766] <... futex resumed>)        = 0
[pid  3765] <... futex resumed>)        = 1
[pid  3766] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3765] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3766] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3766] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3765] <... futex resumed>)        = 0
[pid  3766] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3765] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3766] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3765] <... futex resumed>)        = 0
[   89.829169][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   89.836730][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   89.842028][ T3766] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3766] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   89.873138][ T3766] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   89.881935][ T3766] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   89.881935][ T3766]   inode = 12 2341
[   89.881935][ T3766]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   89.900990][ T3766] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   89.910066][ T3766] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3766 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3765] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3765] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3765] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3765] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3767], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3767
[pid  3765] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3767 attached
[pid  3767] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3767] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3767] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   89.920546][ T3766] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   89.928964][ T3766] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   89.936284][ T3766] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   89.945132][ T3766] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   89.951765][ T3766] gfs2: fsid=syz:syz.0: File system withdrawn
[   89.957838][ T3766] CPU: 0 PID: 3766 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   89.968250][ T3766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   89.978307][ T3766] Call Trace:
[   89.981577][ T3766]  <TASK>
[   89.984497][ T3766]  dump_stack_lvl+0x1b1/0x28e
[   89.989167][ T3766]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   89.994631][ T3766]  ? panic+0x710/0x710
[   89.998715][ T3766]  ? kobject_uevent_env+0x46b/0x8e0
[   90.004009][ T3766]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.009227][ T3766]  gfs2_withdraw+0xf33/0x1540
[   90.013912][ T3766]  ? gfs2_lm+0x220/0x220
[   90.018142][ T3766]  ? gfs2_dirent_scan+0xb6/0x650
[   90.023080][ T3766]  ? panic+0x710/0x710
[   90.027161][ T3766]  ? gfs2_permission+0x2ff/0x430
[   90.032127][ T3766]  ? gfs2_consist_inode_i+0xf3/0x110
[   90.037413][ T3766]  gfs2_dirent_scan+0x535/0x650
[   90.042267][ T3766]  ? gfs2_dirent_search+0xb10/0xb10
[   90.047455][ T3766]  gfs2_dirent_search+0x2ea/0xb10
[   90.052471][ T3766]  ? gfs2_dirent_search+0xb10/0xb10
[   90.057669][ T3766]  ? gfs2_dir_search+0x2a0/0x2a0
[   90.062600][ T3766]  ? gfs2_permission+0x3bf/0x430
[   90.067569][ T3766]  gfs2_dir_search+0x8c/0x2a0
[pid  3767] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3765] exit_group(0 <unfinished ...>
[pid  3767] <... futex resumed>)        = ?
[pid  3765] <... exit_group resumed>)   = ?
[pid  3767] +++ exited with 0 +++
[   90.072254][ T3766]  ? do_filldir_main+0x530/0x530
[   90.077214][ T3766]  ? inode_go_held+0xe4/0x1f0
[   90.081902][ T3766]  ? gfs2_glock_wait+0x213/0x2a0
[   90.086832][ T3766]  gfs2_lookupi+0x465/0x650
[   90.091330][ T3766]  ? gfs2_lookup_simple+0x170/0x170
[   90.096518][ T3766]  ? __gfs2_lookup+0x8c/0x260
[   90.101198][ T3766]  __gfs2_lookup+0x8c/0x260
[   90.105705][ T3766]  ? gfs2_atomic_open+0x230/0x230
[   90.110738][ T3766]  ? __d_lookup+0x6a4/0x770
[   90.115238][ T3766]  ? d_hash_and_lookup+0x1c0/0x1c0
[   90.120355][ T3766]  gfs2_atomic_open+0xa4/0x230
[   90.125109][ T3766]  path_openat+0xf39/0x2df0
[   90.129602][ T3766]  ? gfs2_rename2+0x3000/0x3000
[   90.134478][ T3766]  ? do_filp_open+0x4f0/0x4f0
[   90.139181][ T3766]  do_filp_open+0x264/0x4f0
[   90.143682][ T3766]  ? vfs_tmpfile+0x490/0x490
[   90.148270][ T3766]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.153472][ T3766]  ? _raw_spin_unlock+0x24/0x40
[   90.158336][ T3766]  ? alloc_fd+0x5a7/0x640
[   90.162701][ T3766]  do_sys_openat2+0x124/0x4e0
[   90.167388][ T3766]  ? print_irqtrace_events+0x220/0x220
[   90.172848][ T3766]  ? ptrace_stop+0x74d/0x970
[   90.177517][ T3766]  ? do_sys_open+0x220/0x220
[   90.182111][ T3766]  ? lockdep_hardirqs_on+0x8d/0x130
[   90.187325][ T3766]  ? _raw_spin_unlock_irq+0x2a/0x40
[   90.192534][ T3766]  ? ptrace_notify+0x245/0x340
[   90.197293][ T3766]  __x64_sys_openat+0x243/0x290
[   90.202137][ T3766]  ? __ia32_sys_open+0x270/0x270
[   90.207064][ T3766]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   90.213034][ T3766]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   90.219016][ T3766]  do_syscall_64+0x3d/0xb0
[   90.223439][ T3766]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   90.229321][ T3766] RIP: 0033:0x7fc8868064d9
[   90.233724][ T3766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   90.253334][ T3766] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   90.261763][ T3766] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3766] <... openat resumed>)       = ?
[pid  3766] +++ exited with 0 +++
[pid  3765] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3765, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./44/binderfs")                 = 0
[   90.269737][ T3766] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   90.277793][ T3766] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   90.285753][ T3766] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   90.293720][ T3766] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   90.301781][ T3766]  </TASK>
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./44/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./44")                           = 0
mkdir("./45", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3768
./strace-static-x86_64: Process 3768 attached
[pid  3768] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3768] chdir("./45")               = 0
[pid  3768] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3768] setpgid(0, 0)               = 0
[pid  3768] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3768] write(3, "1000", 4)         = 4
[pid  3768] close(3)                    = 0
[pid  3768] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3768] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3768] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3768] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3769 attached
, parent_tid=[3769], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3769
[pid  3768] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3768] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3769] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3769] memfd_create("syzkaller", 0) = 3
[pid  3769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3769] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3769] munmap(0x7fc87e392000, 16777216) = 0
[pid  3769] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3769] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3769] close(3)                    = 0
[pid  3769] mkdir("./file0", 0777)      = 0
[   90.593314][ T3769] loop0: detected capacity change from 0 to 32768
[   90.602864][ T3769] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   90.611127][ T3769] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   90.620775][ T3769] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   90.629149][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   90.636039][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3769] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3769] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3769] chdir("./file0")            = 0
[pid  3769] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3769] close(4)                    = 0
[pid  3769] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3768] <... futex resumed>)        = 0
[pid  3768] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3768] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3769] <... futex resumed>)        = 1
[pid  3769] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3769] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3768] <... futex resumed>)        = 0
[pid  3768] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3768] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3769] <... futex resumed>)        = 1
[   90.669502][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   90.677307][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   90.682993][ T3769] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   90.697371][ T3769] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   90.705974][ T3769] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   90.705974][ T3769]   inode = 12 2341
[pid  3769] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3768] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3768] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   90.705974][ T3769]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   90.724848][ T3769] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   90.734012][ T3769] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3769 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   90.744196][ T3769] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   90.752708][ T3769] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   90.760328][ T3769] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   90.769143][ T3769] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   90.775838][ T3769] gfs2: fsid=syz:syz.0: File system withdrawn
[   90.781997][ T3769] CPU: 0 PID: 3769 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   90.792447][ T3769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   90.802505][ T3769] Call Trace:
[   90.805777][ T3769]  <TASK>
[   90.808713][ T3769]  dump_stack_lvl+0x1b1/0x28e
[   90.813389][ T3769]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   90.818842][ T3769]  ? panic+0x710/0x710
[   90.822902][ T3769]  ? kobject_uevent_env+0x46b/0x8e0
[   90.828094][ T3769]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.833290][ T3769]  gfs2_withdraw+0xf33/0x1540
[   90.837977][ T3769]  ? gfs2_lm+0x220/0x220
[   90.842210][ T3769]  ? gfs2_dirent_scan+0xb6/0x650
[   90.847153][ T3769]  ? panic+0x710/0x710
[   90.851209][ T3769]  ? gfs2_permission+0x2ff/0x430
[   90.856142][ T3769]  ? gfs2_consist_inode_i+0xf3/0x110
[   90.861420][ T3769]  gfs2_dirent_scan+0x535/0x650
[   90.866271][ T3769]  ? gfs2_dirent_search+0xb10/0xb10
[   90.871471][ T3769]  gfs2_dirent_search+0x2ea/0xb10
[   90.876499][ T3769]  ? gfs2_dirent_search+0xb10/0xb10
[   90.881696][ T3769]  ? gfs2_dir_search+0x2a0/0x2a0
[   90.886623][ T3769]  ? gfs2_permission+0x3bf/0x430
[   90.891588][ T3769]  gfs2_dir_search+0x8c/0x2a0
[   90.896261][ T3769]  ? do_filldir_main+0x530/0x530
[   90.901192][ T3769]  ? inode_go_held+0xe4/0x1f0
[   90.905861][ T3769]  ? gfs2_glock_wait+0x213/0x2a0
[   90.910793][ T3769]  gfs2_lookupi+0x465/0x650
[   90.915296][ T3769]  ? gfs2_lookup_simple+0x170/0x170
[   90.920488][ T3769]  ? __gfs2_lookup+0x8c/0x260
[   90.925165][ T3769]  __gfs2_lookup+0x8c/0x260
[   90.929661][ T3769]  ? gfs2_atomic_open+0x230/0x230
[   90.934679][ T3769]  ? __d_lookup+0x6a4/0x770
[   90.939175][ T3769]  ? d_hash_and_lookup+0x1c0/0x1c0
[   90.944281][ T3769]  gfs2_atomic_open+0xa4/0x230
[   90.949040][ T3769]  path_openat+0xf39/0x2df0
[   90.953542][ T3769]  ? gfs2_rename2+0x3000/0x3000
[   90.958409][ T3769]  ? do_filp_open+0x4f0/0x4f0
[   90.963099][ T3769]  do_filp_open+0x264/0x4f0
[   90.967593][ T3769]  ? vfs_tmpfile+0x490/0x490
[   90.972180][ T3769]  ? do_raw_spin_unlock+0x134/0x8a0
[   90.977378][ T3769]  ? _raw_spin_unlock+0x24/0x40
[   90.982250][ T3769]  ? alloc_fd+0x5a7/0x640
[   90.986579][ T3769]  do_sys_openat2+0x124/0x4e0
[   90.991251][ T3769]  ? print_irqtrace_events+0x220/0x220
[   90.996697][ T3769]  ? ptrace_stop+0x74d/0x970
[   91.001282][ T3769]  ? do_sys_open+0x220/0x220
[   91.005869][ T3769]  ? lockdep_hardirqs_on+0x8d/0x130
[   91.011061][ T3769]  ? _raw_spin_unlock_irq+0x2a/0x40
[   91.016253][ T3769]  ? ptrace_notify+0x245/0x340
[   91.021008][ T3769]  __x64_sys_openat+0x243/0x290
[   91.025855][ T3769]  ? __ia32_sys_open+0x270/0x270
[   91.030788][ T3769]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   91.036763][ T3769]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   91.042738][ T3769]  do_syscall_64+0x3d/0xb0
[   91.047143][ T3769]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.053023][ T3769] RIP: 0033:0x7fc8868064d9
[   91.057427][ T3769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   91.077031][ T3769] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   91.085692][ T3769] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   91.093652][ T3769] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   91.101611][ T3769] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   91.109570][ T3769] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3768] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3768] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3768] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3769] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3769] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3768] <... clone resumed>, parent_tid=[3770], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3770
[pid  3769] <... futex resumed>)        = 0
[pid  3768] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3769] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3768] <... futex resumed>)        = 0
./strace-static-x86_64: Process 3770 attached
[pid  3770] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3770] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3770] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3768] exit_group(0 <unfinished ...>
[pid  3769] <... futex resumed>)        = ?
[pid  3768] <... exit_group resumed>)   = ?
[pid  3769] +++ exited with 0 +++
[pid  3770] +++ exited with 0 +++
[pid  3768] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3768, si_uid=0, si_status=0, si_utime=3, si_stime=27} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./45/binderfs")                 = 0
[   91.117532][ T3769] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   91.125772][ T3769]  </TASK>
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./45/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./45")                           = 0
mkdir("./46", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3771
./strace-static-x86_64: Process 3771 attached
[pid  3771] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3771] chdir("./46")               = 0
[pid  3771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3771] setpgid(0, 0)               = 0
[pid  3771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3771] write(3, "1000", 4)         = 4
[pid  3771] close(3)                    = 0
[pid  3771] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3771] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3771] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3771] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3772 attached
 <unfinished ...>
[pid  3772] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3771] <... clone resumed>, parent_tid=[3772], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3772
[pid  3772] <... set_robust_list resumed>) = 0
[pid  3771] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3771] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3772] memfd_create("syzkaller", 0) = 3
[pid  3772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3772] munmap(0x7fc87e392000, 16777216) = 0
[pid  3772] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3772] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3772] close(3)                    = 0
[pid  3772] mkdir("./file0", 0777)      = 0
[   91.417691][ T3772] loop0: detected capacity change from 0 to 32768
[   91.428959][ T3772] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   91.437358][ T3772] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   91.447148][ T3772] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   91.455853][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   91.462762][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3772] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3772] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3772] chdir("./file0")            = 0
[pid  3772] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3772] close(4)                    = 0
[pid  3772] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3771] <... futex resumed>)        = 0
[pid  3771] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3771] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3772] <... futex resumed>)        = 1
[pid  3772] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3772] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3771] <... futex resumed>)        = 0
[pid  3771] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3771] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3772] <... futex resumed>)        = 1
[   91.495106][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[   91.502686][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   91.507914][ T3772] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   91.537248][ T3772] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   91.546588][ T3772] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   91.546588][ T3772]   inode = 12 2341
[   91.546588][ T3772]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   91.565466][ T3772] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   91.574593][ T3772] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3772 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3772] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3771] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3771] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3771] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[   91.584729][ T3772] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   91.593357][ T3772] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   91.600697][ T3772] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   91.609644][ T3772] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   91.616311][ T3772] gfs2: fsid=syz:syz.0: File system withdrawn
[   91.623191][ T3772] CPU: 0 PID: 3772 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   91.633638][ T3772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   91.643708][ T3772] Call Trace:
[   91.646988][ T3772]  <TASK>
[   91.649910][ T3772]  dump_stack_lvl+0x1b1/0x28e
[   91.654583][ T3772]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   91.660027][ T3772]  ? panic+0x710/0x710
[   91.664086][ T3772]  ? kobject_uevent_env+0x46b/0x8e0
[   91.669278][ T3772]  ? do_raw_spin_unlock+0x134/0x8a0
[   91.674492][ T3772]  gfs2_withdraw+0xf33/0x1540
[   91.679182][ T3772]  ? gfs2_lm+0x220/0x220
[   91.683410][ T3772]  ? gfs2_dirent_scan+0xb6/0x650
[   91.688342][ T3772]  ? panic+0x710/0x710
[   91.692399][ T3772]  ? gfs2_permission+0x2ff/0x430
[   91.697327][ T3772]  ? gfs2_consist_inode_i+0xf3/0x110
[   91.702601][ T3772]  gfs2_dirent_scan+0x535/0x650
[   91.707446][ T3772]  ? gfs2_dirent_search+0xb10/0xb10
[   91.712634][ T3772]  gfs2_dirent_search+0x2ea/0xb10
[   91.717650][ T3772]  ? gfs2_dirent_search+0xb10/0xb10
[   91.722854][ T3772]  ? gfs2_dir_search+0x2a0/0x2a0
[   91.727974][ T3772]  ? gfs2_permission+0x3bf/0x430
[   91.732908][ T3772]  gfs2_dir_search+0x8c/0x2a0
[   91.737584][ T3772]  ? do_filldir_main+0x530/0x530
[   91.742530][ T3772]  ? inode_go_held+0xe4/0x1f0
[   91.747204][ T3772]  ? gfs2_glock_wait+0x213/0x2a0
[   91.752137][ T3772]  gfs2_lookupi+0x465/0x650
[   91.756642][ T3772]  ? gfs2_lookup_simple+0x170/0x170
[   91.761836][ T3772]  ? __gfs2_lookup+0x8c/0x260
[   91.766781][ T3772]  __gfs2_lookup+0x8c/0x260
[   91.771279][ T3772]  ? gfs2_atomic_open+0x230/0x230
[   91.776300][ T3772]  ? __d_lookup+0x6a4/0x770
[   91.780791][ T3772]  ? d_hash_and_lookup+0x1c0/0x1c0
[   91.785895][ T3772]  gfs2_atomic_open+0xa4/0x230
[   91.790655][ T3772]  path_openat+0xf39/0x2df0
[   91.795155][ T3772]  ? gfs2_rename2+0x3000/0x3000
[   91.800026][ T3772]  ? do_filp_open+0x4f0/0x4f0
[   91.804849][ T3772]  do_filp_open+0x264/0x4f0
[   91.809399][ T3772]  ? vfs_tmpfile+0x490/0x490
[   91.814008][ T3772]  ? do_raw_spin_unlock+0x134/0x8a0
[   91.819218][ T3772]  ? _raw_spin_unlock+0x24/0x40
[   91.824087][ T3772]  ? alloc_fd+0x5a7/0x640
[   91.828421][ T3772]  do_sys_openat2+0x124/0x4e0
[   91.833094][ T3772]  ? print_irqtrace_events+0x220/0x220
[   91.838541][ T3772]  ? ptrace_stop+0x74d/0x970
[   91.843144][ T3772]  ? do_sys_open+0x220/0x220
[   91.847747][ T3772]  ? lockdep_hardirqs_on+0x8d/0x130
[   91.852963][ T3772]  ? _raw_spin_unlock_irq+0x2a/0x40
[   91.858167][ T3772]  ? ptrace_notify+0x245/0x340
[   91.862932][ T3772]  __x64_sys_openat+0x243/0x290
[   91.867796][ T3772]  ? __ia32_sys_open+0x270/0x270
[   91.872752][ T3772]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   91.878776][ T3772]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   91.884757][ T3772]  do_syscall_64+0x3d/0xb0
[   91.889166][ T3772]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   91.895052][ T3772] RIP: 0033:0x7fc8868064d9
[   91.899457][ T3772] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   91.919139][ T3772] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   91.927544][ T3772] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3771] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3772] <... openat resumed>)       = -1 EIO (Input/output error)
./strace-static-x86_64: Process 3773 attached
[pid  3771] <... clone resumed>, parent_tid=[3773], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3773
[pid  3773] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3771] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3773] <... set_robust_list resumed>) = 0
[pid  3771] <... futex resumed>)        = 0
[pid  3773] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3772] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3773] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3772] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3773] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3773] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3771] exit_group(0)               = ?
[pid  3772] <... futex resumed>)        = ?
[pid  3772] +++ exited with 0 +++
[pid  3773] <... futex resumed>)        = ?
[pid  3773] +++ exited with 0 +++
[pid  3771] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3771, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./46/binderfs")                 = 0
[   91.935511][ T3772] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   91.943472][ T3772] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   91.951433][ T3772] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   91.959402][ T3772] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   91.967383][ T3772]  </TASK>
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./46/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./46")                           = 0
mkdir("./47", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3774
./strace-static-x86_64: Process 3774 attached
[pid  3774] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3774] chdir("./47")               = 0
[pid  3774] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3774] setpgid(0, 0)               = 0
[pid  3774] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3774] write(3, "1000", 4)         = 4
[pid  3774] close(3)                    = 0
[pid  3774] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3774] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3774] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3774] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3775], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3775
[pid  3774] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3774] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3775 attached
 <unfinished ...>
[pid  3775] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3775] memfd_create("syzkaller", 0) = 3
[pid  3775] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3775] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3775] munmap(0x7fc87e392000, 16777216) = 0
[pid  3775] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3775] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3775] close(3)                    = 0
[pid  3775] mkdir("./file0", 0777)      = 0
[   92.270547][ T3775] loop0: detected capacity change from 0 to 32768
[   92.281639][ T3775] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   92.290041][ T3775] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   92.300061][ T3775] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   92.308818][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   92.316032][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3775] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3775] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3775] chdir("./file0")            = 0
[pid  3775] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3775] close(4)                    = 0
[pid  3775] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3774] <... futex resumed>)        = 0
[pid  3774] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3774] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3775] <... futex resumed>)        = 1
[pid  3775] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3775] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3774] <... futex resumed>)        = 0
[pid  3774] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3774] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3775] <... futex resumed>)        = 1
[   92.349475][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   92.358322][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   92.363631][ T3775] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   92.378469][ T3775] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   92.386941][ T3775] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   92.386941][ T3775]   inode = 12 2341
[pid  3775] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3774] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[   92.386941][ T3775]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   92.417065][ T3775] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   92.426684][ T3775] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3775 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   92.437100][ T3775] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3774] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3774] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3774] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3774] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3776], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3776
[pid  3774] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   92.445873][ T3775] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   92.453228][ T3775] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   92.462134][ T3775] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   92.469005][ T3775] gfs2: fsid=syz:syz.0: File system withdrawn
[   92.475959][ T3775] CPU: 0 PID: 3775 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   92.486405][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   92.496488][ T3775] Call Trace:
[   92.499787][ T3775]  <TASK>
[   92.502711][ T3775]  dump_stack_lvl+0x1b1/0x28e
[   92.507416][ T3775]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   92.512875][ T3775]  ? panic+0x710/0x710
[   92.516954][ T3775]  ? kobject_uevent_env+0x46b/0x8e0
[   92.522151][ T3775]  ? do_raw_spin_unlock+0x134/0x8a0
[   92.527372][ T3775]  gfs2_withdraw+0xf33/0x1540
[   92.532053][ T3775]  ? gfs2_lm+0x220/0x220
[   92.536308][ T3775]  ? gfs2_dirent_scan+0xb6/0x650
[   92.541250][ T3775]  ? panic+0x710/0x710
[   92.545320][ T3775]  ? gfs2_permission+0x2ff/0x430
[   92.550254][ T3775]  ? gfs2_consist_inode_i+0xf3/0x110
[   92.555544][ T3775]  gfs2_dirent_scan+0x535/0x650
[   92.560412][ T3775]  ? gfs2_dirent_search+0xb10/0xb10
[   92.565612][ T3775]  gfs2_dirent_search+0x2ea/0xb10
[   92.570654][ T3775]  ? gfs2_dirent_search+0xb10/0xb10
[   92.575855][ T3775]  ? gfs2_dir_search+0x2a0/0x2a0
[   92.580795][ T3775]  ? gfs2_permission+0x3bf/0x430
[   92.585745][ T3775]  gfs2_dir_search+0x8c/0x2a0
[   92.590426][ T3775]  ? do_filldir_main+0x530/0x530
[   92.595361][ T3775]  ? inode_go_held+0xe4/0x1f0
[   92.600041][ T3775]  ? gfs2_glock_wait+0x213/0x2a0
[   92.604975][ T3775]  gfs2_lookupi+0x465/0x650
[   92.609565][ T3775]  ? gfs2_lookup_simple+0x170/0x170
[   92.614933][ T3775]  ? __gfs2_lookup+0x8c/0x260
[   92.619700][ T3775]  __gfs2_lookup+0x8c/0x260
[   92.624312][ T3775]  ? gfs2_atomic_open+0x230/0x230
[   92.629346][ T3775]  ? __d_lookup+0x6a4/0x770
[   92.633843][ T3775]  ? d_hash_and_lookup+0x1c0/0x1c0
[   92.638945][ T3775]  gfs2_atomic_open+0xa4/0x230
[   92.643975][ T3775]  path_openat+0xf39/0x2df0
[   92.648514][ T3775]  ? gfs2_rename2+0x3000/0x3000
[   92.653371][ T3775]  ? do_filp_open+0x4f0/0x4f0
[   92.658055][ T3775]  do_filp_open+0x264/0x4f0
[   92.662549][ T3775]  ? vfs_tmpfile+0x490/0x490
[   92.667141][ T3775]  ? do_raw_spin_unlock+0x134/0x8a0
[   92.672341][ T3775]  ? _raw_spin_unlock+0x24/0x40
[   92.677190][ T3775]  ? alloc_fd+0x5a7/0x640
[   92.681519][ T3775]  do_sys_openat2+0x124/0x4e0
[   92.686190][ T3775]  ? print_irqtrace_events+0x220/0x220
[   92.691638][ T3775]  ? ptrace_stop+0x74d/0x970
[   92.696222][ T3775]  ? do_sys_open+0x220/0x220
[   92.700813][ T3775]  ? lockdep_hardirqs_on+0x8d/0x130
[   92.706004][ T3775]  ? _raw_spin_unlock_irq+0x2a/0x40
[   92.711198][ T3775]  ? ptrace_notify+0x245/0x340
[   92.715952][ T3775]  __x64_sys_openat+0x243/0x290
[   92.720794][ T3775]  ? __ia32_sys_open+0x270/0x270
[   92.725729][ T3775]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   92.731976][ T3775]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   92.737962][ T3775]  do_syscall_64+0x3d/0xb0
[   92.742384][ T3775]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   92.748281][ T3775] RIP: 0033:0x7fc8868064d9
[   92.752688][ T3775] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   92.772293][ T3775] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   92.780696][ T3775] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   92.788743][ T3775] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
./strace-static-x86_64: Process 3776 attached
[pid  3775] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3776] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3775] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3776] <... set_robust_list resumed>) = 0
[pid  3775] <... futex resumed>)        = 0
[pid  3776] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3775] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3776] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3776] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3774] exit_group(0 <unfinished ...>
[pid  3776] <... futex resumed>)        = ?
[pid  3775] <... futex resumed>)        = ?
[pid  3774] <... exit_group resumed>)   = ?
[pid  3776] +++ exited with 0 +++
[pid  3775] +++ exited with 0 +++
[pid  3774] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3774, si_uid=0, si_status=0, si_utime=2, si_stime=25} ---
umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./47/binderfs")                 = 0
[   92.796703][ T3775] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   92.804662][ T3775] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   92.812638][ T3775] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   92.820613][ T3775]  </TASK>
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./47/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./47")                           = 0
mkdir("./48", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3778
./strace-static-x86_64: Process 3778 attached
[pid  3778] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3778] chdir("./48")               = 0
[pid  3778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3778] setpgid(0, 0)               = 0
[pid  3778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3778] write(3, "1000", 4)         = 4
[pid  3778] close(3)                    = 0
[pid  3778] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3778] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3778] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3778] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3779], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3779
./strace-static-x86_64: Process 3779 attached
[pid  3778] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3778] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3779] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3779] memfd_create("syzkaller", 0) = 3
[pid  3779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3779] munmap(0x7fc87e392000, 16777216) = 0
[pid  3779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3779] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3779] close(3)                    = 0
[pid  3779] mkdir("./file0", 0777)      = 0
[   93.137459][ T3779] loop0: detected capacity change from 0 to 32768
[   93.148018][ T3779] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   93.156307][ T3779] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   93.166265][ T3779] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   93.175238][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   93.182157][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3779] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3779] chdir("./file0")            = 0
[pid  3779] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3779] close(4)                    = 0
[pid  3779] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3778] <... futex resumed>)        = 0
[pid  3778] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3778] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3779] <... futex resumed>)        = 1
[pid  3779] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3779] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3778] <... futex resumed>)        = 0
[pid  3779] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3778] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   93.215507][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   93.223055][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   93.228302][ T3779] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   93.253774][ T3779] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3778] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3778] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3778] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[   93.263416][ T3779] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   93.263416][ T3779]   inode = 12 2341
[   93.263416][ T3779]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   93.282596][ T3779] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   93.292293][ T3779] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3779 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   93.302642][ T3779] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3778] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3782], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3782
[pid  3778] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3782 attached
[pid  3782] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3782] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3782] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   93.311226][ T3779] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   93.318819][ T3779] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   93.328419][ T3779] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   93.336064][ T3779] gfs2: fsid=syz:syz.0: File system withdrawn
[   93.342581][ T3779] CPU: 0 PID: 3779 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   93.352983][ T3779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   93.363024][ T3779] Call Trace:
[   93.366290][ T3779]  <TASK>
[   93.369208][ T3779]  dump_stack_lvl+0x1b1/0x28e
[   93.373873][ T3779]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   93.379315][ T3779]  ? panic+0x710/0x710
[   93.383368][ T3779]  ? kobject_uevent_env+0x46b/0x8e0
[   93.388548][ T3779]  ? do_raw_spin_unlock+0x134/0x8a0
[   93.393734][ T3779]  gfs2_withdraw+0xf33/0x1540
[   93.398430][ T3779]  ? gfs2_lm+0x220/0x220
[   93.402659][ T3779]  ? gfs2_dirent_scan+0xb6/0x650
[   93.407594][ T3779]  ? panic+0x710/0x710
[   93.411652][ T3779]  ? gfs2_permission+0x2ff/0x430
[   93.416588][ T3779]  ? gfs2_consist_inode_i+0xf3/0x110
[   93.421872][ T3779]  gfs2_dirent_scan+0x535/0x650
[   93.426723][ T3779]  ? gfs2_dirent_search+0xb10/0xb10
[   93.431919][ T3779]  gfs2_dirent_search+0x2ea/0xb10
[   93.436963][ T3779]  ? gfs2_dirent_search+0xb10/0xb10
[   93.442188][ T3779]  ? gfs2_dir_search+0x2a0/0x2a0
[   93.447140][ T3779]  ? gfs2_permission+0x3bf/0x430
[   93.452085][ T3779]  gfs2_dir_search+0x8c/0x2a0
[   93.456764][ T3779]  ? do_filldir_main+0x530/0x530
[   93.461694][ T3779]  ? inode_go_held+0xe4/0x1f0
[   93.466368][ T3779]  ? gfs2_glock_wait+0x213/0x2a0
[   93.471296][ T3779]  gfs2_lookupi+0x465/0x650
[   93.475815][ T3779]  ? gfs2_lookup_simple+0x170/0x170
[   93.481007][ T3779]  ? __gfs2_lookup+0x8c/0x260
[   93.485683][ T3779]  __gfs2_lookup+0x8c/0x260
[   93.490180][ T3779]  ? gfs2_atomic_open+0x230/0x230
[   93.495201][ T3779]  ? __d_lookup+0x6a4/0x770
[   93.499714][ T3779]  ? d_hash_and_lookup+0x1c0/0x1c0
[   93.504839][ T3779]  gfs2_atomic_open+0xa4/0x230
[   93.509613][ T3779]  path_openat+0xf39/0x2df0
[   93.514187][ T3779]  ? gfs2_rename2+0x3000/0x3000
[   93.519052][ T3779]  ? do_filp_open+0x4f0/0x4f0
[   93.523744][ T3779]  do_filp_open+0x264/0x4f0
[   93.528238][ T3779]  ? vfs_tmpfile+0x490/0x490
[   93.532830][ T3779]  ? do_raw_spin_unlock+0x134/0x8a0
[   93.538025][ T3779]  ? _raw_spin_unlock+0x24/0x40
[   93.542869][ T3779]  ? alloc_fd+0x5a7/0x640
[   93.547200][ T3779]  do_sys_openat2+0x124/0x4e0
[   93.551938][ T3779]  ? print_irqtrace_events+0x220/0x220
[   93.557386][ T3779]  ? ptrace_stop+0x74d/0x970
[   93.561969][ T3779]  ? do_sys_open+0x220/0x220
[   93.566568][ T3779]  ? lockdep_hardirqs_on+0x8d/0x130
[   93.571764][ T3779]  ? _raw_spin_unlock_irq+0x2a/0x40
[   93.576958][ T3779]  ? ptrace_notify+0x245/0x340
[   93.581801][ T3779]  __x64_sys_openat+0x243/0x290
[   93.586645][ T3779]  ? __ia32_sys_open+0x270/0x270
[   93.591587][ T3779]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   93.597591][ T3779]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   93.603590][ T3779]  do_syscall_64+0x3d/0xb0
[   93.608030][ T3779]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   93.613924][ T3779] RIP: 0033:0x7fc8868064d9
[   93.618333][ T3779] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   93.637961][ T3779] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   93.646376][ T3779] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   93.654337][ T3779] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3782] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3779] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3779] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3779] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3778] exit_group(0)               = ?
[pid  3782] <... futex resumed>)        = ?
[pid  3779] <... futex resumed>)        = ?
[pid  3782] +++ exited with 0 +++
[pid  3779] +++ exited with 0 +++
[pid  3778] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3778, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./48/binderfs")                 = 0
[   93.662303][ T3779] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   93.670265][ T3779] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   93.678240][ T3779] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   93.686219][ T3779]  </TASK>
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./48/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./48")                           = 0
mkdir("./49", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3784
./strace-static-x86_64: Process 3784 attached
[pid  3784] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3784] chdir("./49")               = 0
[pid  3784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3784] setpgid(0, 0)               = 0
[pid  3784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3784] write(3, "1000", 4)         = 4
[pid  3784] close(3)                    = 0
[pid  3784] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3784] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3784] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3784] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3785], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3785
[pid  3784] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3785 attached
[pid  3784] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3785] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3785] memfd_create("syzkaller", 0) = 3
[pid  3785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3785] munmap(0x7fc87e392000, 16777216) = 0
[pid  3785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3785] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3785] close(3)                    = 0
[pid  3785] mkdir("./file0", 0777)      = 0
[   94.010865][ T3785] loop0: detected capacity change from 0 to 32768
[   94.020365][ T3785] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   94.028559][ T3785] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   94.037850][ T3785] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   94.046615][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   94.053510][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3785] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3785] chdir("./file0")            = 0
[pid  3785] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3785] close(4)                    = 0
[pid  3785] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3784] <... futex resumed>)        = 0
[pid  3784] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3784] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3785] <... futex resumed>)        = 1
[pid  3785] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3785] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3784] <... futex resumed>)        = 0
[pid  3784] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3784] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3785] <... futex resumed>)        = 1
[   94.092816][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   94.100358][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   94.105616][ T3785] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   94.125018][ T3785] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   94.133498][ T3785] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3785] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3784] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3784] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   94.133498][ T3785]   inode = 12 2341
[   94.133498][ T3785]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   94.152778][ T3785] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   94.162309][ T3785] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3785 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   94.173020][ T3785] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   94.182008][ T3785] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3784] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3784] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3787], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3787
[pid  3784] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3787 attached
[pid  3787] set_robust_list(0x7fc87f3919e0, 24) = 0
[   94.189311][ T3785] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   94.198749][ T3785] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   94.205714][ T3785] gfs2: fsid=syz:syz.0: File system withdrawn
[   94.212173][ T3785] CPU: 0 PID: 3785 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   94.222599][ T3785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   94.232656][ T3785] Call Trace:
[   94.235950][ T3785]  <TASK>
[   94.238985][ T3785]  dump_stack_lvl+0x1b1/0x28e
[   94.243767][ T3785]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   94.250090][ T3785]  ? panic+0x710/0x710
[   94.254174][ T3785]  ? kobject_uevent_env+0x46b/0x8e0
[   94.259380][ T3785]  ? do_raw_spin_unlock+0x134/0x8a0
[   94.264570][ T3785]  gfs2_withdraw+0xf33/0x1540
[   94.269248][ T3785]  ? gfs2_lm+0x220/0x220
[   94.273533][ T3785]  ? gfs2_dirent_scan+0xb6/0x650
[   94.278466][ T3785]  ? panic+0x710/0x710
[   94.282540][ T3785]  ? gfs2_permission+0x2ff/0x430
[   94.287504][ T3785]  ? gfs2_consist_inode_i+0xf3/0x110
[   94.292778][ T3785]  gfs2_dirent_scan+0x535/0x650
[   94.297640][ T3785]  ? gfs2_dirent_search+0xb10/0xb10
[   94.302829][ T3785]  gfs2_dirent_search+0x2ea/0xb10
[   94.307933][ T3785]  ? gfs2_dirent_search+0xb10/0xb10
[   94.313311][ T3785]  ? gfs2_dir_search+0x2a0/0x2a0
[   94.318254][ T3785]  ? gfs2_permission+0x3bf/0x430
[   94.323196][ T3785]  gfs2_dir_search+0x8c/0x2a0
[   94.327874][ T3785]  ? do_filldir_main+0x530/0x530
[   94.332805][ T3785]  ? inode_go_held+0xe4/0x1f0
[   94.337478][ T3785]  ? gfs2_glock_wait+0x213/0x2a0
[   94.342412][ T3785]  gfs2_lookupi+0x465/0x650
[   94.346916][ T3785]  ? gfs2_lookup_simple+0x170/0x170
[   94.352110][ T3785]  ? __gfs2_lookup+0x8c/0x260
[   94.356788][ T3785]  __gfs2_lookup+0x8c/0x260
[   94.361291][ T3785]  ? gfs2_atomic_open+0x230/0x230
[   94.366312][ T3785]  ? __d_lookup+0x6a4/0x770
[   94.370809][ T3785]  ? d_hash_and_lookup+0x1c0/0x1c0
[   94.375913][ T3785]  gfs2_atomic_open+0xa4/0x230
[   94.380676][ T3785]  path_openat+0xf39/0x2df0
[   94.385872][ T3785]  ? gfs2_rename2+0x3000/0x3000
[   94.390729][ T3785]  ? do_filp_open+0x4f0/0x4f0
[   94.395412][ T3785]  do_filp_open+0x264/0x4f0
[   94.399905][ T3785]  ? vfs_tmpfile+0x490/0x490
[   94.404494][ T3785]  ? do_raw_spin_unlock+0x134/0x8a0
[   94.409692][ T3785]  ? _raw_spin_unlock+0x24/0x40
[   94.414544][ T3785]  ? alloc_fd+0x5a7/0x640
[   94.418874][ T3785]  do_sys_openat2+0x124/0x4e0
[   94.423553][ T3785]  ? print_irqtrace_events+0x220/0x220
[   94.429005][ T3785]  ? ptrace_stop+0x74d/0x970
[   94.433588][ T3785]  ? do_sys_open+0x220/0x220
[   94.438171][ T3785]  ? lockdep_hardirqs_on+0x8d/0x130
[   94.443369][ T3785]  ? _raw_spin_unlock_irq+0x2a/0x40
[   94.448562][ T3785]  ? ptrace_notify+0x245/0x340
[   94.453319][ T3785]  __x64_sys_openat+0x243/0x290
[   94.458252][ T3785]  ? __ia32_sys_open+0x270/0x270
[   94.463185][ T3785]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   94.469163][ T3785]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   94.475146][ T3785]  do_syscall_64+0x3d/0xb0
[   94.479558][ T3785]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   94.485442][ T3785] RIP: 0033:0x7fc8868064d9
[   94.489845][ T3785] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   94.509441][ T3785] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   94.517845][ T3785] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   94.525812][ T3785] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   94.533862][ T3785] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3787] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3787] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3787] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3785] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3785] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3784] exit_group(0)               = ?
[pid  3787] <... futex resumed>)        = ?
[pid  3785] <... futex resumed>)        = ?
[pid  3787] +++ exited with 0 +++
[pid  3785] +++ exited with 0 +++
[pid  3784] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3784, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./49/binderfs")                 = 0
[   94.541821][ T3785] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   94.550390][ T3785] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   94.558365][ T3785]  </TASK>
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./49/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./49")                           = 0
mkdir("./50", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3788
./strace-static-x86_64: Process 3788 attached
[pid  3788] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3788] chdir("./50")               = 0
[pid  3788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3788] setpgid(0, 0)               = 0
[pid  3788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3788] write(3, "1000", 4)         = 4
[pid  3788] close(3)                    = 0
[pid  3788] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3788] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3788] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3788] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3789], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3789
[pid  3788] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3788] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3789 attached
 <unfinished ...>
[pid  3789] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3789] memfd_create("syzkaller", 0) = 3
[pid  3789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3789] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3789] munmap(0x7fc87e392000, 16777216) = 0
[pid  3789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3789] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3789] close(3)                    = 0
[pid  3789] mkdir("./file0", 0777)      = 0
[   94.869037][ T3789] loop0: detected capacity change from 0 to 32768
[   94.878960][ T3789] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   94.887654][ T3789] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   94.897860][ T3789] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   94.906963][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   94.914129][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3789] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3789] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3789] chdir("./file0")            = 0
[pid  3789] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3789] close(4)                    = 0
[pid  3789] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3788] <... futex resumed>)        = 0
[pid  3788] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3788] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3789] <... futex resumed>)        = 1
[pid  3789] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3789] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3788] <... futex resumed>)        = 0
[pid  3788] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3788] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3789] <... futex resumed>)        = 1
[   94.947354][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[   94.954921][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   94.960507][ T3789] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   94.985614][ T3789] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3789] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3788] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3788] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3788] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3788] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3790], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3790
[pid  3788] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3790 attached
[pid  3790] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3790] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3790] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   94.994457][ T3789] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   94.994457][ T3789]   inode = 12 2341
[   94.994457][ T3789]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   95.013707][ T3789] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   95.022974][ T3789] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3789 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   95.033475][ T3789] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   95.042073][ T3789] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   95.049450][ T3789] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   95.058451][ T3789] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   95.065273][ T3789] gfs2: fsid=syz:syz.0: File system withdrawn
[   95.071819][ T3789] CPU: 0 PID: 3789 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   95.082228][ T3789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   95.092274][ T3789] Call Trace:
[   95.095542][ T3789]  <TASK>
[   95.098458][ T3789]  dump_stack_lvl+0x1b1/0x28e
[   95.103123][ T3789]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   95.108563][ T3789]  ? panic+0x710/0x710
[   95.112617][ T3789]  ? kobject_uevent_env+0x46b/0x8e0
[   95.117905][ T3789]  ? do_raw_spin_unlock+0x134/0x8a0
[   95.123123][ T3789]  gfs2_withdraw+0xf33/0x1540
[   95.127819][ T3789]  ? gfs2_lm+0x220/0x220
[   95.132044][ T3789]  ? gfs2_dirent_scan+0xb6/0x650
[   95.136970][ T3789]  ? panic+0x710/0x710
[   95.141196][ T3789]  ? gfs2_permission+0x2ff/0x430
[   95.146126][ T3789]  ? gfs2_consist_inode_i+0xf3/0x110
[   95.151398][ T3789]  gfs2_dirent_scan+0x535/0x650
[   95.156240][ T3789]  ? gfs2_dirent_search+0xb10/0xb10
[   95.161426][ T3789]  gfs2_dirent_search+0x2ea/0xb10
[   95.166437][ T3789]  ? gfs2_dirent_search+0xb10/0xb10
[   95.171622][ T3789]  ? gfs2_dir_search+0x2a0/0x2a0
[   95.177934][ T3789]  ? gfs2_permission+0x3bf/0x430
[   95.182884][ T3789]  gfs2_dir_search+0x8c/0x2a0
[   95.187550][ T3789]  ? do_filldir_main+0x530/0x530
[   95.192474][ T3789]  ? inode_go_held+0xe4/0x1f0
[   95.197138][ T3789]  ? gfs2_glock_wait+0x213/0x2a0
[   95.202059][ T3789]  gfs2_lookupi+0x465/0x650
[   95.206553][ T3789]  ? gfs2_lookup_simple+0x170/0x170
[   95.211739][ T3789]  ? __gfs2_lookup+0x8c/0x260
[   95.216405][ T3789]  __gfs2_lookup+0x8c/0x260
[   95.220892][ T3789]  ? gfs2_atomic_open+0x230/0x230
[   95.225903][ T3789]  ? __d_lookup+0x6a4/0x770
[   95.230390][ T3789]  ? d_hash_and_lookup+0x1c0/0x1c0
[   95.235485][ T3789]  gfs2_atomic_open+0xa4/0x230
[   95.240234][ T3789]  path_openat+0xf39/0x2df0
[   95.244723][ T3789]  ? gfs2_rename2+0x3000/0x3000
[   95.249575][ T3789]  ? do_filp_open+0x4f0/0x4f0
[   95.254246][ T3789]  do_filp_open+0x264/0x4f0
[   95.258740][ T3789]  ? vfs_tmpfile+0x490/0x490
[   95.263406][ T3789]  ? do_raw_spin_unlock+0x134/0x8a0
[   95.268625][ T3789]  ? _raw_spin_unlock+0x24/0x40
[   95.273464][ T3789]  ? alloc_fd+0x5a7/0x640
[   95.277785][ T3789]  do_sys_openat2+0x124/0x4e0
[   95.282452][ T3789]  ? print_irqtrace_events+0x220/0x220
[   95.287891][ T3789]  ? ptrace_stop+0x74d/0x970
[   95.292551][ T3789]  ? do_sys_open+0x220/0x220
[   95.297126][ T3789]  ? lockdep_hardirqs_on+0x8d/0x130
[   95.302305][ T3789]  ? _raw_spin_unlock_irq+0x2a/0x40
[   95.307487][ T3789]  ? ptrace_notify+0x245/0x340
[   95.312231][ T3789]  __x64_sys_openat+0x243/0x290
[   95.317067][ T3789]  ? __ia32_sys_open+0x270/0x270
[   95.321989][ T3789]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   95.327955][ T3789]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   95.333925][ T3789]  do_syscall_64+0x3d/0xb0
[   95.338330][ T3789]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   95.344209][ T3789] RIP: 0033:0x7fc8868064d9
[   95.348606][ T3789] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   95.368280][ T3789] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   95.376697][ T3789] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   95.384654][ T3789] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3790] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3789] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3789] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3789] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3788] exit_group(0)               = ?
[pid  3790] <... futex resumed>)        = ?
[pid  3790] +++ exited with 0 +++
[pid  3789] <... futex resumed>)        = ?
[pid  3789] +++ exited with 0 +++
[pid  3788] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3788, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./50/binderfs")                 = 0
[   95.392609][ T3789] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   95.400563][ T3789] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   95.408514][ T3789] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   95.417186][ T3789]  </TASK>
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./50/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./50")                           = 0
mkdir("./51", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3792
./strace-static-x86_64: Process 3792 attached
[pid  3792] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3792] chdir("./51")               = 0
[pid  3792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3792] setpgid(0, 0)               = 0
[pid  3792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3792] write(3, "1000", 4)         = 4
[pid  3792] close(3)                    = 0
[pid  3792] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3792] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3792] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3792] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3793], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3793
[pid  3792] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3792] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3793 attached
 <unfinished ...>
[pid  3793] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3793] memfd_create("syzkaller", 0) = 3
[pid  3793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3793] munmap(0x7fc87e392000, 16777216) = 0
[pid  3793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3793] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3793] close(3)                    = 0
[pid  3793] mkdir("./file0", 0777)      = 0
[   95.712116][ T3793] loop0: detected capacity change from 0 to 32768
[   95.723306][ T3793] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   95.731931][ T3793] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   95.741909][ T3793] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   95.750627][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   95.758546][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3793] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3793] chdir("./file0")            = 0
[pid  3793] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3793] close(4)                    = 0
[pid  3793] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3792] <... futex resumed>)        = 0
[pid  3792] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3793] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3793] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3793] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3792] <... futex resumed>)        = 1
[pid  3792] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3792] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3792] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3793] <... futex resumed>)        = 0
[   95.791539][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[   95.800499][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   95.805723][ T3793] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3793] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3792] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3792] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3792] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3792] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3794], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3794
[pid  3792] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   95.841654][ T3793] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   95.850435][ T3793] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   95.850435][ T3793]   inode = 12 2341
[   95.850435][ T3793]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   95.869543][ T3793] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   95.878821][ T3793] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3793 [syz-executor337] __gfs2_lookup+0x8c/0x260
./strace-static-x86_64: Process 3794 attached
[pid  3794] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3794] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3794] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   95.889196][ T3793] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   95.898057][ T3793] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   95.905625][ T3793] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   95.914643][ T3793] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   95.922856][ T3793] gfs2: fsid=syz:syz.0: File system withdrawn
[   95.928928][ T3793] CPU: 0 PID: 3793 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   95.939427][ T3793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   95.949557][ T3793] Call Trace:
[   95.952853][ T3793]  <TASK>
[   95.955877][ T3793]  dump_stack_lvl+0x1b1/0x28e
[   95.960581][ T3793]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   95.966234][ T3793]  ? panic+0x710/0x710
[   95.970300][ T3793]  ? kobject_uevent_env+0x46b/0x8e0
[   95.975580][ T3793]  ? do_raw_spin_unlock+0x134/0x8a0
[   95.980795][ T3793]  gfs2_withdraw+0xf33/0x1540
[   95.985497][ T3793]  ? gfs2_lm+0x220/0x220
[pid  3794] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3792] exit_group(0 <unfinished ...>
[pid  3794] <... futex resumed>)        = ?
[pid  3792] <... exit_group resumed>)   = ?
[pid  3794] +++ exited with 0 +++
[   95.989728][ T3793]  ? gfs2_dirent_scan+0xb6/0x650
[   95.994671][ T3793]  ? panic+0x710/0x710
[   95.998751][ T3793]  ? gfs2_permission+0x2ff/0x430
[   96.003703][ T3793]  ? gfs2_consist_inode_i+0xf3/0x110
[   96.008990][ T3793]  gfs2_dirent_scan+0x535/0x650
[   96.013848][ T3793]  ? gfs2_dirent_search+0xb10/0xb10
[   96.019042][ T3793]  gfs2_dirent_search+0x2ea/0xb10
[   96.024075][ T3793]  ? gfs2_dirent_search+0xb10/0xb10
[   96.029313][ T3793]  ? gfs2_dir_search+0x2a0/0x2a0
[   96.034276][ T3793]  ? gfs2_permission+0x3bf/0x430
[   96.039305][ T3793]  gfs2_dir_search+0x8c/0x2a0
[   96.043981][ T3793]  ? do_filldir_main+0x530/0x530
[   96.048910][ T3793]  ? inode_go_held+0xe4/0x1f0
[   96.053582][ T3793]  ? gfs2_glock_wait+0x213/0x2a0
[   96.058513][ T3793]  gfs2_lookupi+0x465/0x650
[   96.063013][ T3793]  ? gfs2_lookup_simple+0x170/0x170
[   96.068204][ T3793]  ? __gfs2_lookup+0x8c/0x260
[   96.072878][ T3793]  __gfs2_lookup+0x8c/0x260
[   96.077374][ T3793]  ? gfs2_atomic_open+0x230/0x230
[   96.082393][ T3793]  ? __d_lookup+0x6a4/0x770
[   96.086885][ T3793]  ? d_hash_and_lookup+0x1c0/0x1c0
[   96.091984][ T3793]  gfs2_atomic_open+0xa4/0x230
[   96.096742][ T3793]  path_openat+0xf39/0x2df0
[   96.101241][ T3793]  ? gfs2_rename2+0x3000/0x3000
[   96.106100][ T3793]  ? do_filp_open+0x4f0/0x4f0
[   96.110780][ T3793]  do_filp_open+0x264/0x4f0
[   96.115273][ T3793]  ? vfs_tmpfile+0x490/0x490
[   96.119867][ T3793]  ? do_raw_spin_unlock+0x134/0x8a0
[   96.125061][ T3793]  ? _raw_spin_unlock+0x24/0x40
[   96.129907][ T3793]  ? alloc_fd+0x5a7/0x640
[   96.134241][ T3793]  do_sys_openat2+0x124/0x4e0
[   96.138908][ T3793]  ? print_irqtrace_events+0x220/0x220
[   96.144377][ T3793]  ? ptrace_stop+0x74d/0x970
[   96.148961][ T3793]  ? do_sys_open+0x220/0x220
[   96.153541][ T3793]  ? lockdep_hardirqs_on+0x8d/0x130
[   96.158732][ T3793]  ? _raw_spin_unlock_irq+0x2a/0x40
[   96.163924][ T3793]  ? ptrace_notify+0x245/0x340
[   96.168676][ T3793]  __x64_sys_openat+0x243/0x290
[   96.173519][ T3793]  ? __ia32_sys_open+0x270/0x270
[   96.178449][ T3793]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   96.184424][ T3793]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   96.190398][ T3793]  do_syscall_64+0x3d/0xb0
[   96.194805][ T3793]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   96.200684][ T3793] RIP: 0033:0x7fc8868064d9
[   96.205176][ T3793] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   96.224770][ T3793] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   96.233170][ T3793] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3793] <... openat resumed>)       = ?
[pid  3793] +++ exited with 0 +++
[pid  3792] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3792, si_uid=0, si_status=0, si_utime=3, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./51/binderfs")                 = 0
[   96.241150][ T3793] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   96.249107][ T3793] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   96.257072][ T3793] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   96.265028][ T3793] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   96.272998][ T3793]  </TASK>
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./51/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./51")                           = 0
mkdir("./52", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3795
./strace-static-x86_64: Process 3795 attached
[pid  3795] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3795] chdir("./52")               = 0
[pid  3795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3795] setpgid(0, 0)               = 0
[pid  3795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3795] write(3, "1000", 4)         = 4
[pid  3795] close(3)                    = 0
[pid  3795] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3795] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3795] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3795] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3796 attached
, parent_tid=[3796], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3796
[pid  3796] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3796] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3795] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3796] <... futex resumed>)        = 0
[pid  3795] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3796] memfd_create("syzkaller", 0) = 3
[pid  3796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3796] munmap(0x7fc87e392000, 16777216) = 0
[pid  3796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3796] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3796] close(3)                    = 0
[pid  3796] mkdir("./file0", 0777)      = 0
[   96.576584][ T3796] loop0: detected capacity change from 0 to 32768
[   96.588502][ T3796] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   96.597093][ T3796] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   96.607439][ T3796] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   96.616427][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   96.623673][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3796] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3796] chdir("./file0")            = 0
[pid  3796] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3796] close(4)                    = 0
[pid  3796] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3795] <... futex resumed>)        = 0
[pid  3795] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3795] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3796] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3796] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3795] <... futex resumed>)        = 0
[pid  3795] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3795] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[   96.662224][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[   96.671574][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   96.676832][ T3796] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   96.695935][ T3796] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   96.705044][ T3796] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3796] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3795] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3795] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3795] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3795] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3797], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3797
[pid  3795] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3797 attached
[pid  3797] set_robust_list(0x7fc87f3919e0, 24) = 0
[   96.705044][ T3796]   inode = 12 2341
[   96.705044][ T3796]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   96.724347][ T3796] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   96.733750][ T3796] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3796 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   96.744344][ T3796] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   96.751641][ T3797] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   96.753469][ T3796] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   96.761688][ T3797] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[   96.768599][ T3796] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   96.777970][ T3797] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3796 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   96.786669][ T3796] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   96.796867][ T3797] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3797 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   96.803152][ T3796] gfs2: fsid=syz:syz.0: File system withdrawn
[   96.813019][ T3797] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   96.820418][ T3796] CPU: 1 PID: 3796 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   96.837830][ T3796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   96.847888][ T3796] Call Trace:
[   96.851162][ T3796]  <TASK>
[   96.854085][ T3796]  dump_stack_lvl+0x1b1/0x28e
[   96.858760][ T3796]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   96.864221][ T3796]  ? panic+0x710/0x710
[   96.868288][ T3796]  ? kobject_uevent_env+0x46b/0x8e0
[   96.873482][ T3796]  ? do_raw_spin_unlock+0x134/0x8a0
[   96.878681][ T3796]  gfs2_withdraw+0xf33/0x1540
[   96.883365][ T3796]  ? gfs2_lm+0x220/0x220
[   96.887598][ T3796]  ? gfs2_dirent_scan+0xb6/0x650
[   96.892529][ T3796]  ? panic+0x710/0x710
[   96.896585][ T3796]  ? gfs2_permission+0x2ff/0x430
[   96.901517][ T3796]  ? gfs2_consist_inode_i+0xf3/0x110
[   96.906798][ T3796]  gfs2_dirent_scan+0x535/0x650
[   96.911644][ T3796]  ? gfs2_dirent_search+0xb10/0xb10
[   96.916841][ T3796]  gfs2_dirent_search+0x2ea/0xb10
[   96.921860][ T3796]  ? gfs2_dirent_search+0xb10/0xb10
[   96.927313][ T3796]  ? gfs2_dir_search+0x2a0/0x2a0
[   96.932242][ T3796]  ? gfs2_permission+0x3bf/0x430
[   96.937176][ T3796]  gfs2_dir_search+0x8c/0x2a0
[   96.941850][ T3796]  ? do_filldir_main+0x530/0x530
[   96.946780][ T3796]  ? inode_go_held+0xe4/0x1f0
[   96.951457][ T3796]  ? gfs2_glock_wait+0x213/0x2a0
[   96.956389][ T3796]  gfs2_lookupi+0x465/0x650
[   96.960889][ T3796]  ? gfs2_lookup_simple+0x170/0x170
[   96.966085][ T3796]  ? __gfs2_lookup+0x8c/0x260
[   96.970849][ T3796]  __gfs2_lookup+0x8c/0x260
[   96.975355][ T3796]  ? gfs2_atomic_open+0x230/0x230
[   96.980379][ T3796]  ? __d_lookup+0x6a4/0x770
[   96.984875][ T3796]  ? d_hash_and_lookup+0x1c0/0x1c0
[   96.989980][ T3796]  gfs2_atomic_open+0xa4/0x230
[   96.994752][ T3796]  path_openat+0xf39/0x2df0
[   96.999252][ T3796]  ? gfs2_rename2+0x3000/0x3000
[   97.004198][ T3796]  ? do_filp_open+0x4f0/0x4f0
[   97.008967][ T3796]  do_filp_open+0x264/0x4f0
[   97.013466][ T3796]  ? vfs_tmpfile+0x490/0x490
[   97.018080][ T3796]  ? do_raw_spin_unlock+0x134/0x8a0
[   97.023277][ T3796]  ? _raw_spin_unlock+0x24/0x40
[   97.028121][ T3796]  ? alloc_fd+0x5a7/0x640
[   97.032461][ T3796]  do_sys_openat2+0x124/0x4e0
[   97.037216][ T3796]  ? print_irqtrace_events+0x220/0x220
[   97.042669][ T3796]  ? ptrace_stop+0x74d/0x970
[   97.047252][ T3796]  ? do_sys_open+0x220/0x220
[   97.051839][ T3796]  ? lockdep_hardirqs_on+0x8d/0x130
[   97.057029][ T3796]  ? _raw_spin_unlock_irq+0x2a/0x40
[   97.062221][ T3796]  ? ptrace_notify+0x245/0x340
[   97.066978][ T3796]  __x64_sys_openat+0x243/0x290
[   97.071831][ T3796]  ? __ia32_sys_open+0x270/0x270
[   97.076763][ T3796]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   97.082735][ T3796]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   97.088709][ T3796]  do_syscall_64+0x3d/0xb0
[   97.093116][ T3796]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   97.098997][ T3796] RIP: 0033:0x7fc8868064d9
[   97.103428][ T3796] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   97.123117][ T3796] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   97.131521][ T3796] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   97.139485][ T3796] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   97.147460][ T3796] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   97.155420][ T3796] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3797] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3797] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3797] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3796] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3796] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3796] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3795] exit_group(0)               = ?
[pid  3797] <... futex resumed>)        = ?
[pid  3797] +++ exited with 0 +++
[pid  3796] <... futex resumed>)        = ?
[pid  3796] +++ exited with 0 +++
[pid  3795] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3795, si_uid=0, si_status=0, si_utime=0, si_stime=44} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./52/binderfs")                 = 0
[   97.163384][ T3796] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   97.171456][ T3796]  </TASK>
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./52/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./52")                           = 0
mkdir("./53", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3798
./strace-static-x86_64: Process 3798 attached
[pid  3798] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3798] chdir("./53")               = 0
[pid  3798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3798] setpgid(0, 0)               = 0
[pid  3798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3798] write(3, "1000", 4)         = 4
[pid  3798] close(3)                    = 0
[pid  3798] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3798] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3798] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3798] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3799 attached
, parent_tid=[3799], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3799
[pid  3798] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3798] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3799] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3799] memfd_create("syzkaller", 0) = 3
[pid  3799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3799] munmap(0x7fc87e392000, 16777216) = 0
[pid  3799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3799] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3799] close(3)                    = 0
[pid  3799] mkdir("./file0", 0777)      = 0
[   97.474323][ T3799] loop0: detected capacity change from 0 to 32768
[   97.484427][ T3799] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   97.492689][ T3799] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   97.501601][ T3799] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   97.509986][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   97.517003][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3799] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3799] chdir("./file0")            = 0
[pid  3799] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3799] close(4)                    = 0
[pid  3799] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3798] <... futex resumed>)        = 0
[pid  3798] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3798] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3799] <... futex resumed>)        = 1
[pid  3799] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3799] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3798] <... futex resumed>)        = 0
[pid  3798] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3798] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3799] <... futex resumed>)        = 1
[   97.552962][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[   97.560599][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   97.565834][ T3799] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   97.581704][ T3799] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   97.590574][ T3799] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   97.590574][ T3799]   inode = 12 2341
[pid  3799] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3798] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3798] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3798] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3798] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3800], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3800
[pid  3798] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3800 attached
[   97.590574][ T3799]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   97.609700][ T3799] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   97.619069][ T3799] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3799 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   97.629612][ T3799] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   97.641130][ T3799] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3800] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3800] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3800] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   97.648521][ T3799] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   97.657855][ T3799] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   97.665790][ T3799] gfs2: fsid=syz:syz.0: File system withdrawn
[   97.672294][ T3799] CPU: 1 PID: 3799 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   97.682740][ T3799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   97.692816][ T3799] Call Trace:
[   97.696104][ T3799]  <TASK>
[   97.699025][ T3799]  dump_stack_lvl+0x1b1/0x28e
[   97.703709][ T3799]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   97.709176][ T3799]  ? panic+0x710/0x710
[   97.713325][ T3799]  ? kobject_uevent_env+0x46b/0x8e0
[   97.718529][ T3799]  ? do_raw_spin_unlock+0x134/0x8a0
[   97.723838][ T3799]  gfs2_withdraw+0xf33/0x1540
[   97.728539][ T3799]  ? gfs2_lm+0x220/0x220
[   97.732800][ T3799]  ? gfs2_dirent_scan+0xb6/0x650
[   97.737762][ T3799]  ? panic+0x710/0x710
[   97.741855][ T3799]  ? gfs2_permission+0x2ff/0x430
[   97.746823][ T3799]  ? gfs2_consist_inode_i+0xf3/0x110
[   97.752101][ T3799]  gfs2_dirent_scan+0x535/0x650
[   97.756949][ T3799]  ? gfs2_dirent_search+0xb10/0xb10
[   97.762148][ T3799]  gfs2_dirent_search+0x2ea/0xb10
[   97.767178][ T3799]  ? gfs2_dirent_search+0xb10/0xb10
[   97.772379][ T3799]  ? gfs2_dir_search+0x2a0/0x2a0
[   97.777309][ T3799]  ? gfs2_permission+0x3bf/0x430
[   97.782247][ T3799]  gfs2_dir_search+0x8c/0x2a0
[   97.786923][ T3799]  ? do_filldir_main+0x530/0x530
[   97.791860][ T3799]  ? inode_go_held+0xe4/0x1f0
[   97.796531][ T3799]  ? gfs2_glock_wait+0x213/0x2a0
[   97.801469][ T3799]  gfs2_lookupi+0x465/0x650
[   97.805972][ T3799]  ? gfs2_lookup_simple+0x170/0x170
[   97.811168][ T3799]  ? __gfs2_lookup+0x8c/0x260
[   97.815845][ T3799]  __gfs2_lookup+0x8c/0x260
[   97.820343][ T3799]  ? gfs2_atomic_open+0x230/0x230
[   97.825368][ T3799]  ? __d_lookup+0x6a4/0x770
[   97.829861][ T3799]  ? d_hash_and_lookup+0x1c0/0x1c0
[   97.834964][ T3799]  gfs2_atomic_open+0xa4/0x230
[   97.839725][ T3799]  path_openat+0xf39/0x2df0
[   97.844245][ T3799]  ? gfs2_rename2+0x3000/0x3000
[   97.849103][ T3799]  ? do_filp_open+0x4f0/0x4f0
[   97.853863][ T3799]  do_filp_open+0x264/0x4f0
[   97.858359][ T3799]  ? vfs_tmpfile+0x490/0x490
[   97.862946][ T3799]  ? do_raw_spin_unlock+0x134/0x8a0
[   97.868143][ T3799]  ? _raw_spin_unlock+0x24/0x40
[   97.872988][ T3799]  ? alloc_fd+0x5a7/0x640
[   97.877317][ T3799]  do_sys_openat2+0x124/0x4e0
[   97.882106][ T3799]  ? print_irqtrace_events+0x220/0x220
[   97.887651][ T3799]  ? ptrace_stop+0x74d/0x970
[   97.892235][ T3799]  ? do_sys_open+0x220/0x220
[   97.896822][ T3799]  ? lockdep_hardirqs_on+0x8d/0x130
[   97.902026][ T3799]  ? _raw_spin_unlock_irq+0x2a/0x40
[   97.907305][ T3799]  ? ptrace_notify+0x245/0x340
[   97.912058][ T3799]  __x64_sys_openat+0x243/0x290
[   97.917025][ T3799]  ? __ia32_sys_open+0x270/0x270
[   97.921959][ T3799]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   97.927935][ T3799]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   97.933912][ T3799]  do_syscall_64+0x3d/0xb0
[   97.938320][ T3799]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   97.944202][ T3799] RIP: 0033:0x7fc8868064d9
[   97.948608][ T3799] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   97.968203][ T3799] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   97.976617][ T3799] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   97.984599][ T3799] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   97.992581][ T3799] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3800] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3799] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3799] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3799] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3798] exit_group(0 <unfinished ...>
[pid  3799] <... futex resumed>)        = ?
[pid  3799] +++ exited with 0 +++
[pid  3800] <... futex resumed>)        = ?
[pid  3798] <... exit_group resumed>)   = ?
[pid  3800] +++ exited with 0 +++
[pid  3798] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3798, si_uid=0, si_status=0, si_utime=1, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./53/binderfs")                 = 0
[   98.000548][ T3799] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   98.008511][ T3799] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   98.016575][ T3799]  </TASK>
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./53/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./53")                           = 0
mkdir("./54", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3801
./strace-static-x86_64: Process 3801 attached
[pid  3801] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3801] chdir("./54")               = 0
[pid  3801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3801] setpgid(0, 0)               = 0
[pid  3801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3801] write(3, "1000", 4)         = 4
[pid  3801] close(3)                    = 0
[pid  3801] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3801] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3801] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3801] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3802 attached
, parent_tid=[3802], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3802
[pid  3801] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3802] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3801] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3802] <... set_robust_list resumed>) = 0
[pid  3802] memfd_create("syzkaller", 0) = 3
[pid  3802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3802] munmap(0x7fc87e392000, 16777216) = 0
[pid  3802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3802] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3802] close(3)                    = 0
[pid  3802] mkdir("./file0", 0777)      = 0
[   98.338734][ T3802] loop0: detected capacity change from 0 to 32768
[   98.348783][ T3802] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   98.357602][ T3802] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   98.367679][ T3802] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   98.376511][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   98.383760][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3802] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3802] chdir("./file0")            = 0
[pid  3802] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3802] close(4)                    = 0
[pid  3802] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3801] <... futex resumed>)        = 0
[pid  3802] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3801] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3801] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3802] <... futex resumed>)        = 0
[pid  3802] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3802] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3801] <... futex resumed>)        = 0
[pid  3802] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3801] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3802] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3801] <... futex resumed>)        = 0
[pid  3802] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[   98.423486][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   98.431259][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   98.436517][ T3802] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   98.459165][ T3802] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3801] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3801] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3801] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3801] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3803], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3803
[pid  3801] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   98.467799][ T3802] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   98.467799][ T3802]   inode = 12 2341
[   98.467799][ T3802]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   98.486662][ T3802] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   98.496257][ T3802] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3802 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   98.506442][ T3802] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   98.515460][ T3802] gfs2: fsid=syz:syz.0: about to withdraw this file system
./strace-static-x86_64: Process 3803 attached
[pid  3803] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3803] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3803] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   98.522810][ T3802] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   98.531838][ T3802] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   98.538383][ T3802] gfs2: fsid=syz:syz.0: File system withdrawn
[   98.544541][ T3802] CPU: 0 PID: 3802 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   98.554954][ T3802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   98.565006][ T3802] Call Trace:
[   98.568287][ T3802]  <TASK>
[   98.571231][ T3802]  dump_stack_lvl+0x1b1/0x28e
[   98.575918][ T3802]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   98.581543][ T3802]  ? panic+0x710/0x710
[   98.585792][ T3802]  ? kobject_uevent_env+0x46b/0x8e0
[   98.591073][ T3802]  ? do_raw_spin_unlock+0x134/0x8a0
[   98.596280][ T3802]  gfs2_withdraw+0xf33/0x1540
[   98.600984][ T3802]  ? gfs2_lm+0x220/0x220
[   98.605217][ T3802]  ? gfs2_dirent_scan+0xb6/0x650
[   98.610166][ T3802]  ? panic+0x710/0x710
[   98.614781][ T3802]  ? gfs2_permission+0x2ff/0x430
[   98.619744][ T3802]  ? gfs2_consist_inode_i+0xf3/0x110
[   98.625023][ T3802]  gfs2_dirent_scan+0x535/0x650
[   98.629892][ T3802]  ? gfs2_dirent_search+0xb10/0xb10
[   98.635105][ T3802]  gfs2_dirent_search+0x2ea/0xb10
[   98.640144][ T3802]  ? gfs2_dirent_search+0xb10/0xb10
[   98.645361][ T3802]  ? gfs2_dir_search+0x2a0/0x2a0
[   98.650305][ T3802]  ? gfs2_permission+0x3bf/0x430
[   98.655248][ T3802]  gfs2_dir_search+0x8c/0x2a0
[   98.659934][ T3802]  ? do_filldir_main+0x530/0x530
[   98.664868][ T3802]  ? inode_go_held+0xe4/0x1f0
[   98.669542][ T3802]  ? gfs2_glock_wait+0x213/0x2a0
[   98.674474][ T3802]  gfs2_lookupi+0x465/0x650
[   98.678976][ T3802]  ? gfs2_lookup_simple+0x170/0x170
[   98.684166][ T3802]  ? __gfs2_lookup+0x8c/0x260
[   98.688873][ T3802]  __gfs2_lookup+0x8c/0x260
[   98.693376][ T3802]  ? gfs2_atomic_open+0x230/0x230
[   98.698398][ T3802]  ? __d_lookup+0x6a4/0x770
[   98.702915][ T3802]  ? d_hash_and_lookup+0x1c0/0x1c0
[   98.708021][ T3802]  gfs2_atomic_open+0xa4/0x230
[   98.712784][ T3802]  path_openat+0xf39/0x2df0
[   98.717305][ T3802]  ? gfs2_rename2+0x3000/0x3000
[   98.722186][ T3802]  ? do_filp_open+0x4f0/0x4f0
[   98.726883][ T3802]  do_filp_open+0x264/0x4f0
[   98.731385][ T3802]  ? vfs_tmpfile+0x490/0x490
[   98.735978][ T3802]  ? do_raw_spin_unlock+0x134/0x8a0
[   98.741174][ T3802]  ? _raw_spin_unlock+0x24/0x40
[   98.746023][ T3802]  ? alloc_fd+0x5a7/0x640
[   98.750375][ T3802]  do_sys_openat2+0x124/0x4e0
[   98.755051][ T3802]  ? print_irqtrace_events+0x220/0x220
[   98.760500][ T3802]  ? ptrace_stop+0x74d/0x970
[   98.765088][ T3802]  ? do_sys_open+0x220/0x220
[   98.769672][ T3802]  ? lockdep_hardirqs_on+0x8d/0x130
[   98.774866][ T3802]  ? _raw_spin_unlock_irq+0x2a/0x40
[   98.780063][ T3802]  ? ptrace_notify+0x245/0x340
[   98.784848][ T3802]  __x64_sys_openat+0x243/0x290
[   98.789695][ T3802]  ? __ia32_sys_open+0x270/0x270
[   98.794716][ T3802]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   98.800691][ T3802]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   98.806665][ T3802]  do_syscall_64+0x3d/0xb0
[   98.811074][ T3802]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   98.816962][ T3802] RIP: 0033:0x7fc8868064d9
[   98.821369][ T3802] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   98.840970][ T3802] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   98.849374][ T3802] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   98.857350][ T3802] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   98.865310][ T3802] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3803] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3802] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3802] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3802] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3801] exit_group(0 <unfinished ...>
[pid  3803] <... futex resumed>)        = ?
[pid  3802] <... futex resumed>)        = ?
[pid  3801] <... exit_group resumed>)   = ?
[pid  3803] +++ exited with 0 +++
[pid  3802] +++ exited with 0 +++
[pid  3801] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3801, si_uid=0, si_status=0, si_utime=3, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./54/binderfs")                 = 0
[   98.873270][ T3802] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   98.881234][ T3802] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   98.889208][ T3802]  </TASK>
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./54/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./54")                           = 0
mkdir("./55", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3804
./strace-static-x86_64: Process 3804 attached
[pid  3804] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3804] chdir("./55")               = 0
[pid  3804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3804] setpgid(0, 0)               = 0
[pid  3804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3804] write(3, "1000", 4)         = 4
[pid  3804] close(3)                    = 0
[pid  3804] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3804] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3804] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3804] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3805 attached
, parent_tid=[3805], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3805
[pid  3804] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3804] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3805] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3805] memfd_create("syzkaller", 0) = 3
[pid  3805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3805] munmap(0x7fc87e392000, 16777216) = 0
[pid  3805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3805] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3805] close(3)                    = 0
[pid  3805] mkdir("./file0", 0777)      = 0
[   99.189043][ T3805] loop0: detected capacity change from 0 to 32768
[   99.198920][ T3805] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   99.207523][ T3805] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   99.216675][ T3805] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[   99.225613][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   99.232471][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3805] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3805] chdir("./file0")            = 0
[pid  3805] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3805] close(4)                    = 0
[pid  3805] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3804] <... futex resumed>)        = 0
[pid  3804] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3804] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3805] <... futex resumed>)        = 1
[pid  3805] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3805] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3804] <... futex resumed>)        = 0
[pid  3805] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3804] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   99.272167][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[   99.279670][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[   99.285002][ T3805] gfs2: fsid=syz:syz.0: first mount done, others may mount
[   99.298456][ T3805] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[   99.307235][ T3805] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[   99.307235][ T3805]   inode = 12 2341
[pid  3804] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3804] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3804] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3804] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3804] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3806], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3806
[pid  3804] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3806 attached
[pid  3806] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3806] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3806] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[   99.307235][ T3805]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[   99.326059][ T3805] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[   99.335625][ T3805] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3805 [syz-executor337] __gfs2_lookup+0x8c/0x260
[   99.346373][ T3805] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[   99.355137][ T3805] gfs2: fsid=syz:syz.0: about to withdraw this file system
[   99.363230][ T3805] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[   99.372965][ T3805] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[   99.379852][ T3805] gfs2: fsid=syz:syz.0: File system withdrawn
[   99.386401][ T3805] CPU: 0 PID: 3805 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[   99.396834][ T3805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[   99.406901][ T3805] Call Trace:
[   99.410189][ T3805]  <TASK>
[   99.413112][ T3805]  dump_stack_lvl+0x1b1/0x28e
[   99.417796][ T3805]  ? nf_tcp_handle_invalid+0x62e/0x62e
[   99.423251][ T3805]  ? panic+0x710/0x710
[   99.427321][ T3805]  ? kobject_uevent_env+0x46b/0x8e0
[   99.432526][ T3805]  ? do_raw_spin_unlock+0x134/0x8a0
[   99.437741][ T3805]  gfs2_withdraw+0xf33/0x1540
[   99.442680][ T3805]  ? gfs2_lm+0x220/0x220
[   99.446914][ T3805]  ? gfs2_dirent_scan+0xb6/0x650
[   99.451847][ T3805]  ? panic+0x710/0x710
[   99.455902][ T3805]  ? gfs2_permission+0x2ff/0x430
[   99.460845][ T3805]  ? gfs2_consist_inode_i+0xf3/0x110
[   99.466136][ T3805]  gfs2_dirent_scan+0x535/0x650
[   99.471077][ T3805]  ? gfs2_dirent_search+0xb10/0xb10
[   99.476276][ T3805]  gfs2_dirent_search+0x2ea/0xb10
[   99.481334][ T3805]  ? gfs2_dirent_search+0xb10/0xb10
[   99.486566][ T3805]  ? gfs2_dir_search+0x2a0/0x2a0
[   99.491495][ T3805]  ? gfs2_permission+0x3bf/0x430
[   99.496434][ T3805]  gfs2_dir_search+0x8c/0x2a0
[   99.501111][ T3805]  ? do_filldir_main+0x530/0x530
[   99.506044][ T3805]  ? inode_go_held+0xe4/0x1f0
[   99.510718][ T3805]  ? gfs2_glock_wait+0x213/0x2a0
[   99.515647][ T3805]  gfs2_lookupi+0x465/0x650
[   99.520154][ T3805]  ? gfs2_lookup_simple+0x170/0x170
[   99.525350][ T3805]  ? __gfs2_lookup+0x8c/0x260
[   99.530030][ T3805]  __gfs2_lookup+0x8c/0x260
[   99.534530][ T3805]  ? gfs2_atomic_open+0x230/0x230
[   99.539554][ T3805]  ? __d_lookup+0x6a4/0x770
[   99.544048][ T3805]  ? d_hash_and_lookup+0x1c0/0x1c0
[   99.549152][ T3805]  gfs2_atomic_open+0xa4/0x230
[   99.553910][ T3805]  path_openat+0xf39/0x2df0
[   99.558408][ T3805]  ? gfs2_rename2+0x3000/0x3000
[   99.563265][ T3805]  ? do_filp_open+0x4f0/0x4f0
[   99.567947][ T3805]  do_filp_open+0x264/0x4f0
[   99.572440][ T3805]  ? vfs_tmpfile+0x490/0x490
[   99.577030][ T3805]  ? do_raw_spin_unlock+0x134/0x8a0
[   99.582230][ T3805]  ? _raw_spin_unlock+0x24/0x40
[   99.587077][ T3805]  ? alloc_fd+0x5a7/0x640
[   99.591408][ T3805]  do_sys_openat2+0x124/0x4e0
[   99.596077][ T3805]  ? print_irqtrace_events+0x220/0x220
[   99.601524][ T3805]  ? ptrace_stop+0x74d/0x970
[   99.606106][ T3805]  ? do_sys_open+0x220/0x220
[   99.610690][ T3805]  ? lockdep_hardirqs_on+0x8d/0x130
[   99.615968][ T3805]  ? _raw_spin_unlock_irq+0x2a/0x40
[   99.621159][ T3805]  ? ptrace_notify+0x245/0x340
[   99.625915][ T3805]  __x64_sys_openat+0x243/0x290
[   99.630765][ T3805]  ? __ia32_sys_open+0x270/0x270
[   99.635695][ T3805]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[   99.641679][ T3805]  ? syscall_enter_from_user_mode+0x86/0x1d0
[   99.647666][ T3805]  do_syscall_64+0x3d/0xb0
[   99.652074][ T3805]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   99.657956][ T3805] RIP: 0033:0x7fc8868064d9
[   99.662360][ T3805] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   99.681970][ T3805] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   99.690383][ T3805] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[   99.698355][ T3805] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[   99.706317][ T3805] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[   99.714277][ T3805] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3806] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3805] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3805] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3805] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3804] exit_group(0 <unfinished ...>
[pid  3806] <... futex resumed>)        = ?
[pid  3805] <... futex resumed>)        = ?
[pid  3804] <... exit_group resumed>)   = ?
[pid  3806] +++ exited with 0 +++
[pid  3805] +++ exited with 0 +++
[pid  3804] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3804, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./55/binderfs")                 = 0
[   99.722238][ T3805] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[   99.730215][ T3805]  </TASK>
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./55/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./55")                           = 0
mkdir("./56", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3807
./strace-static-x86_64: Process 3807 attached
[pid  3807] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3807] chdir("./56")               = 0
[pid  3807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3807] setpgid(0, 0)               = 0
[pid  3807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3807] write(3, "1000", 4)         = 4
[pid  3807] close(3)                    = 0
[pid  3807] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3807] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3807] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3807] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3808 attached
 <unfinished ...>
[pid  3808] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3807] <... clone resumed>, parent_tid=[3808], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3808
[pid  3808] <... set_robust_list resumed>) = 0
[pid  3808] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3807] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3808] <... futex resumed>)        = 0
[pid  3807] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3808] memfd_create("syzkaller", 0) = 3
[pid  3808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3808] munmap(0x7fc87e392000, 16777216) = 0
[pid  3808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3808] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3808] close(3)                    = 0
[pid  3808] mkdir("./file0", 0777)      = 0
[  100.035158][ T3808] loop0: detected capacity change from 0 to 32768
[  100.046048][ T3808] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  100.054510][ T3808] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  100.064308][ T3808] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  100.073236][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  100.080008][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3808] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3808] chdir("./file0")            = 0
[pid  3808] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3808] close(4)                    = 0
[pid  3808] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3808] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3807] <... futex resumed>)        = 0
[pid  3807] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3807] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3808] <... futex resumed>)        = 0
[pid  3808] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3808] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3808] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3807] <... futex resumed>)        = 0
[pid  3807] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3808] <... futex resumed>)        = 0
[pid  3807] <... futex resumed>)        = 1
[pid  3808] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  100.118413][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  100.125956][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  100.131483][ T3808] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  100.158380][ T3808] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3807] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3807] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3807] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3807] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3809], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3809
[pid  3807] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3809 attached
[pid  3809] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3809] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3809] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  100.167190][ T3808] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  100.167190][ T3808]   inode = 12 2341
[  100.167190][ T3808]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  100.185968][ T3808] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  100.195352][ T3808] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3808 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  100.205463][ T3808] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  100.215022][ T3808] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  100.222503][ T3808] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  100.231315][ T3808] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  100.238444][ T3808] gfs2: fsid=syz:syz.0: File system withdrawn
[  100.244868][ T3808] CPU: 1 PID: 3808 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  100.255287][ T3808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  100.265335][ T3808] Call Trace:
[  100.268616][ T3808]  <TASK>
[  100.271537][ T3808]  dump_stack_lvl+0x1b1/0x28e
[  100.276229][ T3808]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  100.281701][ T3808]  ? panic+0x710/0x710
[  100.285786][ T3808]  ? kobject_uevent_env+0x46b/0x8e0
[  100.290993][ T3808]  ? do_raw_spin_unlock+0x134/0x8a0
[  100.296190][ T3808]  gfs2_withdraw+0xf33/0x1540
[  100.300869][ T3808]  ? gfs2_lm+0x220/0x220
[  100.305099][ T3808]  ? gfs2_dirent_scan+0xb6/0x650
[  100.310036][ T3808]  ? panic+0x710/0x710
[  100.314119][ T3808]  ? gfs2_permission+0x2ff/0x430
[  100.319066][ T3808]  ? gfs2_consist_inode_i+0xf3/0x110
[  100.324346][ T3808]  gfs2_dirent_scan+0x535/0x650
[  100.329197][ T3808]  ? gfs2_dirent_search+0xb10/0xb10
[  100.334391][ T3808]  gfs2_dirent_search+0x2ea/0xb10
[  100.339412][ T3808]  ? gfs2_dirent_search+0xb10/0xb10
[  100.344605][ T3808]  ? gfs2_dir_search+0x2a0/0x2a0
[  100.349535][ T3808]  ? gfs2_permission+0x3bf/0x430
[  100.354472][ T3808]  gfs2_dir_search+0x8c/0x2a0
[  100.359147][ T3808]  ? do_filldir_main+0x530/0x530
[  100.364163][ T3808]  ? inode_go_held+0xe4/0x1f0
[  100.368836][ T3808]  ? gfs2_glock_wait+0x213/0x2a0
[  100.373765][ T3808]  gfs2_lookupi+0x465/0x650
[  100.378267][ T3808]  ? gfs2_lookup_simple+0x170/0x170
[  100.383464][ T3808]  ? __gfs2_lookup+0x8c/0x260
[  100.390142][ T3808]  __gfs2_lookup+0x8c/0x260
[  100.394640][ T3808]  ? gfs2_atomic_open+0x230/0x230
[  100.399660][ T3808]  ? __d_lookup+0x6a4/0x770
[  100.404153][ T3808]  ? d_hash_and_lookup+0x1c0/0x1c0
[  100.409259][ T3808]  gfs2_atomic_open+0xa4/0x230
[  100.414109][ T3808]  path_openat+0xf39/0x2df0
[  100.418608][ T3808]  ? gfs2_rename2+0x3000/0x3000
[  100.423465][ T3808]  ? do_filp_open+0x4f0/0x4f0
[  100.428146][ T3808]  do_filp_open+0x264/0x4f0
[  100.432642][ T3808]  ? vfs_tmpfile+0x490/0x490
[  100.437232][ T3808]  ? do_raw_spin_unlock+0x134/0x8a0
[  100.442427][ T3808]  ? _raw_spin_unlock+0x24/0x40
[  100.447273][ T3808]  ? alloc_fd+0x5a7/0x640
[  100.451606][ T3808]  do_sys_openat2+0x124/0x4e0
[  100.456277][ T3808]  ? print_irqtrace_events+0x220/0x220
[  100.461763][ T3808]  ? ptrace_stop+0x74d/0x970
[  100.466352][ T3808]  ? do_sys_open+0x220/0x220
[  100.470966][ T3808]  ? lockdep_hardirqs_on+0x8d/0x130
[  100.476158][ T3808]  ? _raw_spin_unlock_irq+0x2a/0x40
[  100.481354][ T3808]  ? ptrace_notify+0x245/0x340
[  100.486108][ T3808]  __x64_sys_openat+0x243/0x290
[  100.490957][ T3808]  ? __ia32_sys_open+0x270/0x270
[  100.495891][ T3808]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  100.501868][ T3808]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  100.507846][ T3808]  do_syscall_64+0x3d/0xb0
[  100.512258][ T3808]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  100.518146][ T3808] RIP: 0033:0x7fc8868064d9
[  100.522555][ T3808] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  100.542153][ T3808] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  100.550560][ T3808] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  100.558547][ T3808] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3809] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3808] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3808] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3808] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3807] exit_group(0 <unfinished ...>
[pid  3809] <... futex resumed>)        = ?
[pid  3808] <... futex resumed>)        = ?
[pid  3809] +++ exited with 0 +++
[pid  3808] +++ exited with 0 +++
[pid  3807] <... exit_group resumed>)   = ?
[pid  3807] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3807, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./56/binderfs")                 = 0
[  100.566508][ T3808] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  100.574507][ T3808] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  100.582480][ T3808] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  100.590466][ T3808]  </TASK>
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./56/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./56")                           = 0
mkdir("./57", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3810
./strace-static-x86_64: Process 3810 attached
[pid  3810] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3810] chdir("./57")               = 0
[pid  3810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3810] setpgid(0, 0)               = 0
[pid  3810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3810] write(3, "1000", 4)         = 4
[pid  3810] close(3)                    = 0
[pid  3810] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3810] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3810] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3810] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3811], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3811
[pid  3810] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3810] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3811 attached
 <unfinished ...>
[pid  3811] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3811] memfd_create("syzkaller", 0) = 3
[pid  3811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3811] munmap(0x7fc87e392000, 16777216) = 0
[pid  3811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3811] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3811] close(3)                    = 0
[pid  3811] mkdir("./file0", 0777)      = 0
[  100.909432][ T3811] loop0: detected capacity change from 0 to 32768
[  100.920536][ T3811] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  100.928716][ T3811] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  100.938516][ T3811] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  100.947479][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  100.954470][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3811] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3811] chdir("./file0")            = 0
[pid  3811] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3811] close(4)                    = 0
[pid  3811] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3810] <... futex resumed>)        = 0
[pid  3811] <... futex resumed>)        = 1
[pid  3810] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3810] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3811] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3811] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3810] <... futex resumed>)        = 0
[pid  3810] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3810] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  100.988301][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  100.995989][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  101.001418][ T3811] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3811] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3810] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3810] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3810] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[  101.030805][ T3811] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  101.039366][ T3811] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  101.039366][ T3811]   inode = 12 2341
[  101.039366][ T3811]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  101.058681][ T3811] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  101.068547][ T3811] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3811 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3810] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3812], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3812
[pid  3810] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3812 attached
[pid  3812] set_robust_list(0x7fc87f3919e0, 24) = 0
[  101.078957][ T3811] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  101.087245][ T3812] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  101.087813][ T3811] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  101.095833][ T3812] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  101.095870][ T3812] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3811 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  101.103560][ T3811] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  101.112248][ T3812] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3812 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  101.122586][ T3811] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  101.131231][ T3812] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  101.142234][ T3811] gfs2: fsid=syz:syz.0: File system withdrawn
[  101.162064][ T3811] CPU: 0 PID: 3811 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  101.173693][ T3811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  101.183755][ T3811] Call Trace:
[  101.187027][ T3811]  <TASK>
[  101.189947][ T3811]  dump_stack_lvl+0x1b1/0x28e
[  101.194617][ T3811]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  101.200071][ T3811]  ? panic+0x710/0x710
[  101.204235][ T3811]  ? kobject_uevent_env+0x46b/0x8e0
[  101.209440][ T3811]  ? do_raw_spin_unlock+0x134/0x8a0
[  101.214667][ T3811]  gfs2_withdraw+0xf33/0x1540
[  101.219417][ T3811]  ? gfs2_lm+0x220/0x220
[  101.223657][ T3811]  ? gfs2_dirent_scan+0xb6/0x650
[pid  3812] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3810] exit_group(0)               = ?
[  101.228603][ T3811]  ? panic+0x710/0x710
[  101.232694][ T3811]  ? gfs2_permission+0x2ff/0x430
[  101.237654][ T3811]  ? gfs2_consist_inode_i+0xf3/0x110
[  101.243209][ T3811]  gfs2_dirent_scan+0x535/0x650
[  101.248069][ T3811]  ? gfs2_dirent_search+0xb10/0xb10
[  101.253262][ T3811]  gfs2_dirent_search+0x2ea/0xb10
[  101.258289][ T3811]  ? gfs2_dirent_search+0xb10/0xb10
[  101.263498][ T3811]  ? gfs2_dir_search+0x2a0/0x2a0
[  101.268428][ T3811]  ? gfs2_permission+0x3bf/0x430
[  101.273362][ T3811]  gfs2_dir_search+0x8c/0x2a0
[  101.278041][ T3811]  ? do_filldir_main+0x530/0x530
[  101.282989][ T3811]  ? inode_go_held+0xe4/0x1f0
[  101.287665][ T3811]  ? gfs2_glock_wait+0x213/0x2a0
[  101.292607][ T3811]  gfs2_lookupi+0x465/0x650
[  101.297106][ T3811]  ? gfs2_lookup_simple+0x170/0x170
[  101.302295][ T3811]  ? __gfs2_lookup+0x8c/0x260
[  101.307156][ T3811]  __gfs2_lookup+0x8c/0x260
[  101.311756][ T3811]  ? gfs2_atomic_open+0x230/0x230
[  101.316785][ T3811]  ? __d_lookup+0x6a4/0x770
[  101.321289][ T3811]  ? d_hash_and_lookup+0x1c0/0x1c0
[  101.326421][ T3811]  gfs2_atomic_open+0xa4/0x230
[  101.331195][ T3811]  path_openat+0xf39/0x2df0
[  101.335713][ T3811]  ? gfs2_rename2+0x3000/0x3000
[  101.340571][ T3811]  ? do_filp_open+0x4f0/0x4f0
[  101.345259][ T3811]  do_filp_open+0x264/0x4f0
[  101.349766][ T3811]  ? vfs_tmpfile+0x490/0x490
[  101.354361][ T3811]  ? do_raw_spin_unlock+0x134/0x8a0
[  101.359552][ T3811]  ? _raw_spin_unlock+0x24/0x40
[  101.364390][ T3811]  ? alloc_fd+0x5a7/0x640
[  101.368714][ T3811]  do_sys_openat2+0x124/0x4e0
[  101.373397][ T3811]  ? print_irqtrace_events+0x220/0x220
[  101.378858][ T3811]  ? ptrace_stop+0x74d/0x970
[  101.383443][ T3811]  ? do_sys_open+0x220/0x220
[  101.388023][ T3811]  ? lockdep_hardirqs_on+0x8d/0x130
[  101.393210][ T3811]  ? _raw_spin_unlock_irq+0x2a/0x40
[  101.398403][ T3811]  ? ptrace_notify+0x245/0x340
[  101.403158][ T3811]  __x64_sys_openat+0x243/0x290
[  101.408000][ T3811]  ? __ia32_sys_open+0x270/0x270
[  101.412936][ T3811]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  101.418921][ T3811]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  101.424888][ T3811]  do_syscall_64+0x3d/0xb0
[  101.429294][ T3811]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  101.435184][ T3811] RIP: 0033:0x7fc8868064d9
[  101.439598][ T3811] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  101.459190][ T3811] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  101.467591][ T3811] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3812] <... openat resumed>)       = ?
[pid  3811] <... openat resumed>)       = ?
[pid  3812] +++ exited with 0 +++
[pid  3811] +++ exited with 0 +++
[pid  3810] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3810, si_uid=0, si_status=0, si_utime=2, si_stime=38} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./57/binderfs")                 = 0
[  101.475552][ T3811] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  101.483514][ T3811] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  101.491481][ T3811] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  101.499452][ T3811] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  101.507425][ T3811]  </TASK>
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./57/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./57")                           = 0
mkdir("./58", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3813
./strace-static-x86_64: Process 3813 attached
[pid  3813] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3813] chdir("./58")               = 0
[pid  3813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3813] setpgid(0, 0)               = 0
[pid  3813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3813] write(3, "1000", 4)         = 4
[pid  3813] close(3)                    = 0
[pid  3813] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3813] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3813] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3813] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3814 attached
 <unfinished ...>
[pid  3814] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3813] <... clone resumed>, parent_tid=[3814], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3814
[pid  3813] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3813] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3814] <... set_robust_list resumed>) = 0
[pid  3814] memfd_create("syzkaller", 0) = 3
[pid  3814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3814] munmap(0x7fc87e392000, 16777216) = 0
[pid  3814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3814] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3814] close(3)                    = 0
[pid  3814] mkdir("./file0", 0777)      = 0
[  101.808487][ T3814] loop0: detected capacity change from 0 to 32768
[  101.819429][ T3814] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  101.827906][ T3814] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  101.838080][ T3814] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  101.846957][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  101.854052][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3814] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3814] chdir("./file0")            = 0
[pid  3814] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3814] close(4)                    = 0
[pid  3814] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3813] <... futex resumed>)        = 0
[pid  3813] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3813] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3814] <... futex resumed>)        = 1
[pid  3814] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3814] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3813] <... futex resumed>)        = 0
[pid  3814] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3813] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3814] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3813] <... futex resumed>)        = 0
[pid  3814] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  101.893913][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  101.901460][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  101.906703][ T3814] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3813] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3813] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  101.941128][ T3814] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  101.949844][ T3814] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  101.949844][ T3814]   inode = 12 2341
[  101.949844][ T3814]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  101.968632][ T3814] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  101.978205][ T3814] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3814 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3813] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3813] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3815], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3815
[pid  3813] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3815 attached
[pid  3815] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3815] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3815] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  101.988585][ T3814] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  101.997888][ T3814] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  102.005397][ T3814] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  102.014511][ T3814] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  102.021264][ T3814] gfs2: fsid=syz:syz.0: File system withdrawn
[  102.027718][ T3814] CPU: 0 PID: 3814 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  102.038125][ T3814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  102.048179][ T3814] Call Trace:
[  102.051469][ T3814]  <TASK>
[  102.054385][ T3814]  dump_stack_lvl+0x1b1/0x28e
[  102.059067][ T3814]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  102.064505][ T3814]  ? panic+0x710/0x710
[  102.068565][ T3814]  ? kobject_uevent_env+0x46b/0x8e0
[  102.073774][ T3814]  ? do_raw_spin_unlock+0x134/0x8a0
[  102.078977][ T3814]  gfs2_withdraw+0xf33/0x1540
[  102.083649][ T3814]  ? gfs2_lm+0x220/0x220
[  102.087877][ T3814]  ? gfs2_dirent_scan+0xb6/0x650
[  102.092804][ T3814]  ? panic+0x710/0x710
[  102.096854][ T3814]  ? gfs2_permission+0x2ff/0x430
[  102.101809][ T3814]  ? gfs2_consist_inode_i+0xf3/0x110
[  102.107078][ T3814]  gfs2_dirent_scan+0x535/0x650
[  102.111918][ T3814]  ? gfs2_dirent_search+0xb10/0xb10
[  102.117113][ T3814]  gfs2_dirent_search+0x2ea/0xb10
[  102.122129][ T3814]  ? gfs2_dirent_search+0xb10/0xb10
[  102.127314][ T3814]  ? gfs2_dir_search+0x2a0/0x2a0
[  102.132234][ T3814]  ? gfs2_permission+0x3bf/0x430
[  102.137158][ T3814]  gfs2_dir_search+0x8c/0x2a0
[  102.141822][ T3814]  ? do_filldir_main+0x530/0x530
[  102.146744][ T3814]  ? inode_go_held+0xe4/0x1f0
[  102.151407][ T3814]  ? gfs2_glock_wait+0x213/0x2a0
[  102.156330][ T3814]  gfs2_lookupi+0x465/0x650
[  102.160822][ T3814]  ? gfs2_lookup_simple+0x170/0x170
[  102.166006][ T3814]  ? __gfs2_lookup+0x8c/0x260
[  102.170677][ T3814]  __gfs2_lookup+0x8c/0x260
[  102.175167][ T3814]  ? gfs2_atomic_open+0x230/0x230
[  102.180178][ T3814]  ? __d_lookup+0x6a4/0x770
[  102.184666][ T3814]  ? d_hash_and_lookup+0x1c0/0x1c0
[  102.189760][ T3814]  gfs2_atomic_open+0xa4/0x230
[  102.194511][ T3814]  path_openat+0xf39/0x2df0
[  102.199000][ T3814]  ? gfs2_rename2+0x3000/0x3000
[  102.203844][ T3814]  ? do_filp_open+0x4f0/0x4f0
[  102.208511][ T3814]  do_filp_open+0x264/0x4f0
[  102.212996][ T3814]  ? vfs_tmpfile+0x490/0x490
[  102.217586][ T3814]  ? do_raw_spin_unlock+0x134/0x8a0
[  102.222772][ T3814]  ? _raw_spin_unlock+0x24/0x40
[  102.227614][ T3814]  ? alloc_fd+0x5a7/0x640
[  102.231936][ T3814]  do_sys_openat2+0x124/0x4e0
[  102.236602][ T3814]  ? print_irqtrace_events+0x220/0x220
[  102.242043][ T3814]  ? ptrace_stop+0x74d/0x970
[  102.246618][ T3814]  ? do_sys_open+0x220/0x220
[  102.251198][ T3814]  ? lockdep_hardirqs_on+0x8d/0x130
[  102.256380][ T3814]  ? _raw_spin_unlock_irq+0x2a/0x40
[  102.261563][ T3814]  ? ptrace_notify+0x245/0x340
[  102.266308][ T3814]  __x64_sys_openat+0x243/0x290
[  102.271157][ T3814]  ? __ia32_sys_open+0x270/0x270
[  102.276080][ T3814]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  102.282048][ T3814]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  102.288011][ T3814]  do_syscall_64+0x3d/0xb0
[  102.292411][ T3814]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  102.298288][ T3814] RIP: 0033:0x7fc8868064d9
[  102.302687][ T3814] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  102.322280][ T3814] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  102.330675][ T3814] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3815] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3814] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3814] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3814] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3813] exit_group(0 <unfinished ...>
[pid  3815] <... futex resumed>)        = ?
[pid  3813] <... exit_group resumed>)   = ?
[pid  3815] +++ exited with 0 +++
[pid  3814] <... futex resumed>)        = ?
[pid  3814] +++ exited with 0 +++
[pid  3813] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3813, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./58/binderfs")                 = 0
[  102.338628][ T3814] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  102.346585][ T3814] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  102.354546][ T3814] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  102.362500][ T3814] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  102.370467][ T3814]  </TASK>
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./58/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./58")                           = 0
mkdir("./59", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3816
./strace-static-x86_64: Process 3816 attached
[pid  3816] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3816] chdir("./59")               = 0
[pid  3816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3816] setpgid(0, 0)               = 0
[pid  3816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3816] write(3, "1000", 4)         = 4
[pid  3816] close(3)                    = 0
[pid  3816] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3816] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3816] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3816] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3817], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3817
[pid  3816] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3816] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3817 attached
 <unfinished ...>
[pid  3817] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3817] memfd_create("syzkaller", 0) = 3
[pid  3817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3817] munmap(0x7fc87e392000, 16777216) = 0
[pid  3817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3817] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3817] close(3)                    = 0
[pid  3817] mkdir("./file0", 0777)      = 0
[  102.675246][ T3817] loop0: detected capacity change from 0 to 32768
[  102.684832][ T3817] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  102.693429][ T3817] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  102.702807][ T3817] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  102.711459][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  102.718238][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3817] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3817] chdir("./file0")            = 0
[pid  3817] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3817] close(4)                    = 0
[pid  3817] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3816] <... futex resumed>)        = 0
[pid  3816] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3816] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3817] <... futex resumed>)        = 1
[pid  3817] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3817] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3816] <... futex resumed>)        = 0
[pid  3816] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3816] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3817] <... futex resumed>)        = 1
[  102.752393][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  102.759899][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  102.765198][ T3817] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  102.779897][ T3817] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  102.788484][ T3817] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  102.788484][ T3817]   inode = 12 2341
[pid  3817] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3816] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  102.788484][ T3817]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  102.810249][ T3817] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  102.827358][ T3817] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3817 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  102.837785][ T3817] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3816] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[  102.846678][ T3817] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  102.853966][ T3817] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  102.862846][ T3817] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  102.869477][ T3817] gfs2: fsid=syz:syz.0: File system withdrawn
[  102.876482][ T3817] CPU: 0 PID: 3817 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  102.887875][ T3817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  102.897924][ T3817] Call Trace:
[  102.901198][ T3817]  <TASK>
[  102.904120][ T3817]  dump_stack_lvl+0x1b1/0x28e
[  102.908826][ T3817]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  102.914290][ T3817]  ? panic+0x710/0x710
[  102.918387][ T3817]  ? kobject_uevent_env+0x46b/0x8e0
[  102.923600][ T3817]  ? do_raw_spin_unlock+0x134/0x8a0
[  102.928796][ T3817]  gfs2_withdraw+0xf33/0x1540
[  102.933507][ T3817]  ? gfs2_lm+0x220/0x220
[  102.937770][ T3817]  ? gfs2_dirent_scan+0xb6/0x650
[  102.942710][ T3817]  ? panic+0x710/0x710
[  102.946775][ T3817]  ? gfs2_permission+0x2ff/0x430
[  102.951722][ T3817]  ? gfs2_consist_inode_i+0xf3/0x110
[  102.957024][ T3817]  gfs2_dirent_scan+0x535/0x650
[  102.961899][ T3817]  ? gfs2_dirent_search+0xb10/0xb10
[  102.967101][ T3817]  gfs2_dirent_search+0x2ea/0xb10
[  102.972120][ T3817]  ? gfs2_dirent_search+0xb10/0xb10
[  102.977315][ T3817]  ? gfs2_dir_search+0x2a0/0x2a0
[  102.982269][ T3817]  ? gfs2_permission+0x3bf/0x430
[  102.987213][ T3817]  gfs2_dir_search+0x8c/0x2a0
[  102.991890][ T3817]  ? do_filldir_main+0x530/0x530
[  102.996825][ T3817]  ? inode_go_held+0xe4/0x1f0
[  103.001498][ T3817]  ? gfs2_glock_wait+0x213/0x2a0
[  103.006430][ T3817]  gfs2_lookupi+0x465/0x650
[  103.010934][ T3817]  ? gfs2_lookup_simple+0x170/0x170
[  103.016125][ T3817]  ? __gfs2_lookup+0x8c/0x260
[  103.020804][ T3817]  __gfs2_lookup+0x8c/0x260
[  103.025305][ T3817]  ? gfs2_atomic_open+0x230/0x230
[  103.030330][ T3817]  ? __d_lookup+0x6a4/0x770
[  103.034826][ T3817]  ? d_hash_and_lookup+0x1c0/0x1c0
[  103.039929][ T3817]  gfs2_atomic_open+0xa4/0x230
[  103.044690][ T3817]  path_openat+0xf39/0x2df0
[  103.049188][ T3817]  ? gfs2_rename2+0x3000/0x3000
[  103.054043][ T3817]  ? do_filp_open+0x4f0/0x4f0
[  103.058724][ T3817]  do_filp_open+0x264/0x4f0
[  103.063219][ T3817]  ? vfs_tmpfile+0x490/0x490
[  103.067808][ T3817]  ? do_raw_spin_unlock+0x134/0x8a0
[  103.073002][ T3817]  ? _raw_spin_unlock+0x24/0x40
[  103.077855][ T3817]  ? alloc_fd+0x5a7/0x640
[  103.082186][ T3817]  do_sys_openat2+0x124/0x4e0
[  103.086856][ T3817]  ? print_irqtrace_events+0x220/0x220
[  103.092303][ T3817]  ? ptrace_stop+0x74d/0x970
[  103.096885][ T3817]  ? do_sys_open+0x220/0x220
[  103.101467][ T3817]  ? lockdep_hardirqs_on+0x8d/0x130
[  103.106657][ T3817]  ? _raw_spin_unlock_irq+0x2a/0x40
[  103.111848][ T3817]  ? ptrace_notify+0x245/0x340
[  103.116603][ T3817]  __x64_sys_openat+0x243/0x290
[  103.121447][ T3817]  ? __ia32_sys_open+0x270/0x270
[  103.126382][ T3817]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  103.132359][ T3817]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  103.138332][ T3817]  do_syscall_64+0x3d/0xb0
[  103.142740][ T3817]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  103.148619][ T3817] RIP: 0033:0x7fc8868064d9
[  103.153023][ T3817] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  103.172704][ T3817] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  103.181199][ T3817] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  103.189160][ T3817] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3816] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3817] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3816] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3817] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3817] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3818 attached
 <unfinished ...>
[pid  3816] <... clone resumed>, parent_tid=[3818], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3818
[pid  3818] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3816] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3818] <... set_robust_list resumed>) = 0
[pid  3816] <... futex resumed>)        = 0
[pid  3818] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3818] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3818] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3816] exit_group(0 <unfinished ...>
[pid  3818] <... futex resumed>)        = ?
[pid  3816] <... exit_group resumed>)   = ?
[pid  3817] <... futex resumed>)        = ?
[pid  3817] +++ exited with 0 +++
[pid  3818] +++ exited with 0 +++
[pid  3816] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3816, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./59/binderfs")                 = 0
[  103.197123][ T3817] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  103.205086][ T3817] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  103.213069][ T3817] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  103.221042][ T3817]  </TASK>
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./59/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./59")                           = 0
mkdir("./60", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3819
./strace-static-x86_64: Process 3819 attached
[pid  3819] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3819] chdir("./60")               = 0
[pid  3819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3819] setpgid(0, 0)               = 0
[pid  3819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3819] write(3, "1000", 4)         = 4
[pid  3819] close(3)                    = 0
[pid  3819] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3819] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3819] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3819] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3820 attached
, parent_tid=[3820], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3820
[pid  3819] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3819] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3820] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3820] memfd_create("syzkaller", 0) = 3
[pid  3820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3820] munmap(0x7fc87e392000, 16777216) = 0
[pid  3820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3820] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3820] close(3)                    = 0
[pid  3820] mkdir("./file0", 0777)      = 0
[  103.519156][ T3820] loop0: detected capacity change from 0 to 32768
[  103.528984][ T3820] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  103.537303][ T3820] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  103.546410][ T3820] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  103.555058][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  103.562113][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3820] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3820] chdir("./file0")            = 0
[pid  3820] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3820] close(4)                    = 0
[pid  3820] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3819] <... futex resumed>)        = 0
[pid  3820] <... futex resumed>)        = 1
[pid  3819] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3820] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3819] <... futex resumed>)        = 0
[pid  3820] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3819] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3820] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3819] <... futex resumed>)        = 0
[pid  3820] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3819] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  103.599264][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  103.606847][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  103.612237][ T3820] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  103.625497][ T3820] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  103.634272][ T3820] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  103.634272][ T3820]   inode = 12 2341
[pid  3819] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  103.634272][ T3820]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  103.653259][ T3820] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  103.662573][ T3820] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3820 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  103.672765][ T3820] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  103.681457][ T3820] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  103.688737][ T3820] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3819] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3819] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3819] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3821], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3821
[pid  3819] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3821 attached
[pid  3821] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3821] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3821] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  103.697667][ T3820] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  103.704593][ T3820] gfs2: fsid=syz:syz.0: File system withdrawn
[  103.712711][ T3820] CPU: 0 PID: 3820 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  103.723151][ T3820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  103.733211][ T3820] Call Trace:
[  103.736486][ T3820]  <TASK>
[  103.739406][ T3820]  dump_stack_lvl+0x1b1/0x28e
[  103.744090][ T3820]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  103.749648][ T3820]  ? panic+0x710/0x710
[  103.753723][ T3820]  ? kobject_uevent_env+0x46b/0x8e0
[  103.758927][ T3820]  ? do_raw_spin_unlock+0x134/0x8a0
[  103.764120][ T3820]  gfs2_withdraw+0xf33/0x1540
[  103.768793][ T3820]  ? gfs2_lm+0x220/0x220
[  103.773028][ T3820]  ? gfs2_dirent_scan+0xb6/0x650
[  103.777963][ T3820]  ? panic+0x710/0x710
[  103.782032][ T3820]  ? gfs2_permission+0x2ff/0x430
[  103.786963][ T3820]  ? gfs2_consist_inode_i+0xf3/0x110
[  103.792250][ T3820]  gfs2_dirent_scan+0x535/0x650
[  103.797115][ T3820]  ? gfs2_dirent_search+0xb10/0xb10
[  103.802326][ T3820]  gfs2_dirent_search+0x2ea/0xb10
[  103.807363][ T3820]  ? gfs2_dirent_search+0xb10/0xb10
[  103.812552][ T3820]  ? gfs2_dir_search+0x2a0/0x2a0
[  103.817477][ T3820]  ? gfs2_permission+0x3bf/0x430
[  103.822427][ T3820]  gfs2_dir_search+0x8c/0x2a0
[  103.827104][ T3820]  ? do_filldir_main+0x530/0x530
[  103.832033][ T3820]  ? inode_go_held+0xe4/0x1f0
[  103.836708][ T3820]  ? gfs2_glock_wait+0x213/0x2a0
[  103.841643][ T3820]  gfs2_lookupi+0x465/0x650
[  103.846146][ T3820]  ? gfs2_lookup_simple+0x170/0x170
[  103.851339][ T3820]  ? __gfs2_lookup+0x8c/0x260
[  103.856015][ T3820]  __gfs2_lookup+0x8c/0x260
[  103.860517][ T3820]  ? gfs2_atomic_open+0x230/0x230
[  103.865539][ T3820]  ? __d_lookup+0x6a4/0x770
[  103.870031][ T3820]  ? d_hash_and_lookup+0x1c0/0x1c0
[  103.875135][ T3820]  gfs2_atomic_open+0xa4/0x230
[  103.879897][ T3820]  path_openat+0xf39/0x2df0
[  103.884395][ T3820]  ? gfs2_rename2+0x3000/0x3000
[  103.889247][ T3820]  ? do_filp_open+0x4f0/0x4f0
[  103.893931][ T3820]  do_filp_open+0x264/0x4f0
[  103.898429][ T3820]  ? vfs_tmpfile+0x490/0x490
[  103.903034][ T3820]  ? do_raw_spin_unlock+0x134/0x8a0
[  103.908257][ T3820]  ? _raw_spin_unlock+0x24/0x40
[  103.913116][ T3820]  ? alloc_fd+0x5a7/0x640
[  103.917478][ T3820]  do_sys_openat2+0x124/0x4e0
[  103.922151][ T3820]  ? print_irqtrace_events+0x220/0x220
[  103.927604][ T3820]  ? ptrace_stop+0x74d/0x970
[  103.932188][ T3820]  ? do_sys_open+0x220/0x220
[  103.936773][ T3820]  ? lockdep_hardirqs_on+0x8d/0x130
[  103.941964][ T3820]  ? _raw_spin_unlock_irq+0x2a/0x40
[  103.947156][ T3820]  ? ptrace_notify+0x245/0x340
[  103.951914][ T3820]  __x64_sys_openat+0x243/0x290
[  103.956762][ T3820]  ? __ia32_sys_open+0x270/0x270
[  103.961695][ T3820]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  103.967669][ T3820]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  103.973644][ T3820]  do_syscall_64+0x3d/0xb0
[  103.978056][ T3820]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  103.983942][ T3820] RIP: 0033:0x7fc8868064d9
[  103.988346][ T3820] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  104.008118][ T3820] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.016523][ T3820] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  104.024485][ T3820] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  104.032452][ T3820] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  104.040416][ T3820] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3821] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3820] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3820] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3819] exit_group(0 <unfinished ...>
[pid  3820] <... futex resumed>)        = ?
[pid  3819] <... exit_group resumed>)   = ?
[pid  3820] +++ exited with 0 +++
[pid  3821] <... futex resumed>)        = ?
[pid  3821] +++ exited with 0 +++
[pid  3819] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3819, si_uid=0, si_status=0, si_utime=3, si_stime=27} ---
umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./60/binderfs")                 = 0
[  104.048379][ T3820] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  104.056350][ T3820]  </TASK>
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./60/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./60")                           = 0
mkdir("./61", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3822
./strace-static-x86_64: Process 3822 attached
[pid  3822] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3822] chdir("./61")               = 0
[pid  3822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3822] setpgid(0, 0)               = 0
[pid  3822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3822] write(3, "1000", 4)         = 4
[pid  3822] close(3)                    = 0
[pid  3822] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3822] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3822] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3822] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3823 attached
, parent_tid=[3823], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3823
[pid  3823] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3822] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3822] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3823] <... set_robust_list resumed>) = 0
[pid  3823] memfd_create("syzkaller", 0) = 3
[pid  3823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3823] munmap(0x7fc87e392000, 16777216) = 0
[pid  3823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3823] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3823] close(3)                    = 0
[pid  3823] mkdir("./file0", 0777)      = 0
[  104.358106][ T3823] loop0: detected capacity change from 0 to 32768
[  104.369111][ T3823] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  104.377845][ T3823] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  104.388068][ T3823] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  104.396955][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  104.404205][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3823] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3823] chdir("./file0")            = 0
[pid  3823] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3823] close(4)                    = 0
[pid  3823] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3822] <... futex resumed>)        = 0
[pid  3822] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3822] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3823] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3823] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3822] <... futex resumed>)        = 0
[pid  3822] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3822] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  104.436587][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  104.444146][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  104.449372][ T3823] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  104.483735][ T3823] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  104.492909][ T3823] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  104.492909][ T3823]   inode = 12 2341
[  104.492909][ T3823]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  104.512015][ T3823] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  104.521361][ T3823] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3823 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3823] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3822] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3822] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3822] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3822] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3824], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3824
[pid  3822] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3824 attached
[pid  3824] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3824] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3824] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  104.531566][ T3823] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  104.540196][ T3823] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  104.548203][ T3823] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  104.557061][ T3823] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  104.563853][ T3823] gfs2: fsid=syz:syz.0: File system withdrawn
[  104.570023][ T3823] CPU: 0 PID: 3823 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  104.580455][ T3823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  104.590526][ T3823] Call Trace:
[  104.593906][ T3823]  <TASK>
[  104.596829][ T3823]  dump_stack_lvl+0x1b1/0x28e
[  104.601510][ T3823]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  104.606990][ T3823]  ? panic+0x710/0x710
[  104.611120][ T3823]  ? kobject_uevent_env+0x46b/0x8e0
[  104.616338][ T3823]  ? do_raw_spin_unlock+0x134/0x8a0
[  104.621918][ T3823]  gfs2_withdraw+0xf33/0x1540
[  104.626615][ T3823]  ? gfs2_lm+0x220/0x220
[  104.630850][ T3823]  ? gfs2_dirent_scan+0xb6/0x650
[  104.635792][ T3823]  ? panic+0x710/0x710
[  104.639872][ T3823]  ? gfs2_permission+0x2ff/0x430
[  104.644820][ T3823]  ? gfs2_consist_inode_i+0xf3/0x110
[  104.650129][ T3823]  gfs2_dirent_scan+0x535/0x650
[  104.654977][ T3823]  ? gfs2_dirent_search+0xb10/0xb10
[  104.660179][ T3823]  gfs2_dirent_search+0x2ea/0xb10
[  104.665223][ T3823]  ? gfs2_dirent_search+0xb10/0xb10
[  104.670438][ T3823]  ? gfs2_dir_search+0x2a0/0x2a0
[  104.675367][ T3823]  ? gfs2_permission+0x3bf/0x430
[  104.680297][ T3823]  gfs2_dir_search+0x8c/0x2a0
[pid  3824] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3822] exit_group(0)               = ?
[  104.684965][ T3823]  ? do_filldir_main+0x530/0x530
[  104.689896][ T3823]  ? inode_go_held+0xe4/0x1f0
[  104.694567][ T3823]  ? gfs2_glock_wait+0x213/0x2a0
[  104.699492][ T3823]  gfs2_lookupi+0x465/0x650
[  104.704003][ T3823]  ? gfs2_lookup_simple+0x170/0x170
[  104.709205][ T3823]  ? __gfs2_lookup+0x8c/0x260
[  104.713896][ T3823]  __gfs2_lookup+0x8c/0x260
[  104.718409][ T3823]  ? gfs2_atomic_open+0x230/0x230
[  104.723447][ T3823]  ? __d_lookup+0x6a4/0x770
[  104.727952][ T3823]  ? d_hash_and_lookup+0x1c0/0x1c0
[  104.733149][ T3823]  gfs2_atomic_open+0xa4/0x230
[  104.737925][ T3823]  path_openat+0xf39/0x2df0
[  104.742422][ T3823]  ? gfs2_rename2+0x3000/0x3000
[  104.747279][ T3823]  ? do_filp_open+0x4f0/0x4f0
[  104.751953][ T3823]  do_filp_open+0x264/0x4f0
[  104.756457][ T3823]  ? vfs_tmpfile+0x490/0x490
[  104.761057][ T3823]  ? do_raw_spin_unlock+0x134/0x8a0
[  104.766252][ T3823]  ? _raw_spin_unlock+0x24/0x40
[  104.771093][ T3823]  ? alloc_fd+0x5a7/0x640
[  104.775418][ T3823]  do_sys_openat2+0x124/0x4e0
[  104.780099][ T3823]  ? print_irqtrace_events+0x220/0x220
[  104.785557][ T3823]  ? ptrace_stop+0x74d/0x970
[  104.790136][ T3823]  ? do_sys_open+0x220/0x220
[  104.794737][ T3823]  ? lockdep_hardirqs_on+0x8d/0x130
[  104.799954][ T3823]  ? _raw_spin_unlock_irq+0x2a/0x40
[  104.805151][ T3823]  ? ptrace_notify+0x245/0x340
[  104.809907][ T3823]  __x64_sys_openat+0x243/0x290
[  104.814771][ T3823]  ? __ia32_sys_open+0x270/0x270
[  104.819729][ T3823]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  104.825709][ T3823]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  104.831697][ T3823]  do_syscall_64+0x3d/0xb0
[  104.836120][ T3823]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  104.842006][ T3823] RIP: 0033:0x7fc8868064d9
[  104.846410][ T3823] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  104.866015][ T3823] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  104.874442][ T3823] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3824] <... futex resumed>)        = ?
[pid  3823] <... openat resumed>)       = ?
[pid  3824] +++ exited with 0 +++
[pid  3823] +++ exited with 0 +++
[pid  3822] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3822, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./61/binderfs")                 = 0
[  104.882416][ T3823] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  104.890388][ T3823] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  104.898354][ T3823] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  104.906330][ T3823] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  104.914315][ T3823]  </TASK>
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./61/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./61")                           = 0
mkdir("./62", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3825
./strace-static-x86_64: Process 3825 attached
[pid  3825] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3825] chdir("./62")               = 0
[pid  3825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3825] setpgid(0, 0)               = 0
[pid  3825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3825] write(3, "1000", 4)         = 4
[pid  3825] close(3)                    = 0
[pid  3825] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3825] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3825] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3825] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3826], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3826
[pid  3825] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3825] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3826 attached
 <unfinished ...>
[pid  3826] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3826] memfd_create("syzkaller", 0) = 3
[pid  3826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3826] munmap(0x7fc87e392000, 16777216) = 0
[pid  3826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3826] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3826] close(3)                    = 0
[pid  3826] mkdir("./file0", 0777)      = 0
[  105.215226][ T3826] loop0: detected capacity change from 0 to 32768
[  105.224983][ T3826] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  105.233285][ T3826] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  105.243200][ T3826] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  105.251793][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  105.258568][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3826] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3826] chdir("./file0")            = 0
[pid  3826] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3826] close(4)                    = 0
[pid  3826] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3825] <... futex resumed>)        = 0
[pid  3825] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3825] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3826] <... futex resumed>)        = 1
[pid  3826] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3826] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3825] <... futex resumed>)        = 0
[pid  3825] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3825] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3826] <... futex resumed>)        = 1
[  105.299365][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[  105.306925][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  105.312285][ T3826] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  105.325569][ T3826] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  105.334014][ T3826] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  105.334014][ T3826]   inode = 12 2341
[pid  3826] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3825] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3825] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3825] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3825] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3827], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3827
[pid  3825] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3827 attached
[pid  3827] set_robust_list(0x7fc87f3919e0, 24) = 0
[  105.334014][ T3826]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  105.352840][ T3826] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  105.361963][ T3826] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3826 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  105.372191][ T3826] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  105.382995][ T3826] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  105.390708][ T3826] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3827] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3827] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  105.399802][ T3826] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  105.406487][ T3826] gfs2: fsid=syz:syz.0: File system withdrawn
[  105.412628][ T3826] CPU: 0 PID: 3826 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  105.423052][ T3826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  105.433103][ T3826] Call Trace:
[  105.436388][ T3826]  <TASK>
[  105.439326][ T3826]  dump_stack_lvl+0x1b1/0x28e
[  105.444040][ T3826]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  105.449489][ T3826]  ? panic+0x710/0x710
[  105.453556][ T3826]  ? kobject_uevent_env+0x46b/0x8e0
[  105.458758][ T3826]  ? do_raw_spin_unlock+0x134/0x8a0
[  105.463949][ T3826]  gfs2_withdraw+0xf33/0x1540
[  105.468639][ T3826]  ? gfs2_lm+0x220/0x220
[  105.472885][ T3826]  ? gfs2_dirent_scan+0xb6/0x650
[  105.477818][ T3826]  ? panic+0x710/0x710
[  105.481880][ T3826]  ? gfs2_permission+0x2ff/0x430
[  105.486818][ T3826]  ? gfs2_consist_inode_i+0xf3/0x110
[  105.492094][ T3826]  gfs2_dirent_scan+0x535/0x650
[  105.496937][ T3826]  ? gfs2_dirent_search+0xb10/0xb10
[  105.502133][ T3826]  gfs2_dirent_search+0x2ea/0xb10
[  105.507238][ T3826]  ? gfs2_dirent_search+0xb10/0xb10
[  105.512438][ T3826]  ? gfs2_dir_search+0x2a0/0x2a0
[  105.517380][ T3826]  ? gfs2_permission+0x3bf/0x430
[  105.522320][ T3826]  gfs2_dir_search+0x8c/0x2a0
[  105.526997][ T3826]  ? do_filldir_main+0x530/0x530
[  105.531936][ T3826]  ? inode_go_held+0xe4/0x1f0
[  105.536610][ T3826]  ? gfs2_glock_wait+0x213/0x2a0
[  105.541541][ T3826]  gfs2_lookupi+0x465/0x650
[  105.546044][ T3826]  ? gfs2_lookup_simple+0x170/0x170
[  105.551246][ T3826]  ? __gfs2_lookup+0x8c/0x260
[  105.555923][ T3826]  __gfs2_lookup+0x8c/0x260
[  105.560418][ T3826]  ? gfs2_atomic_open+0x230/0x230
[  105.565459][ T3826]  ? __d_lookup+0x6a4/0x770
[  105.569985][ T3826]  ? d_hash_and_lookup+0x1c0/0x1c0
[  105.575106][ T3826]  gfs2_atomic_open+0xa4/0x230
[  105.579881][ T3826]  path_openat+0xf39/0x2df0
[  105.584386][ T3826]  ? gfs2_rename2+0x3000/0x3000
[  105.589244][ T3826]  ? do_filp_open+0x4f0/0x4f0
[  105.593926][ T3826]  do_filp_open+0x264/0x4f0
[  105.598428][ T3826]  ? vfs_tmpfile+0x490/0x490
[  105.603017][ T3826]  ? do_raw_spin_unlock+0x134/0x8a0
[  105.608260][ T3826]  ? _raw_spin_unlock+0x24/0x40
[  105.613120][ T3826]  ? alloc_fd+0x5a7/0x640
[  105.617468][ T3826]  do_sys_openat2+0x124/0x4e0
[  105.622146][ T3826]  ? print_irqtrace_events+0x220/0x220
[  105.627597][ T3826]  ? ptrace_stop+0x74d/0x970
[  105.632209][ T3826]  ? do_sys_open+0x220/0x220
[  105.636824][ T3826]  ? lockdep_hardirqs_on+0x8d/0x130
[  105.642030][ T3826]  ? _raw_spin_unlock_irq+0x2a/0x40
[  105.647228][ T3826]  ? ptrace_notify+0x245/0x340
[  105.652003][ T3826]  __x64_sys_openat+0x243/0x290
[  105.656870][ T3826]  ? __ia32_sys_open+0x270/0x270
[  105.661804][ T3826]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  105.667786][ T3826]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  105.673765][ T3826]  do_syscall_64+0x3d/0xb0
[  105.678176][ T3826]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  105.684062][ T3826] RIP: 0033:0x7fc8868064d9
[  105.688467][ T3826] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  105.708064][ T3826] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  105.716469][ T3826] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  105.724429][ T3826] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  105.732828][ T3826] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  105.740789][ T3826] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3827] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3826] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3826] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3826] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3825] exit_group(0 <unfinished ...>
[pid  3826] <... futex resumed>)        = ?
[pid  3826] +++ exited with 0 +++
[pid  3825] <... exit_group resumed>)   = ?
[pid  3827] <... futex resumed>)        = ?
[pid  3827] +++ exited with 0 +++
[pid  3825] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3825, si_uid=0, si_status=0, si_utime=4, si_stime=25} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./62/binderfs")                 = 0
[  105.748755][ T3826] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  105.756754][ T3826]  </TASK>
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./62/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./62")                           = 0
mkdir("./63", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3828 attached
 <unfinished ...>
[pid  3828] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3828] chdir("./63")               = 0
[pid  3828] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3828] setpgid(0, 0)               = 0
[pid  3630] <... clone resumed>, child_tidptr=0x55555635f5d0) = 3828
[pid  3828] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3828] write(3, "1000", 4)         = 4
[pid  3828] close(3)                    = 0
[pid  3828] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3828] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3828] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3828] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3829], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3829
[pid  3828] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3828] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3829 attached
 <unfinished ...>
[pid  3829] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3829] memfd_create("syzkaller", 0) = 3
[pid  3829] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3829] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3829] munmap(0x7fc87e392000, 16777216) = 0
[pid  3829] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3829] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3829] close(3)                    = 0
[pid  3829] mkdir("./file0", 0777)      = 0
[  106.055642][ T3829] loop0: detected capacity change from 0 to 32768
[  106.068678][ T3829] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  106.077018][ T3829] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  106.086849][ T3829] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  106.095809][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  106.102984][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3829] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3829] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3829] chdir("./file0")            = 0
[pid  3829] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3829] close(4)                    = 0
[pid  3829] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3828] <... futex resumed>)        = 0
[pid  3828] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3828] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3829] <... futex resumed>)        = 1
[pid  3829] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3829] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3828] <... futex resumed>)        = 0
[pid  3828] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3828] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3829] <... futex resumed>)        = 1
[  106.140151][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  106.149288][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  106.154994][ T3829] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  106.169089][ T3829] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  106.177911][ T3829] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  106.177911][ T3829]   inode = 12 2341
[pid  3829] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3828] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3828] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3828] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3828] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3828] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3830], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3830
./strace-static-x86_64: Process 3830 attached
[pid  3828] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3830] set_robust_list(0x7fc87f3919e0, 24) = 0
[  106.177911][ T3829]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  106.196645][ T3829] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  106.205726][ T3829] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3829 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  106.215877][ T3829] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  106.224421][ T3829] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  106.231706][ T3829] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3830] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3830] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  106.243465][ T3829] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  106.250650][ T3829] gfs2: fsid=syz:syz.0: File system withdrawn
[  106.257319][ T3829] CPU: 0 PID: 3829 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  106.267761][ T3829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  106.277823][ T3829] Call Trace:
[  106.281091][ T3829]  <TASK>
[  106.284011][ T3829]  dump_stack_lvl+0x1b1/0x28e
[  106.288687][ T3829]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  106.294147][ T3829]  ? panic+0x710/0x710
[  106.298207][ T3829]  ? kobject_uevent_env+0x46b/0x8e0
[  106.303395][ T3829]  ? do_raw_spin_unlock+0x134/0x8a0
[  106.308605][ T3829]  gfs2_withdraw+0xf33/0x1540
[  106.313329][ T3829]  ? gfs2_lm+0x220/0x220
[  106.317559][ T3829]  ? gfs2_dirent_scan+0xb6/0x650
[  106.322507][ T3829]  ? panic+0x710/0x710
[  106.326563][ T3829]  ? gfs2_permission+0x2ff/0x430
[  106.331493][ T3829]  ? gfs2_consist_inode_i+0xf3/0x110
[  106.336771][ T3829]  gfs2_dirent_scan+0x535/0x650
[pid  3830] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3828] exit_group(0 <unfinished ...>
[pid  3830] <... futex resumed>)        = ?
[pid  3828] <... exit_group resumed>)   = ?
[pid  3830] +++ exited with 0 +++
[  106.341618][ T3829]  ? gfs2_dirent_search+0xb10/0xb10
[  106.346809][ T3829]  gfs2_dirent_search+0x2ea/0xb10
[  106.351824][ T3829]  ? gfs2_dirent_search+0xb10/0xb10
[  106.357033][ T3829]  ? gfs2_dir_search+0x2a0/0x2a0
[  106.361981][ T3829]  ? gfs2_permission+0x3bf/0x430
[  106.366937][ T3829]  gfs2_dir_search+0x8c/0x2a0
[  106.371805][ T3829]  ? do_filldir_main+0x530/0x530
[  106.376752][ T3829]  ? inode_go_held+0xe4/0x1f0
[  106.381425][ T3829]  ? gfs2_glock_wait+0x213/0x2a0
[  106.386371][ T3829]  gfs2_lookupi+0x465/0x650
[  106.390865][ T3829]  ? gfs2_lookup_simple+0x170/0x170
[  106.396048][ T3829]  ? __gfs2_lookup+0x8c/0x260
[  106.400733][ T3829]  __gfs2_lookup+0x8c/0x260
[  106.405221][ T3829]  ? gfs2_atomic_open+0x230/0x230
[  106.410243][ T3829]  ? __d_lookup+0x6a4/0x770
[  106.414758][ T3829]  ? d_hash_and_lookup+0x1c0/0x1c0
[  106.419876][ T3829]  gfs2_atomic_open+0xa4/0x230
[  106.424633][ T3829]  path_openat+0xf39/0x2df0
[  106.429131][ T3829]  ? gfs2_rename2+0x3000/0x3000
[  106.434001][ T3829]  ? do_filp_open+0x4f0/0x4f0
[  106.438690][ T3829]  do_filp_open+0x264/0x4f0
[  106.443178][ T3829]  ? vfs_tmpfile+0x490/0x490
[  106.447776][ T3829]  ? do_raw_spin_unlock+0x134/0x8a0
[  106.452991][ T3829]  ? _raw_spin_unlock+0x24/0x40
[  106.457847][ T3829]  ? alloc_fd+0x5a7/0x640
[  106.462173][ T3829]  do_sys_openat2+0x124/0x4e0
[  106.466850][ T3829]  ? print_irqtrace_events+0x220/0x220
[  106.472321][ T3829]  ? ptrace_stop+0x74d/0x970
[  106.476914][ T3829]  ? do_sys_open+0x220/0x220
[  106.481490][ T3829]  ? lockdep_hardirqs_on+0x8d/0x130
[  106.486675][ T3829]  ? _raw_spin_unlock_irq+0x2a/0x40
[  106.491871][ T3829]  ? ptrace_notify+0x245/0x340
[  106.496625][ T3829]  __x64_sys_openat+0x243/0x290
[  106.501474][ T3829]  ? __ia32_sys_open+0x270/0x270
[  106.506414][ T3829]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  106.512399][ T3829]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  106.518394][ T3829]  do_syscall_64+0x3d/0xb0
[  106.522804][ T3829]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  106.528695][ T3829] RIP: 0033:0x7fc8868064d9
[  106.533119][ T3829] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  106.552719][ T3829] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  106.561122][ T3829] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  106.569079][ T3829] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  106.577055][ T3829] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  106.585027][ T3829] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3829] <... openat resumed>)       = ?
[pid  3829] +++ exited with 0 +++
[pid  3828] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3828, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./63/binderfs")                 = 0
[  106.593008][ T3829] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  106.601157][ T3829]  </TASK>
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./63/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./63")                           = 0
mkdir("./64", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3831
./strace-static-x86_64: Process 3831 attached
[pid  3831] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3831] chdir("./64")               = 0
[pid  3831] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3831] setpgid(0, 0)               = 0
[pid  3831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3831] write(3, "1000", 4)         = 4
[pid  3831] close(3)                    = 0
[pid  3831] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3831] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3831] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3831] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3832], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3832
[pid  3831] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3831] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3832 attached
 <unfinished ...>
[pid  3832] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3832] memfd_create("syzkaller", 0) = 3
[pid  3832] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3832] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3832] munmap(0x7fc87e392000, 16777216) = 0
[pid  3832] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3832] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3832] close(3)                    = 0
[pid  3832] mkdir("./file0", 0777)      = 0
[  106.921280][ T3832] loop0: detected capacity change from 0 to 32768
[  106.932184][ T3832] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  106.940524][ T3832] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  106.950499][ T3832] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  106.959256][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  106.966484][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3832] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3832] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3832] chdir("./file0")            = 0
[pid  3832] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3832] close(4)                    = 0
[pid  3832] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3831] <... futex resumed>)        = 0
[pid  3831] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3831] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3832] <... futex resumed>)        = 1
[pid  3832] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3832] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3831] <... futex resumed>)        = 0
[pid  3831] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3831] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3832] <... futex resumed>)        = 1
[  107.004387][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  107.013191][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  107.018430][ T3832] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  107.034590][ T3832] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  107.043659][ T3832] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  107.043659][ T3832]   inode = 12 2341
[pid  3832] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3831] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3831] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3831] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3831] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3831] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3833], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3833
./strace-static-x86_64: Process 3833 attached
[pid  3833] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3833] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3831] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3833] <... futex resumed>)        = 0
[pid  3831] <... futex resumed>)        = 1
[pid  3833] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3833] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  107.043659][ T3832]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  107.063412][ T3832] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  107.073208][ T3832] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3832 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  107.084502][ T3832] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  107.095392][ T3832] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  107.103053][ T3832] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  107.112217][ T3832] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  107.118784][ T3832] gfs2: fsid=syz:syz.0: File system withdrawn
[  107.125403][ T3832] CPU: 0 PID: 3832 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  107.135836][ T3832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  107.145906][ T3832] Call Trace:
[  107.149206][ T3832]  <TASK>
[  107.152137][ T3832]  dump_stack_lvl+0x1b1/0x28e
[  107.156821][ T3832]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  107.162287][ T3832]  ? panic+0x710/0x710
[  107.166351][ T3832]  ? kobject_uevent_env+0x46b/0x8e0
[  107.171537][ T3832]  ? do_raw_spin_unlock+0x134/0x8a0
[  107.176741][ T3832]  gfs2_withdraw+0xf33/0x1540
[  107.181462][ T3832]  ? gfs2_lm+0x220/0x220
[  107.185708][ T3832]  ? gfs2_dirent_scan+0xb6/0x650
[  107.190724][ T3832]  ? panic+0x710/0x710
[  107.194784][ T3832]  ? gfs2_permission+0x2ff/0x430
[  107.199804][ T3832]  ? gfs2_consist_inode_i+0xf3/0x110
[  107.205089][ T3832]  gfs2_dirent_scan+0x535/0x650
[  107.209950][ T3832]  ? gfs2_dirent_search+0xb10/0xb10
[  107.215143][ T3832]  gfs2_dirent_search+0x2ea/0xb10
[  107.220160][ T3832]  ? gfs2_dirent_search+0xb10/0xb10
[  107.225352][ T3832]  ? gfs2_dir_search+0x2a0/0x2a0
[  107.230283][ T3832]  ? gfs2_permission+0x3bf/0x430
[  107.235229][ T3832]  gfs2_dir_search+0x8c/0x2a0
[  107.239905][ T3832]  ? do_filldir_main+0x530/0x530
[  107.244837][ T3832]  ? inode_go_held+0xe4/0x1f0
[  107.249510][ T3832]  ? gfs2_glock_wait+0x213/0x2a0
[  107.254439][ T3832]  gfs2_lookupi+0x465/0x650
[  107.258941][ T3832]  ? gfs2_lookup_simple+0x170/0x170
[  107.264131][ T3832]  ? __gfs2_lookup+0x8c/0x260
[  107.268808][ T3832]  __gfs2_lookup+0x8c/0x260
[  107.273312][ T3832]  ? gfs2_atomic_open+0x230/0x230
[  107.278333][ T3832]  ? __d_lookup+0x6a4/0x770
[  107.282828][ T3832]  ? d_hash_and_lookup+0x1c0/0x1c0
[  107.287934][ T3832]  gfs2_atomic_open+0xa4/0x230
[  107.292695][ T3832]  path_openat+0xf39/0x2df0
[  107.297195][ T3832]  ? gfs2_rename2+0x3000/0x3000
[  107.302050][ T3832]  ? do_filp_open+0x4f0/0x4f0
[  107.306728][ T3832]  do_filp_open+0x264/0x4f0
[  107.311222][ T3832]  ? vfs_tmpfile+0x490/0x490
[  107.315810][ T3832]  ? do_raw_spin_unlock+0x134/0x8a0
[  107.321005][ T3832]  ? _raw_spin_unlock+0x24/0x40
[  107.325848][ T3832]  ? alloc_fd+0x5a7/0x640
[  107.330175][ T3832]  do_sys_openat2+0x124/0x4e0
[  107.334842][ T3832]  ? print_irqtrace_events+0x220/0x220
[  107.340291][ T3832]  ? ptrace_stop+0x74d/0x970
[  107.344872][ T3832]  ? do_sys_open+0x220/0x220
[  107.349451][ T3832]  ? lockdep_hardirqs_on+0x8d/0x130
[  107.354640][ T3832]  ? _raw_spin_unlock_irq+0x2a/0x40
[  107.359830][ T3832]  ? ptrace_notify+0x245/0x340
[  107.364584][ T3832]  __x64_sys_openat+0x243/0x290
[  107.369429][ T3832]  ? __ia32_sys_open+0x270/0x270
[  107.374359][ T3832]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  107.380329][ T3832]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  107.386302][ T3832]  do_syscall_64+0x3d/0xb0
[  107.390706][ T3832]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  107.396585][ T3832] RIP: 0033:0x7fc8868064d9
[  107.400986][ T3832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  107.420579][ T3832] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  107.428983][ T3832] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  107.436944][ T3832] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  107.444905][ T3832] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3833] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3832] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3832] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3832] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3831] exit_group(0 <unfinished ...>
[pid  3832] <... futex resumed>)        = ?
[pid  3831] <... exit_group resumed>)   = ?
[pid  3832] +++ exited with 0 +++
[pid  3833] <... futex resumed>)        = ?
[pid  3833] +++ exited with 0 +++
[pid  3831] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3831, si_uid=0, si_status=0, si_utime=0, si_stime=28} ---
umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./64/binderfs")                 = 0
[  107.452863][ T3832] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  107.460820][ T3832] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  107.468796][ T3832]  </TASK>
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./64/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./64")                           = 0
mkdir("./65", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3834
./strace-static-x86_64: Process 3834 attached
[pid  3834] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3834] chdir("./65")               = 0
[pid  3834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3834] setpgid(0, 0)               = 0
[pid  3834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3834] write(3, "1000", 4)         = 4
[pid  3834] close(3)                    = 0
[pid  3834] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3834] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3834] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3834] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3835 attached
, parent_tid=[3835], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3835
[pid  3835] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3835] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3834] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3834] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3835] <... futex resumed>)        = 0
[pid  3835] memfd_create("syzkaller", 0) = 3
[pid  3835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3835] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3835] munmap(0x7fc87e392000, 16777216) = 0
[pid  3835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3835] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3835] close(3)                    = 0
[pid  3835] mkdir("./file0", 0777)      = 0
[  107.769467][ T3835] loop0: detected capacity change from 0 to 32768
[  107.780468][ T3835] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  107.788706][ T3835] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  107.799359][ T3835] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  107.808250][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  107.815219][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3835] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3835] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3835] chdir("./file0")            = 0
[pid  3835] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3835] close(4)                    = 0
[pid  3835] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3835] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3834] <... futex resumed>)        = 0
[pid  3834] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3834] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3835] <... futex resumed>)        = 0
[pid  3835] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3835] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3834] <... futex resumed>)        = 0
[pid  3835] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3834] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3835] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3834] <... futex resumed>)        = 0
[  107.854576][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  107.862406][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  107.867697][ T3835] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3835] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  107.896509][ T3835] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  107.905444][ T3835] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  107.905444][ T3835]   inode = 12 2341
[  107.905444][ T3835]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  107.924549][ T3835] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  107.933770][ T3835] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3835 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3834] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3834] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3834] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3834] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3836], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3836
[pid  3834] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3836 attached
[pid  3836] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3836] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3836] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  107.943917][ T3835] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  107.952481][ T3835] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  107.960346][ T3835] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  107.969483][ T3835] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  107.976080][ T3835] gfs2: fsid=syz:syz.0: File system withdrawn
[  107.982195][ T3835] CPU: 1 PID: 3835 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  107.992619][ T3835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  108.004154][ T3835] Call Trace:
[  108.007434][ T3835]  <TASK>
[  108.010374][ T3835]  dump_stack_lvl+0x1b1/0x28e
[  108.015066][ T3835]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  108.020524][ T3835]  ? panic+0x710/0x710
[  108.024609][ T3835]  ? kobject_uevent_env+0x46b/0x8e0
[  108.029817][ T3835]  ? do_raw_spin_unlock+0x134/0x8a0
[  108.035015][ T3835]  gfs2_withdraw+0xf33/0x1540
[  108.039714][ T3835]  ? gfs2_lm+0x220/0x220
[  108.044007][ T3835]  ? gfs2_dirent_scan+0xb6/0x650
[  108.048945][ T3835]  ? panic+0x710/0x710
[  108.053031][ T3835]  ? gfs2_permission+0x2ff/0x430
[  108.057983][ T3835]  ? gfs2_consist_inode_i+0xf3/0x110
[  108.063267][ T3835]  gfs2_dirent_scan+0x535/0x650
[  108.068127][ T3835]  ? gfs2_dirent_search+0xb10/0xb10
[  108.073330][ T3835]  gfs2_dirent_search+0x2ea/0xb10
[  108.078354][ T3835]  ? gfs2_dirent_search+0xb10/0xb10
[  108.083551][ T3835]  ? gfs2_dir_search+0x2a0/0x2a0
[  108.088484][ T3835]  ? gfs2_permission+0x3bf/0x430
[  108.093423][ T3835]  gfs2_dir_search+0x8c/0x2a0
[  108.098096][ T3835]  ? do_filldir_main+0x530/0x530
[  108.103026][ T3835]  ? inode_go_held+0xe4/0x1f0
[  108.107701][ T3835]  ? gfs2_glock_wait+0x213/0x2a0
[  108.112631][ T3835]  gfs2_lookupi+0x465/0x650
[  108.117133][ T3835]  ? gfs2_lookup_simple+0x170/0x170
[  108.122335][ T3835]  ? __gfs2_lookup+0x8c/0x260
[  108.127013][ T3835]  __gfs2_lookup+0x8c/0x260
[  108.131510][ T3835]  ? gfs2_atomic_open+0x230/0x230
[  108.136531][ T3835]  ? __d_lookup+0x6a4/0x770
[  108.141026][ T3835]  ? d_hash_and_lookup+0x1c0/0x1c0
[  108.146127][ T3835]  gfs2_atomic_open+0xa4/0x230
[  108.150889][ T3835]  path_openat+0xf39/0x2df0
[  108.155394][ T3835]  ? gfs2_rename2+0x3000/0x3000
[  108.160283][ T3835]  ? do_filp_open+0x4f0/0x4f0
[  108.164973][ T3835]  do_filp_open+0x264/0x4f0
[  108.169474][ T3835]  ? vfs_tmpfile+0x490/0x490
[  108.174070][ T3835]  ? do_raw_spin_unlock+0x134/0x8a0
[  108.179274][ T3835]  ? _raw_spin_unlock+0x24/0x40
[  108.184126][ T3835]  ? alloc_fd+0x5a7/0x640
[  108.188459][ T3835]  do_sys_openat2+0x124/0x4e0
[  108.193128][ T3835]  ? print_irqtrace_events+0x220/0x220
[  108.198574][ T3835]  ? ptrace_stop+0x74d/0x970
[  108.203158][ T3835]  ? do_sys_open+0x220/0x220
[  108.207740][ T3835]  ? lockdep_hardirqs_on+0x8d/0x130
[  108.212930][ T3835]  ? _raw_spin_unlock_irq+0x2a/0x40
[  108.218124][ T3835]  ? ptrace_notify+0x245/0x340
[  108.222878][ T3835]  __x64_sys_openat+0x243/0x290
[  108.227722][ T3835]  ? __ia32_sys_open+0x270/0x270
[  108.232653][ T3835]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  108.238628][ T3835]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  108.244601][ T3835]  do_syscall_64+0x3d/0xb0
[  108.249007][ T3835]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  108.254888][ T3835] RIP: 0033:0x7fc8868064d9
[  108.259295][ T3835] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  108.278893][ T3835] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  108.287298][ T3835] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3836] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3835] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3835] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3835] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3834] exit_group(0 <unfinished ...>
[pid  3836] <... futex resumed>)        = ?
[pid  3834] <... exit_group resumed>)   = ?
[pid  3835] <... futex resumed>)        = ?
[pid  3836] +++ exited with 0 +++
[pid  3835] +++ exited with 0 +++
[pid  3834] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3834, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./65/binderfs")                 = 0
[  108.295259][ T3835] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  108.303216][ T3835] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  108.311223][ T3835] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  108.319187][ T3835] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  108.327163][ T3835]  </TASK>
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./65/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./65")                           = 0
mkdir("./66", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3837
./strace-static-x86_64: Process 3837 attached
[pid  3837] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3837] chdir("./66")               = 0
[pid  3837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3837] setpgid(0, 0)               = 0
[pid  3837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3837] write(3, "1000", 4)         = 4
[pid  3837] close(3)                    = 0
[pid  3837] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3837] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3837] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3837] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3838 attached
 <unfinished ...>
[pid  3838] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3837] <... clone resumed>, parent_tid=[3838], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3838
[pid  3837] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3837] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3838] memfd_create("syzkaller", 0) = 3
[pid  3838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3838] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3838] munmap(0x7fc87e392000, 16777216) = 0
[pid  3838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3838] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3838] close(3)                    = 0
[pid  3838] mkdir("./file0", 0777)      = 0
[  108.633151][ T3838] loop0: detected capacity change from 0 to 32768
[  108.644276][ T3838] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  108.652557][ T3838] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  108.662816][ T3838] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  108.671782][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  108.678553][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3838] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3838] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3838] chdir("./file0")            = 0
[pid  3838] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3838] close(4)                    = 0
[pid  3838] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3837] <... futex resumed>)        = 0
[pid  3837] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3837] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3838] <... futex resumed>)        = 1
[pid  3838] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3838] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3837] <... futex resumed>)        = 0
[pid  3837] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3837] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3838] <... futex resumed>)        = 1
[  108.712352][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  108.721298][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  108.726547][ T3838] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  108.745764][ T3838] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  108.754487][ T3838] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3838] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3837] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  108.754487][ T3838]   inode = 12 2341
[  108.754487][ T3838]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  108.773311][ T3838] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  108.782722][ T3838] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3838 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  108.792845][ T3838] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  108.801535][ T3838] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3837] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3837] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3837] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3839 attached
, parent_tid=[3839], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3839
[pid  3839] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3837] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3839] <... set_robust_list resumed>) = 0
[pid  3839] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3839] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3839] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3837] <... futex resumed>)        = 1
[pid  3839] <... futex resumed>)        = 0
[  108.809231][ T3838] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  108.820614][ T3838] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  108.827506][ T3838] gfs2: fsid=syz:syz.0: File system withdrawn
[  108.834008][ T3838] CPU: 0 PID: 3838 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  108.844450][ T3838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  108.854506][ T3838] Call Trace:
[  108.857776][ T3838]  <TASK>
[  108.860713][ T3838]  dump_stack_lvl+0x1b1/0x28e
[  108.865396][ T3838]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  108.870843][ T3838]  ? panic+0x710/0x710
[  108.874911][ T3838]  ? kobject_uevent_env+0x46b/0x8e0
[  108.880104][ T3838]  ? do_raw_spin_unlock+0x134/0x8a0
[  108.885324][ T3838]  gfs2_withdraw+0xf33/0x1540
[  108.890031][ T3838]  ? gfs2_lm+0x220/0x220
[  108.894271][ T3838]  ? gfs2_dirent_scan+0xb6/0x650
[  108.899248][ T3838]  ? panic+0x710/0x710
[  108.903314][ T3838]  ? gfs2_permission+0x2ff/0x430
[  108.908250][ T3838]  ? gfs2_consist_inode_i+0xf3/0x110
[  108.913528][ T3838]  gfs2_dirent_scan+0x535/0x650
[  108.918384][ T3838]  ? gfs2_dirent_search+0xb10/0xb10
[  108.923576][ T3838]  gfs2_dirent_search+0x2ea/0xb10
[  108.928606][ T3838]  ? gfs2_dirent_search+0xb10/0xb10
[  108.933823][ T3838]  ? gfs2_dir_search+0x2a0/0x2a0
[  108.939210][ T3838]  ? gfs2_permission+0x3bf/0x430
[  108.944157][ T3838]  gfs2_dir_search+0x8c/0x2a0
[  108.948842][ T3838]  ? do_filldir_main+0x530/0x530
[  108.953777][ T3838]  ? inode_go_held+0xe4/0x1f0
[  108.958451][ T3838]  ? gfs2_glock_wait+0x213/0x2a0
[  108.963383][ T3838]  gfs2_lookupi+0x465/0x650
[  108.967886][ T3838]  ? gfs2_lookup_simple+0x170/0x170
[  108.973079][ T3838]  ? __gfs2_lookup+0x8c/0x260
[  108.977758][ T3838]  __gfs2_lookup+0x8c/0x260
[  108.982257][ T3838]  ? gfs2_atomic_open+0x230/0x230
[  108.987277][ T3838]  ? __d_lookup+0x6a4/0x770
[  108.991775][ T3838]  ? d_hash_and_lookup+0x1c0/0x1c0
[  108.996882][ T3838]  gfs2_atomic_open+0xa4/0x230
[  109.001662][ T3838]  path_openat+0xf39/0x2df0
[  109.006172][ T3838]  ? gfs2_rename2+0x3000/0x3000
[  109.011039][ T3838]  ? do_filp_open+0x4f0/0x4f0
[  109.015735][ T3838]  do_filp_open+0x264/0x4f0
[  109.020248][ T3838]  ? vfs_tmpfile+0x490/0x490
[  109.024852][ T3838]  ? do_raw_spin_unlock+0x134/0x8a0
[  109.030069][ T3838]  ? _raw_spin_unlock+0x24/0x40
[  109.034935][ T3838]  ? alloc_fd+0x5a7/0x640
[  109.039271][ T3838]  do_sys_openat2+0x124/0x4e0
[  109.043943][ T3838]  ? print_irqtrace_events+0x220/0x220
[  109.049393][ T3838]  ? ptrace_stop+0x74d/0x970
[  109.053979][ T3838]  ? do_sys_open+0x220/0x220
[  109.058580][ T3838]  ? lockdep_hardirqs_on+0x8d/0x130
[  109.063798][ T3838]  ? _raw_spin_unlock_irq+0x2a/0x40
[  109.069021][ T3838]  ? ptrace_notify+0x245/0x340
[  109.073785][ T3838]  __x64_sys_openat+0x243/0x290
[  109.078647][ T3838]  ? __ia32_sys_open+0x270/0x270
[  109.083595][ T3838]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  109.089577][ T3838]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  109.095551][ T3838]  do_syscall_64+0x3d/0xb0
[  109.099965][ T3838]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  109.105875][ T3838] RIP: 0033:0x7fc8868064d9
[  109.110280][ T3838] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  109.129880][ T3838] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  109.138287][ T3838] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  109.146253][ T3838] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  109.154220][ T3838] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3839] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3838] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3838] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3837] exit_group(0 <unfinished ...>
[pid  3838] <... futex resumed>)        = ?
[pid  3837] <... exit_group resumed>)   = ?
[pid  3838] +++ exited with 0 +++
[pid  3839] <... futex resumed>)        = ?
[pid  3839] +++ exited with 0 +++
[pid  3837] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3837, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./66/binderfs")                 = 0
[  109.162185][ T3838] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  109.170151][ T3838] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  109.178131][ T3838]  </TASK>
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./66/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./66")                           = 0
mkdir("./67", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3840
./strace-static-x86_64: Process 3840 attached
[pid  3840] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3840] chdir("./67")               = 0
[pid  3840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3840] setpgid(0, 0)               = 0
[pid  3840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3840] write(3, "1000", 4)         = 4
[pid  3840] close(3)                    = 0
[pid  3840] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3840] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3840] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3840] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3841 attached
, parent_tid=[3841], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3841
[pid  3840] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3840] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3841] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3841] memfd_create("syzkaller", 0) = 3
[pid  3841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3841] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3841] munmap(0x7fc87e392000, 16777216) = 0
[pid  3841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3841] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3841] close(3)                    = 0
[pid  3841] mkdir("./file0", 0777)      = 0
[  109.492560][ T3841] loop0: detected capacity change from 0 to 32768
[  109.502448][ T3841] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  109.510682][ T3841] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  109.520655][ T3841] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  109.529193][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  109.536349][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3841] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3841] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3841] chdir("./file0")            = 0
[pid  3841] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3841] close(4)                    = 0
[pid  3841] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3840] <... futex resumed>)        = 0
[pid  3840] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3840] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3841] <... futex resumed>)        = 1
[pid  3841] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3841] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3840] <... futex resumed>)        = 0
[pid  3840] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3840] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3841] <... futex resumed>)        = 1
[  109.571988][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  109.579512][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  109.584940][ T3841] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  109.602959][ T3841] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  109.611503][ T3841] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3841] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3840] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3840] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3840] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3840] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3842], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3842
[pid  3840] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3842 attached
[pid  3842] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3842] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3842] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  109.611503][ T3841]   inode = 12 2341
[  109.611503][ T3841]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  109.630426][ T3841] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  109.639588][ T3841] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3841 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  109.649724][ T3841] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  109.658581][ T3841] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  109.665960][ T3841] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  109.674863][ T3841] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  109.681589][ T3841] gfs2: fsid=syz:syz.0: File system withdrawn
[  109.687674][ T3841] CPU: 0 PID: 3841 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  109.698183][ T3841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  109.708257][ T3841] Call Trace:
[  109.711536][ T3841]  <TASK>
[  109.714455][ T3841]  dump_stack_lvl+0x1b1/0x28e
[  109.719134][ T3841]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  109.724602][ T3841]  ? panic+0x710/0x710
[  109.728674][ T3841]  ? kobject_uevent_env+0x46b/0x8e0
[  109.733875][ T3841]  ? do_raw_spin_unlock+0x134/0x8a0
[  109.739089][ T3841]  gfs2_withdraw+0xf33/0x1540
[  109.743852][ T3841]  ? gfs2_lm+0x220/0x220
[  109.748113][ T3841]  ? gfs2_dirent_scan+0xb6/0x650
[  109.753044][ T3841]  ? panic+0x710/0x710
[  109.757099][ T3841]  ? gfs2_permission+0x2ff/0x430
[  109.762046][ T3841]  ? gfs2_consist_inode_i+0xf3/0x110
[  109.767341][ T3841]  gfs2_dirent_scan+0x535/0x650
[pid  3842] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3840] exit_group(0 <unfinished ...>
[pid  3842] <... futex resumed>)        = ?
[pid  3840] <... exit_group resumed>)   = ?
[pid  3842] +++ exited with 0 +++
[  109.772194][ T3841]  ? gfs2_dirent_search+0xb10/0xb10
[  109.777397][ T3841]  gfs2_dirent_search+0x2ea/0xb10
[  109.782433][ T3841]  ? gfs2_dirent_search+0xb10/0xb10
[  109.787623][ T3841]  ? gfs2_dir_search+0x2a0/0x2a0
[  109.792549][ T3841]  ? gfs2_permission+0x3bf/0x430
[  109.797500][ T3841]  gfs2_dir_search+0x8c/0x2a0
[  109.802199][ T3841]  ? do_filldir_main+0x530/0x530
[  109.807134][ T3841]  ? inode_go_held+0xe4/0x1f0
[  109.811806][ T3841]  ? gfs2_glock_wait+0x213/0x2a0
[  109.816735][ T3841]  gfs2_lookupi+0x465/0x650
[  109.821236][ T3841]  ? gfs2_lookup_simple+0x170/0x170
[  109.826426][ T3841]  ? __gfs2_lookup+0x8c/0x260
[  109.831095][ T3841]  __gfs2_lookup+0x8c/0x260
[  109.835607][ T3841]  ? gfs2_atomic_open+0x230/0x230
[  109.840642][ T3841]  ? __d_lookup+0x6a4/0x770
[  109.845143][ T3841]  ? d_hash_and_lookup+0x1c0/0x1c0
[  109.850263][ T3841]  gfs2_atomic_open+0xa4/0x230
[  109.855030][ T3841]  path_openat+0xf39/0x2df0
[  109.859534][ T3841]  ? gfs2_rename2+0x3000/0x3000
[  109.864489][ T3841]  ? do_filp_open+0x4f0/0x4f0
[  109.869179][ T3841]  do_filp_open+0x264/0x4f0
[  109.873698][ T3841]  ? vfs_tmpfile+0x490/0x490
[  109.878307][ T3841]  ? do_raw_spin_unlock+0x134/0x8a0
[  109.883525][ T3841]  ? _raw_spin_unlock+0x24/0x40
[  109.888366][ T3841]  ? alloc_fd+0x5a7/0x640
[  109.892693][ T3841]  do_sys_openat2+0x124/0x4e0
[  109.897358][ T3841]  ? print_irqtrace_events+0x220/0x220
[  109.902805][ T3841]  ? ptrace_stop+0x74d/0x970
[  109.907388][ T3841]  ? do_sys_open+0x220/0x220
[  109.911966][ T3841]  ? lockdep_hardirqs_on+0x8d/0x130
[  109.917176][ T3841]  ? _raw_spin_unlock_irq+0x2a/0x40
[  109.922392][ T3841]  ? ptrace_notify+0x245/0x340
[  109.927147][ T3841]  __x64_sys_openat+0x243/0x290
[  109.931993][ T3841]  ? __ia32_sys_open+0x270/0x270
[  109.936925][ T3841]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  109.942908][ T3841]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  109.948973][ T3841]  do_syscall_64+0x3d/0xb0
[  109.953383][ T3841]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  109.959265][ T3841] RIP: 0033:0x7fc8868064d9
[  109.963667][ T3841] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  109.983357][ T3841] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  109.991769][ T3841] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  109.999751][ T3841] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  110.007817][ T3841] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  110.015778][ T3841] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3841] <... openat resumed>)       = ?
[pid  3841] +++ exited with 0 +++
[pid  3840] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3840, si_uid=0, si_status=0, si_utime=0, si_stime=27} ---
umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./67/binderfs")                 = 0
[  110.023739][ T3841] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  110.031713][ T3841]  </TASK>
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./67/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./67")                           = 0
mkdir("./68", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3843
./strace-static-x86_64: Process 3843 attached
[pid  3843] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3843] chdir("./68")               = 0
[pid  3843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3843] setpgid(0, 0)               = 0
[pid  3843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3843] write(3, "1000", 4)         = 4
[pid  3843] close(3)                    = 0
[pid  3843] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3843] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3843] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3843] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3844], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3844
./strace-static-x86_64: Process 3844 attached
[pid  3843] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3843] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3844] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3844] memfd_create("syzkaller", 0) = 3
[pid  3844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3844] munmap(0x7fc87e392000, 16777216) = 0
[pid  3844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3844] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3844] close(3)                    = 0
[pid  3844] mkdir("./file0", 0777)      = 0
[  110.325020][ T3844] loop0: detected capacity change from 0 to 32768
[  110.336272][ T3844] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  110.345020][ T3844] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  110.354153][ T3844] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  110.362781][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  110.369548][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3844] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3844] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3844] chdir("./file0")            = 0
[pid  3844] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3844] close(4)                    = 0
[pid  3844] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3843] <... futex resumed>)        = 0
[pid  3843] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3843] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3844] <... futex resumed>)        = 1
[pid  3844] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3844] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3843] <... futex resumed>)        = 0
[pid  3843] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3843] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  110.406176][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  110.415184][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  110.420543][ T3844] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  110.452573][ T3844] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  110.461256][ T3844] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  110.461256][ T3844]   inode = 12 2341
[  110.461256][ T3844]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  110.480626][ T3844] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  110.489667][ T3844] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3844 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3844] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3843] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3843] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3843] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3843] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3845], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3845
[pid  3843] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3845 attached
[pid  3845] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3845] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3845] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  110.499962][ T3844] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  110.508505][ T3844] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  110.515816][ T3844] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  110.524665][ T3844] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  110.532741][ T3844] gfs2: fsid=syz:syz.0: File system withdrawn
[  110.538817][ T3844] CPU: 0 PID: 3844 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  110.549224][ T3844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  110.559289][ T3844] Call Trace:
[  110.562560][ T3844]  <TASK>
[  110.565493][ T3844]  dump_stack_lvl+0x1b1/0x28e
[  110.570172][ T3844]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  110.575633][ T3844]  ? panic+0x710/0x710
[  110.579691][ T3844]  ? kobject_uevent_env+0x46b/0x8e0
[  110.584877][ T3844]  ? do_raw_spin_unlock+0x134/0x8a0
[  110.590171][ T3844]  gfs2_withdraw+0xf33/0x1540
[  110.594876][ T3844]  ? gfs2_lm+0x220/0x220
[pid  3845] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[  110.599116][ T3844]  ? gfs2_dirent_scan+0xb6/0x650
[  110.604069][ T3844]  ? panic+0x710/0x710
[  110.608141][ T3844]  ? gfs2_permission+0x2ff/0x430
[  110.613082][ T3844]  ? gfs2_consist_inode_i+0xf3/0x110
[  110.618376][ T3844]  gfs2_dirent_scan+0x535/0x650
[  110.623247][ T3844]  ? gfs2_dirent_search+0xb10/0xb10
[  110.628460][ T3844]  gfs2_dirent_search+0x2ea/0xb10
[  110.633487][ T3844]  ? gfs2_dirent_search+0xb10/0xb10
[  110.638682][ T3844]  ? gfs2_dir_search+0x2a0/0x2a0
[  110.643627][ T3844]  ? gfs2_permission+0x3bf/0x430
[  110.648578][ T3844]  gfs2_dir_search+0x8c/0x2a0
[pid  3843] exit_group(0 <unfinished ...>
[pid  3845] <... futex resumed>)        = ?
[pid  3843] <... exit_group resumed>)   = ?
[pid  3845] +++ exited with 0 +++
[  110.653266][ T3844]  ? do_filldir_main+0x530/0x530
[  110.658216][ T3844]  ? inode_go_held+0xe4/0x1f0
[  110.662887][ T3844]  ? gfs2_glock_wait+0x213/0x2a0
[  110.667817][ T3844]  gfs2_lookupi+0x465/0x650
[  110.672322][ T3844]  ? gfs2_lookup_simple+0x170/0x170
[  110.677596][ T3844]  ? __gfs2_lookup+0x8c/0x260
[  110.682274][ T3844]  __gfs2_lookup+0x8c/0x260
[  110.686781][ T3844]  ? gfs2_atomic_open+0x230/0x230
[  110.691820][ T3844]  ? __d_lookup+0x6a4/0x770
[  110.696316][ T3844]  ? d_hash_and_lookup+0x1c0/0x1c0
[  110.701429][ T3844]  gfs2_atomic_open+0xa4/0x230
[  110.706184][ T3844]  path_openat+0xf39/0x2df0
[  110.710680][ T3844]  ? gfs2_rename2+0x3000/0x3000
[  110.715550][ T3844]  ? do_filp_open+0x4f0/0x4f0
[  110.720242][ T3844]  do_filp_open+0x264/0x4f0
[  110.724731][ T3844]  ? vfs_tmpfile+0x490/0x490
[  110.729329][ T3844]  ? do_raw_spin_unlock+0x134/0x8a0
[  110.734538][ T3844]  ? _raw_spin_unlock+0x24/0x40
[  110.739377][ T3844]  ? alloc_fd+0x5a7/0x640
[  110.743702][ T3844]  do_sys_openat2+0x124/0x4e0
[  110.748377][ T3844]  ? print_irqtrace_events+0x220/0x220
[  110.753829][ T3844]  ? ptrace_stop+0x74d/0x970
[  110.758422][ T3844]  ? do_sys_open+0x220/0x220
[  110.763033][ T3844]  ? lockdep_hardirqs_on+0x8d/0x130
[  110.768234][ T3844]  ? _raw_spin_unlock_irq+0x2a/0x40
[  110.773439][ T3844]  ? ptrace_notify+0x245/0x340
[  110.778200][ T3844]  __x64_sys_openat+0x243/0x290
[  110.783046][ T3844]  ? __ia32_sys_open+0x270/0x270
[  110.787985][ T3844]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  110.793961][ T3844]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  110.799946][ T3844]  do_syscall_64+0x3d/0xb0
[  110.804366][ T3844]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  110.810252][ T3844] RIP: 0033:0x7fc8868064d9
[  110.814658][ T3844] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  110.834258][ T3844] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  110.842663][ T3844] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3844] <... openat resumed>)       = ?
[pid  3844] +++ exited with 0 +++
[pid  3843] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3843, si_uid=0, si_status=0, si_utime=0, si_stime=31} ---
umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./68/binderfs")                 = 0
[  110.850628][ T3844] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  110.858591][ T3844] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  110.866562][ T3844] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  110.874542][ T3844] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  110.882543][ T3844]  </TASK>
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./68/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./68")                           = 0
mkdir("./69", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3846
./strace-static-x86_64: Process 3846 attached
[pid  3846] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3846] chdir("./69")               = 0
[pid  3846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3846] setpgid(0, 0)               = 0
[pid  3846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3846] write(3, "1000", 4)         = 4
[pid  3846] close(3)                    = 0
[pid  3846] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3846] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3846] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3846] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3847 attached
, parent_tid=[3847], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3847
[pid  3847] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3846] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3846] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3847] <... set_robust_list resumed>) = 0
[pid  3847] memfd_create("syzkaller", 0) = 3
[pid  3847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3847] munmap(0x7fc87e392000, 16777216) = 0
[pid  3847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3847] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3847] close(3)                    = 0
[pid  3847] mkdir("./file0", 0777)      = 0
[  111.177260][ T3847] loop0: detected capacity change from 0 to 32768
[  111.188171][ T3847] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  111.196437][ T3847] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  111.205911][ T3847] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  111.215034][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  111.221951][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3847] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3847] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3847] chdir("./file0")            = 0
[pid  3847] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3847] close(4)                    = 0
[pid  3847] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3847] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3846] <... futex resumed>)        = 0
[pid  3846] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3847] <... futex resumed>)        = 0
[pid  3846] <... futex resumed>)        = 1
[pid  3847] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3846] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3847] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3847] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3846] <... futex resumed>)        = 0
[pid  3847] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3846] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  111.256517][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  111.265329][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  111.270704][ T3847] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  111.294326][ T3847] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3846] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3846] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3846] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3846] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3848], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3848
[pid  3846] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3848 attached
[pid  3848] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3848] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3848] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  111.303580][ T3847] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  111.303580][ T3847]   inode = 12 2341
[  111.303580][ T3847]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  111.322781][ T3847] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  111.332662][ T3847] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3847 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  111.342960][ T3847] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  111.351709][ T3847] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  111.359017][ T3847] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  111.367886][ T3847] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  111.375901][ T3847] gfs2: fsid=syz:syz.0: File system withdrawn
[  111.382119][ T3847] CPU: 0 PID: 3847 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  111.392542][ T3847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  111.402765][ T3847] Call Trace:
[  111.406059][ T3847]  <TASK>
[  111.409015][ T3847]  dump_stack_lvl+0x1b1/0x28e
[  111.414063][ T3847]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  111.419518][ T3847]  ? panic+0x710/0x710
[  111.423580][ T3847]  ? kobject_uevent_env+0x46b/0x8e0
[  111.428780][ T3847]  ? do_raw_spin_unlock+0x134/0x8a0
[  111.433981][ T3847]  gfs2_withdraw+0xf33/0x1540
[  111.438683][ T3847]  ? gfs2_lm+0x220/0x220
[  111.442945][ T3847]  ? gfs2_dirent_scan+0xb6/0x650
[  111.447891][ T3847]  ? panic+0x710/0x710
[  111.451949][ T3847]  ? gfs2_permission+0x2ff/0x430
[  111.456889][ T3847]  ? gfs2_consist_inode_i+0xf3/0x110
[  111.462166][ T3847]  gfs2_dirent_scan+0x535/0x650
[  111.467031][ T3847]  ? gfs2_dirent_search+0xb10/0xb10
[  111.472227][ T3847]  gfs2_dirent_search+0x2ea/0xb10
[  111.477249][ T3847]  ? gfs2_dirent_search+0xb10/0xb10
[  111.482443][ T3847]  ? gfs2_dir_search+0x2a0/0x2a0
[  111.487371][ T3847]  ? gfs2_permission+0x3bf/0x430
[  111.492307][ T3847]  gfs2_dir_search+0x8c/0x2a0
[  111.496983][ T3847]  ? do_filldir_main+0x530/0x530
[  111.501917][ T3847]  ? inode_go_held+0xe4/0x1f0
[  111.506594][ T3847]  ? gfs2_glock_wait+0x213/0x2a0
[  111.511524][ T3847]  gfs2_lookupi+0x465/0x650
[  111.516026][ T3847]  ? gfs2_lookup_simple+0x170/0x170
[  111.521217][ T3847]  ? __gfs2_lookup+0x8c/0x260
[  111.525902][ T3847]  __gfs2_lookup+0x8c/0x260
[  111.530432][ T3847]  ? gfs2_atomic_open+0x230/0x230
[  111.535453][ T3847]  ? __d_lookup+0x6a4/0x770
[  111.539947][ T3847]  ? d_hash_and_lookup+0x1c0/0x1c0
[  111.545051][ T3847]  gfs2_atomic_open+0xa4/0x230
[  111.549814][ T3847]  path_openat+0xf39/0x2df0
[  111.554312][ T3847]  ? gfs2_rename2+0x3000/0x3000
[  111.559173][ T3847]  ? do_filp_open+0x4f0/0x4f0
[  111.563854][ T3847]  do_filp_open+0x264/0x4f0
[  111.568359][ T3847]  ? vfs_tmpfile+0x490/0x490
[  111.572949][ T3847]  ? do_raw_spin_unlock+0x134/0x8a0
[  111.578151][ T3847]  ? _raw_spin_unlock+0x24/0x40
[  111.583002][ T3847]  ? alloc_fd+0x5a7/0x640
[  111.587332][ T3847]  do_sys_openat2+0x124/0x4e0
[  111.592005][ T3847]  ? print_irqtrace_events+0x220/0x220
[  111.597455][ T3847]  ? ptrace_stop+0x74d/0x970
[  111.602056][ T3847]  ? do_sys_open+0x220/0x220
[  111.606642][ T3847]  ? lockdep_hardirqs_on+0x8d/0x130
[  111.611834][ T3847]  ? _raw_spin_unlock_irq+0x2a/0x40
[  111.617025][ T3847]  ? ptrace_notify+0x245/0x340
[  111.621785][ T3847]  __x64_sys_openat+0x243/0x290
[  111.626632][ T3847]  ? __ia32_sys_open+0x270/0x270
[  111.631567][ T3847]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  111.637539][ T3847]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  111.643530][ T3847]  do_syscall_64+0x3d/0xb0
[  111.647956][ T3847]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  111.653854][ T3847] RIP: 0033:0x7fc8868064d9
[  111.658266][ T3847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  111.677864][ T3847] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  111.686270][ T3847] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  111.694232][ T3847] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3848] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3847] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3847] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3847] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3846] exit_group(0 <unfinished ...>
[pid  3847] <... futex resumed>)        = ?
[pid  3847] +++ exited with 0 +++
[pid  3846] <... exit_group resumed>)   = ?
[pid  3848] <... futex resumed>)        = ?
[pid  3848] +++ exited with 0 +++
[pid  3846] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3846, si_uid=0, si_status=0, si_utime=5, si_stime=29} ---
umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./69/binderfs")                 = 0
[  111.702195][ T3847] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  111.710155][ T3847] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  111.718204][ T3847] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  111.726200][ T3847]  </TASK>
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./69/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./69")                           = 0
mkdir("./70", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3849
./strace-static-x86_64: Process 3849 attached
[pid  3849] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3849] chdir("./70")               = 0
[pid  3849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3849] setpgid(0, 0)               = 0
[pid  3849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3849] write(3, "1000", 4)         = 4
[pid  3849] close(3)                    = 0
[pid  3849] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3849] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3849] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3849] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3850], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3850
[pid  3849] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3849] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3850 attached
 <unfinished ...>
[pid  3850] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3850] memfd_create("syzkaller", 0) = 3
[pid  3850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3850] munmap(0x7fc87e392000, 16777216) = 0
[pid  3850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3850] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3850] close(3)                    = 0
[pid  3850] mkdir("./file0", 0777)      = 0
[  112.010936][ T3850] loop0: detected capacity change from 0 to 32768
[  112.021648][ T3850] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  112.029836][ T3850] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  112.039692][ T3850] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  112.048389][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  112.055517][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3850] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3850] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3850] chdir("./file0")            = 0
[pid  3850] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3850] close(4)                    = 0
[pid  3850] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3849] <... futex resumed>)        = 0
[pid  3850] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3849] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3850] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3849] <... futex resumed>)        = 0
[pid  3850] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3849] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3850] <... futex resumed>)        = 0
[pid  3849] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3850] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  112.092428][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  112.101378][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  112.106601][ T3850] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3849] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  112.133032][ T3850] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  112.142106][ T3850] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  112.142106][ T3850]   inode = 12 2341
[  112.142106][ T3850]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  112.161720][ T3850] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  112.171457][ T3850] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3850 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3849] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3849] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3849] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3849] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3849] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3851], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3851
[pid  3849] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3851 attached
[pid  3851] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3851] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3851] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  112.181826][ T3850] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  112.190315][ T3850] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  112.197916][ T3850] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  112.206770][ T3850] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  112.215073][ T3850] gfs2: fsid=syz:syz.0: File system withdrawn
[  112.221219][ T3850] CPU: 0 PID: 3850 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  112.231644][ T3850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  112.241711][ T3850] Call Trace:
[  112.244982][ T3850]  <TASK>
[  112.247901][ T3850]  dump_stack_lvl+0x1b1/0x28e
[  112.252579][ T3850]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  112.258030][ T3850]  ? panic+0x710/0x710
[  112.262089][ T3850]  ? kobject_uevent_env+0x46b/0x8e0
[  112.267288][ T3850]  ? do_raw_spin_unlock+0x134/0x8a0
[  112.272519][ T3850]  gfs2_withdraw+0xf33/0x1540
[  112.277212][ T3850]  ? gfs2_lm+0x220/0x220
[  112.281449][ T3850]  ? gfs2_dirent_scan+0xb6/0x650
[  112.286423][ T3850]  ? panic+0x710/0x710
[  112.290501][ T3850]  ? gfs2_permission+0x2ff/0x430
[  112.295464][ T3850]  ? gfs2_consist_inode_i+0xf3/0x110
[  112.300852][ T3850]  gfs2_dirent_scan+0x535/0x650
[  112.305726][ T3850]  ? gfs2_dirent_search+0xb10/0xb10
[  112.310940][ T3850]  gfs2_dirent_search+0x2ea/0xb10
[  112.315969][ T3850]  ? gfs2_dirent_search+0xb10/0xb10
[  112.321177][ T3850]  ? gfs2_dir_search+0x2a0/0x2a0
[  112.326108][ T3850]  ? gfs2_permission+0x3bf/0x430
[pid  3851] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3849] exit_group(0 <unfinished ...>
[pid  3851] <... futex resumed>)        = ?
[pid  3849] <... exit_group resumed>)   = ?
[pid  3851] +++ exited with 0 +++
[  112.331046][ T3850]  gfs2_dir_search+0x8c/0x2a0
[  112.335727][ T3850]  ? do_filldir_main+0x530/0x530
[  112.340683][ T3850]  ? inode_go_held+0xe4/0x1f0
[  112.345379][ T3850]  ? gfs2_glock_wait+0x213/0x2a0
[  112.350385][ T3850]  gfs2_lookupi+0x465/0x650
[  112.354904][ T3850]  ? gfs2_lookup_simple+0x170/0x170
[  112.360108][ T3850]  ? __gfs2_lookup+0x8c/0x260
[  112.364807][ T3850]  __gfs2_lookup+0x8c/0x260
[  112.369319][ T3850]  ? gfs2_atomic_open+0x230/0x230
[  112.374378][ T3850]  ? __d_lookup+0x6a4/0x770
[  112.378884][ T3850]  ? d_hash_and_lookup+0x1c0/0x1c0
[  112.383991][ T3850]  gfs2_atomic_open+0xa4/0x230
[  112.388763][ T3850]  path_openat+0xf39/0x2df0
[  112.393261][ T3850]  ? gfs2_rename2+0x3000/0x3000
[  112.398131][ T3850]  ? do_filp_open+0x4f0/0x4f0
[  112.402808][ T3850]  do_filp_open+0x264/0x4f0
[  112.407299][ T3850]  ? vfs_tmpfile+0x490/0x490
[  112.411907][ T3850]  ? do_raw_spin_unlock+0x134/0x8a0
[  112.417119][ T3850]  ? _raw_spin_unlock+0x24/0x40
[  112.421982][ T3850]  ? alloc_fd+0x5a7/0x640
[  112.426312][ T3850]  do_sys_openat2+0x124/0x4e0
[  112.430993][ T3850]  ? print_irqtrace_events+0x220/0x220
[  112.436461][ T3850]  ? ptrace_stop+0x74d/0x970
[  112.441055][ T3850]  ? do_sys_open+0x220/0x220
[  112.445694][ T3850]  ? lockdep_hardirqs_on+0x8d/0x130
[  112.450877][ T3850]  ? _raw_spin_unlock_irq+0x2a/0x40
[  112.456071][ T3850]  ? ptrace_notify+0x245/0x340
[  112.460819][ T3850]  __x64_sys_openat+0x243/0x290
[  112.465661][ T3850]  ? __ia32_sys_open+0x270/0x270
[  112.470586][ T3850]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  112.476556][ T3850]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  112.482530][ T3850]  do_syscall_64+0x3d/0xb0
[  112.486936][ T3850]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  112.492828][ T3850] RIP: 0033:0x7fc8868064d9
[  112.497241][ T3850] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  112.516835][ T3850] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  112.525237][ T3850] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3850] <... openat resumed>)       = ?
[pid  3850] +++ exited with 0 +++
[pid  3849] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3849, si_uid=0, si_status=0, si_utime=0, si_stime=31} ---
umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./70/binderfs")                 = 0
[  112.533198][ T3850] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  112.541170][ T3850] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  112.549146][ T3850] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  112.557119][ T3850] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  112.565181][ T3850]  </TASK>
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./70/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./70")                           = 0
mkdir("./71", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3852
./strace-static-x86_64: Process 3852 attached
[pid  3852] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3852] chdir("./71")               = 0
[pid  3852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3852] setpgid(0, 0)               = 0
[pid  3852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3852] write(3, "1000", 4)         = 4
[pid  3852] close(3)                    = 0
[pid  3852] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3852] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3852] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3852] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3853], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3853
[pid  3852] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3852] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3853 attached
 <unfinished ...>
[pid  3853] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3853] memfd_create("syzkaller", 0) = 3
[pid  3853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3853] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3853] munmap(0x7fc87e392000, 16777216) = 0
[pid  3853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3853] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3853] close(3)                    = 0
[pid  3853] mkdir("./file0", 0777)      = 0
[  112.870034][ T3853] loop0: detected capacity change from 0 to 32768
[  112.879859][ T3853] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  112.888806][ T3853] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  112.898644][ T3853] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  112.907423][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  112.914679][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3853] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3853] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3853] chdir("./file0")            = 0
[pid  3853] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3853] close(4)                    = 0
[pid  3853] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3852] <... futex resumed>)        = 0
[pid  3853] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3852] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3853] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3852] <... futex resumed>)        = 0
[pid  3853] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3852] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3853] <... futex resumed>)        = 0
[pid  3852] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3853] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3852] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  112.950517][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  112.958082][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  112.963997][ T3853] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  112.979799][ T3853] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  112.988668][ T3853] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  112.988668][ T3853]   inode = 12 2341
[pid  3852] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  112.988668][ T3853]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  113.007592][ T3853] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  113.016876][ T3853] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3853 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  113.026977][ T3853] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  113.035611][ T3853] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3852] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  113.043192][ T3853] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  113.052061][ T3853] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  113.058688][ T3853] gfs2: fsid=syz:syz.0: File system withdrawn
[  113.064923][ T3853] CPU: 0 PID: 3853 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  113.075352][ T3853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  113.085399][ T3853] Call Trace:
[  113.088671][ T3853]  <TASK>
[  113.091767][ T3853]  dump_stack_lvl+0x1b1/0x28e
[  113.096441][ T3853]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  113.101890][ T3853]  ? panic+0x710/0x710
[  113.105950][ T3853]  ? kobject_uevent_env+0x46b/0x8e0
[  113.111141][ T3853]  ? do_raw_spin_unlock+0x134/0x8a0
[  113.116338][ T3853]  gfs2_withdraw+0xf33/0x1540
[  113.121019][ T3853]  ? gfs2_lm+0x220/0x220
[  113.125251][ T3853]  ? gfs2_dirent_scan+0xb6/0x650
[  113.130183][ T3853]  ? panic+0x710/0x710
[  113.134243][ T3853]  ? gfs2_permission+0x2ff/0x430
[  113.139178][ T3853]  ? gfs2_consist_inode_i+0xf3/0x110
[  113.144462][ T3853]  gfs2_dirent_scan+0x535/0x650
[  113.149323][ T3853]  ? gfs2_dirent_search+0xb10/0xb10
[  113.154517][ T3853]  gfs2_dirent_search+0x2ea/0xb10
[  113.159552][ T3853]  ? gfs2_dirent_search+0xb10/0xb10
[  113.164749][ T3853]  ? gfs2_dir_search+0x2a0/0x2a0
[  113.169681][ T3853]  ? gfs2_permission+0x3bf/0x430
[  113.174622][ T3853]  gfs2_dir_search+0x8c/0x2a0
[  113.179300][ T3853]  ? do_filldir_main+0x530/0x530
[  113.184233][ T3853]  ? inode_go_held+0xe4/0x1f0
[  113.188915][ T3853]  ? gfs2_glock_wait+0x213/0x2a0
[  113.193847][ T3853]  gfs2_lookupi+0x465/0x650
[  113.198352][ T3853]  ? gfs2_lookup_simple+0x170/0x170
[  113.203547][ T3853]  ? __gfs2_lookup+0x8c/0x260
[  113.208227][ T3853]  __gfs2_lookup+0x8c/0x260
[  113.212733][ T3853]  ? gfs2_atomic_open+0x230/0x230
[  113.217771][ T3853]  ? __d_lookup+0x6a4/0x770
[  113.222265][ T3853]  ? d_hash_and_lookup+0x1c0/0x1c0
[  113.227373][ T3853]  gfs2_atomic_open+0xa4/0x230
[  113.234483][ T3853]  path_openat+0xf39/0x2df0
[  113.238988][ T3853]  ? gfs2_rename2+0x3000/0x3000
[  113.243851][ T3853]  ? do_filp_open+0x4f0/0x4f0
[  113.248533][ T3853]  do_filp_open+0x264/0x4f0
[  113.253035][ T3853]  ? vfs_tmpfile+0x490/0x490
[  113.257660][ T3853]  ? do_raw_spin_unlock+0x134/0x8a0
[  113.262860][ T3853]  ? _raw_spin_unlock+0x24/0x40
[  113.267725][ T3853]  ? alloc_fd+0x5a7/0x640
[  113.272057][ T3853]  do_sys_openat2+0x124/0x4e0
[  113.276724][ T3853]  ? print_irqtrace_events+0x220/0x220
[  113.282539][ T3853]  ? ptrace_stop+0x74d/0x970
[  113.287152][ T3853]  ? do_sys_open+0x220/0x220
[  113.291780][ T3853]  ? lockdep_hardirqs_on+0x8d/0x130
[  113.297005][ T3853]  ? _raw_spin_unlock_irq+0x2a/0x40
[  113.302218][ T3853]  ? ptrace_notify+0x245/0x340
[  113.306990][ T3853]  __x64_sys_openat+0x243/0x290
[  113.311848][ T3853]  ? __ia32_sys_open+0x270/0x270
[  113.316784][ T3853]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  113.322758][ T3853]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  113.328734][ T3853]  do_syscall_64+0x3d/0xb0
[  113.333142][ T3853]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  113.339026][ T3853] RIP: 0033:0x7fc8868064d9
[  113.343431][ T3853] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  113.363027][ T3853] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  113.371436][ T3853] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  113.379402][ T3853] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  113.387367][ T3853] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 <unfinished ...>
[pid  3853] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3852] <... mmap resumed>)         = 0x7fc87f371000
[pid  3853] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3852] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE <unfinished ...>
[pid  3853] <... futex resumed>)        = 0
[pid  3852] <... mprotect resumed>)     = 0
[pid  3853] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3852] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3854], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3854
[pid  3852] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3854 attached
[pid  3854] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3854] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3854] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3854] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3852] exit_group(0 <unfinished ...>
[pid  3853] <... futex resumed>)        = ?
[pid  3852] <... exit_group resumed>)   = ?
[pid  3853] +++ exited with 0 +++
[pid  3854] <... futex resumed>)        = ?
[pid  3854] +++ exited with 0 +++
[pid  3852] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3852, si_uid=0, si_status=0, si_utime=1, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./71/binderfs")                 = 0
[  113.395335][ T3853] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  113.403299][ T3853] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  113.411280][ T3853]  </TASK>
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./71/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./71")                           = 0
mkdir("./72", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3855
./strace-static-x86_64: Process 3855 attached
[pid  3855] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3855] chdir("./72")               = 0
[pid  3855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3855] setpgid(0, 0)               = 0
[pid  3855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3855] write(3, "1000", 4)         = 4
[pid  3855] close(3)                    = 0
[pid  3855] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3855] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3855] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3855] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3856 attached
, parent_tid=[3856], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3856
[pid  3856] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3856] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3855] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3856] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3855] <... futex resumed>)        = 0
[pid  3855] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3856] memfd_create("syzkaller", 0) = 3
[pid  3856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3856] munmap(0x7fc87e392000, 16777216) = 0
[pid  3856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3856] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3856] close(3)                    = 0
[pid  3856] mkdir("./file0", 0777)      = 0
[  113.719441][ T3856] loop0: detected capacity change from 0 to 32768
[  113.730017][ T3856] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  113.738534][ T3856] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  113.748424][ T3856] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  113.757486][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  113.764434][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3856] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3856] chdir("./file0")            = 0
[pid  3856] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3856] close(4)                    = 0
[pid  3856] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3855] <... futex resumed>)        = 0
[pid  3855] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3855] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3856] <... futex resumed>)        = 1
[pid  3856] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3856] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3855] <... futex resumed>)        = 0
[pid  3855] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3855] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3856] <... futex resumed>)        = 1
[  113.797462][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  113.805092][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  113.810531][ T3856] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  113.827691][ T3856] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  113.836724][ T3856] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  113.836724][ T3856]   inode = 12 2341
[pid  3856] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3855] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3855] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3855] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3855] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3857], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3857
./strace-static-x86_64: Process 3857 attached
[pid  3855] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3857] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3857] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3857] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  113.836724][ T3856]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  113.855948][ T3856] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  113.865224][ T3856] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3856 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  113.875902][ T3856] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  113.887693][ T3856] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  113.895170][ T3856] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  113.904076][ T3856] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  113.911089][ T3856] gfs2: fsid=syz:syz.0: File system withdrawn
[  113.917647][ T3856] CPU: 0 PID: 3856 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  113.928083][ T3856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  113.938133][ T3856] Call Trace:
[  113.941402][ T3856]  <TASK>
[  113.944322][ T3856]  dump_stack_lvl+0x1b1/0x28e
[  113.948991][ T3856]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  113.954442][ T3856]  ? panic+0x710/0x710
[  113.958496][ T3856]  ? kobject_uevent_env+0x46b/0x8e0
[  113.963685][ T3856]  ? do_raw_spin_unlock+0x134/0x8a0
[  113.968875][ T3856]  gfs2_withdraw+0xf33/0x1540
[  113.973582][ T3856]  ? gfs2_lm+0x220/0x220
[  113.977809][ T3856]  ? gfs2_dirent_scan+0xb6/0x650
[  113.982733][ T3856]  ? panic+0x710/0x710
[  113.986787][ T3856]  ? gfs2_permission+0x2ff/0x430
[  113.991719][ T3856]  ? gfs2_consist_inode_i+0xf3/0x110
[  113.996994][ T3856]  gfs2_dirent_scan+0x535/0x650
[  114.001834][ T3856]  ? gfs2_dirent_search+0xb10/0xb10
[  114.007024][ T3856]  gfs2_dirent_search+0x2ea/0xb10
[  114.012045][ T3856]  ? gfs2_dirent_search+0xb10/0xb10
[  114.017271][ T3856]  ? gfs2_dir_search+0x2a0/0x2a0
[  114.022203][ T3856]  ? gfs2_permission+0x3bf/0x430
[  114.027149][ T3856]  gfs2_dir_search+0x8c/0x2a0
[  114.031824][ T3856]  ? do_filldir_main+0x530/0x530
[  114.036764][ T3856]  ? inode_go_held+0xe4/0x1f0
[  114.041442][ T3856]  ? gfs2_glock_wait+0x213/0x2a0
[  114.046377][ T3856]  gfs2_lookupi+0x465/0x650
[  114.050883][ T3856]  ? gfs2_lookup_simple+0x170/0x170
[  114.056076][ T3856]  ? __gfs2_lookup+0x8c/0x260
[  114.060780][ T3856]  __gfs2_lookup+0x8c/0x260
[  114.065288][ T3856]  ? gfs2_atomic_open+0x230/0x230
[  114.070311][ T3856]  ? __d_lookup+0x6a4/0x770
[  114.074809][ T3856]  ? d_hash_and_lookup+0x1c0/0x1c0
[  114.079915][ T3856]  gfs2_atomic_open+0xa4/0x230
[  114.084677][ T3856]  path_openat+0xf39/0x2df0
[  114.089176][ T3856]  ? gfs2_rename2+0x3000/0x3000
[  114.094056][ T3856]  ? do_filp_open+0x4f0/0x4f0
[  114.098741][ T3856]  do_filp_open+0x264/0x4f0
[  114.103236][ T3856]  ? vfs_tmpfile+0x490/0x490
[  114.107832][ T3856]  ? do_raw_spin_unlock+0x134/0x8a0
[  114.113029][ T3856]  ? _raw_spin_unlock+0x24/0x40
[  114.117894][ T3856]  ? alloc_fd+0x5a7/0x640
[  114.122226][ T3856]  do_sys_openat2+0x124/0x4e0
[  114.126896][ T3856]  ? print_irqtrace_events+0x220/0x220
[  114.132348][ T3856]  ? ptrace_stop+0x74d/0x970
[  114.136931][ T3856]  ? do_sys_open+0x220/0x220
[  114.141516][ T3856]  ? lockdep_hardirqs_on+0x8d/0x130
[  114.146716][ T3856]  ? _raw_spin_unlock_irq+0x2a/0x40
[  114.151912][ T3856]  ? ptrace_notify+0x245/0x340
[  114.156670][ T3856]  __x64_sys_openat+0x243/0x290
[  114.161518][ T3856]  ? __ia32_sys_open+0x270/0x270
[  114.166462][ T3856]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  114.172441][ T3856]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  114.178418][ T3856]  do_syscall_64+0x3d/0xb0
[  114.182831][ T3856]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  114.188715][ T3856] RIP: 0033:0x7fc8868064d9
[  114.193120][ T3856] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  114.213239][ T3856] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  114.221642][ T3856] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  114.229603][ T3856] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  114.237583][ T3856] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3857] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3856] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3856] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3855] exit_group(0 <unfinished ...>
[pid  3857] <... futex resumed>)        = ?
[pid  3855] <... exit_group resumed>)   = ?
[pid  3857] +++ exited with 0 +++
[pid  3856] <... futex resumed>)        = ?
[pid  3856] +++ exited with 0 +++
[pid  3855] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3855, si_uid=0, si_status=0, si_utime=3, si_stime=25} ---
umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./72/binderfs")                 = 0
[  114.245566][ T3856] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  114.253526][ T3856] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  114.261500][ T3856]  </TASK>
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./72/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./72")                           = 0
mkdir("./73", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3858 attached
, child_tidptr=0x55555635f5d0) = 3858
[pid  3858] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3858] chdir("./73")               = 0
[pid  3858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3858] setpgid(0, 0)               = 0
[pid  3858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3858] write(3, "1000", 4)         = 4
[pid  3858] close(3)                    = 0
[pid  3858] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3858] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3858] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3858] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3859], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3859
./strace-static-x86_64: Process 3859 attached
[pid  3859] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3858] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3858] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3859] memfd_create("syzkaller", 0) = 3
[pid  3859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3859] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3859] munmap(0x7fc87e392000, 16777216) = 0
[pid  3859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3859] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3859] close(3)                    = 0
[pid  3859] mkdir("./file0", 0777)      = 0
[  114.554581][ T3859] loop0: detected capacity change from 0 to 32768
[  114.567504][ T3859] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  114.576438][ T3859] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  114.586516][ T3859] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  114.595474][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  114.602658][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3859] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3859] chdir("./file0")            = 0
[pid  3859] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3859] close(4)                    = 0
[pid  3859] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3858] <... futex resumed>)        = 0
[pid  3858] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3858] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3859] <... futex resumed>)        = 1
[pid  3859] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3859] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3858] <... futex resumed>)        = 0
[pid  3858] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3858] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3859] <... futex resumed>)        = 1
[  114.641548][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  114.650974][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  114.656235][ T3859] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  114.693282][ T3859] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  114.702644][ T3859] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  114.702644][ T3859]   inode = 12 2341
[  114.702644][ T3859]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  114.721552][ T3859] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  114.730723][ T3859] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3859 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3859] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3858] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3858] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3858] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3858] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3860], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3860
[pid  3858] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3860 attached
[pid  3860] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3860] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3860] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  114.740885][ T3859] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  114.749383][ T3859] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  114.756731][ T3859] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  114.765589][ T3859] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  114.772202][ T3859] gfs2: fsid=syz:syz.0: File system withdrawn
[  114.778391][ T3859] CPU: 0 PID: 3859 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  114.788812][ T3859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  114.798859][ T3859] Call Trace:
[  114.802142][ T3859]  <TASK>
[  114.805082][ T3859]  dump_stack_lvl+0x1b1/0x28e
[  114.809773][ T3859]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  114.815230][ T3859]  ? panic+0x710/0x710
[  114.819332][ T3859]  ? kobject_uevent_env+0x46b/0x8e0
[  114.824555][ T3859]  ? do_raw_spin_unlock+0x134/0x8a0
[  114.829793][ T3859]  gfs2_withdraw+0xf33/0x1540
[  114.834475][ T3859]  ? gfs2_lm+0x220/0x220
[  114.838719][ T3859]  ? gfs2_dirent_scan+0xb6/0x650
[  114.843647][ T3859]  ? panic+0x710/0x710
[  114.847706][ T3859]  ? gfs2_permission+0x2ff/0x430
[  114.852640][ T3859]  ? gfs2_consist_inode_i+0xf3/0x110
[  114.857922][ T3859]  gfs2_dirent_scan+0x535/0x650
[  114.862780][ T3859]  ? gfs2_dirent_search+0xb10/0xb10
[  114.867992][ T3859]  gfs2_dirent_search+0x2ea/0xb10
[  114.873020][ T3859]  ? gfs2_dirent_search+0xb10/0xb10
[  114.878230][ T3859]  ? gfs2_dir_search+0x2a0/0x2a0
[  114.883191][ T3859]  ? gfs2_permission+0x3bf/0x430
[  114.888136][ T3859]  gfs2_dir_search+0x8c/0x2a0
[  114.892813][ T3859]  ? do_filldir_main+0x530/0x530
[  114.897745][ T3859]  ? inode_go_held+0xe4/0x1f0
[  114.902423][ T3859]  ? gfs2_glock_wait+0x213/0x2a0
[  114.907358][ T3859]  gfs2_lookupi+0x465/0x650
[  114.911879][ T3859]  ? gfs2_lookup_simple+0x170/0x170
[  114.917080][ T3859]  ? __gfs2_lookup+0x8c/0x260
[  114.921763][ T3859]  __gfs2_lookup+0x8c/0x260
[  114.926264][ T3859]  ? gfs2_atomic_open+0x230/0x230
[  114.931288][ T3859]  ? __d_lookup+0x6a4/0x770
[  114.935806][ T3859]  ? d_hash_and_lookup+0x1c0/0x1c0
[  114.940910][ T3859]  gfs2_atomic_open+0xa4/0x230
[  114.945670][ T3859]  path_openat+0xf39/0x2df0
[  114.950172][ T3859]  ? gfs2_rename2+0x3000/0x3000
[  114.955028][ T3859]  ? do_filp_open+0x4f0/0x4f0
[  114.959727][ T3859]  do_filp_open+0x264/0x4f0
[  114.964223][ T3859]  ? vfs_tmpfile+0x490/0x490
[  114.968826][ T3859]  ? do_raw_spin_unlock+0x134/0x8a0
[  114.974027][ T3859]  ? _raw_spin_unlock+0x24/0x40
[  114.978871][ T3859]  ? alloc_fd+0x5a7/0x640
[  114.984503][ T3859]  do_sys_openat2+0x124/0x4e0
[  114.989172][ T3859]  ? print_irqtrace_events+0x220/0x220
[  114.994619][ T3859]  ? ptrace_stop+0x74d/0x970
[  114.999206][ T3859]  ? do_sys_open+0x220/0x220
[  115.003790][ T3859]  ? lockdep_hardirqs_on+0x8d/0x130
[  115.008982][ T3859]  ? _raw_spin_unlock_irq+0x2a/0x40
[  115.014174][ T3859]  ? ptrace_notify+0x245/0x340
[  115.018933][ T3859]  __x64_sys_openat+0x243/0x290
[  115.023784][ T3859]  ? __ia32_sys_open+0x270/0x270
[  115.028717][ T3859]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  115.034695][ T3859]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  115.040672][ T3859]  do_syscall_64+0x3d/0xb0
[  115.045081][ T3859]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  115.051070][ T3859] RIP: 0033:0x7fc8868064d9
[  115.055477][ T3859] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  115.075163][ T3859] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  115.083570][ T3859] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3860] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3859] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3859] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3859] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3858] exit_group(0 <unfinished ...>
[pid  3859] <... futex resumed>)        = ?
[pid  3859] +++ exited with 0 +++
[pid  3858] <... exit_group resumed>)   = ?
[pid  3860] <... futex resumed>)        = ?
[pid  3860] +++ exited with 0 +++
[pid  3858] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3858, si_uid=0, si_status=0, si_utime=4, si_stime=29} ---
umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./73/binderfs")                 = 0
[  115.091537][ T3859] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  115.099584][ T3859] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  115.107545][ T3859] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  115.115594][ T3859] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  115.123566][ T3859]  </TASK>
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./73/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./73")                           = 0
mkdir("./74", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3861
./strace-static-x86_64: Process 3861 attached
[pid  3861] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3861] chdir("./74")               = 0
[pid  3861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3861] setpgid(0, 0)               = 0
[pid  3861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3861] write(3, "1000", 4)         = 4
[pid  3861] close(3)                    = 0
[pid  3861] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3861] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3861] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3861] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3862], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3862
[pid  3861] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3861] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3862 attached
 <unfinished ...>
[pid  3862] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3862] memfd_create("syzkaller", 0) = 3
[pid  3862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3862] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3862] munmap(0x7fc87e392000, 16777216) = 0
[pid  3862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3862] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3862] close(3)                    = 0
[pid  3862] mkdir("./file0", 0777)      = 0
[  115.416496][ T3862] loop0: detected capacity change from 0 to 32768
[  115.427785][ T3862] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  115.436715][ T3862] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  115.445846][ T3862] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  115.454360][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  115.461465][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3862] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3862] chdir("./file0")            = 0
[pid  3862] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3862] close(4)                    = 0
[pid  3862] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3862] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3861] <... futex resumed>)        = 0
[pid  3861] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3862] <... futex resumed>)        = 0
[pid  3861] <... futex resumed>)        = 1
[pid  3862] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3862] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3862] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3861] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable)
[pid  3861] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3862] <... futex resumed>)        = 0
[pid  3861] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  115.496169][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  115.503789][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  115.509606][ T3862] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  115.534687][ T3862] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3862] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3861] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3861] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3861] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3861] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3863], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3863
[pid  3861] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  115.543808][ T3862] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  115.543808][ T3862]   inode = 12 2341
[  115.543808][ T3862]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  115.562760][ T3862] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  115.571936][ T3862] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3862 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  115.582018][ T3862] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
./strace-static-x86_64: Process 3863 attached
[pid  3863] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3863] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3863] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  115.591055][ T3862] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  115.598291][ T3862] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  115.607195][ T3862] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  115.615812][ T3862] gfs2: fsid=syz:syz.0: File system withdrawn
[  115.622243][ T3862] CPU: 0 PID: 3862 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  115.632674][ T3862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  115.642726][ T3862] Call Trace:
[  115.645999][ T3862]  <TASK>
[  115.648922][ T3862]  dump_stack_lvl+0x1b1/0x28e
[  115.653612][ T3862]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  115.659071][ T3862]  ? panic+0x710/0x710
[  115.663136][ T3862]  ? kobject_uevent_env+0x46b/0x8e0
[  115.668340][ T3862]  ? do_raw_spin_unlock+0x134/0x8a0
[  115.673557][ T3862]  gfs2_withdraw+0xf33/0x1540
[  115.678272][ T3862]  ? gfs2_lm+0x220/0x220
[  115.682532][ T3862]  ? gfs2_dirent_scan+0xb6/0x650
[  115.687477][ T3862]  ? panic+0x710/0x710
[  115.691624][ T3862]  ? gfs2_permission+0x2ff/0x430
[  115.696606][ T3862]  ? gfs2_consist_inode_i+0xf3/0x110
[  115.701898][ T3862]  gfs2_dirent_scan+0x535/0x650
[  115.706946][ T3862]  ? gfs2_dirent_search+0xb10/0xb10
[  115.712152][ T3862]  gfs2_dirent_search+0x2ea/0xb10
[  115.717216][ T3862]  ? gfs2_dirent_search+0xb10/0xb10
[  115.722450][ T3862]  ? gfs2_dir_search+0x2a0/0x2a0
[  115.727397][ T3862]  ? gfs2_permission+0x3bf/0x430
[  115.732361][ T3862]  gfs2_dir_search+0x8c/0x2a0
[  115.737061][ T3862]  ? do_filldir_main+0x530/0x530
[  115.741999][ T3862]  ? inode_go_held+0xe4/0x1f0
[  115.746677][ T3862]  ? gfs2_glock_wait+0x213/0x2a0
[  115.751614][ T3862]  gfs2_lookupi+0x465/0x650
[  115.756121][ T3862]  ? gfs2_lookup_simple+0x170/0x170
[  115.761315][ T3862]  ? __gfs2_lookup+0x8c/0x260
[  115.765993][ T3862]  __gfs2_lookup+0x8c/0x260
[  115.770503][ T3862]  ? gfs2_atomic_open+0x230/0x230
[  115.775527][ T3862]  ? __d_lookup+0x6a4/0x770
[  115.780026][ T3862]  ? d_hash_and_lookup+0x1c0/0x1c0
[  115.785130][ T3862]  gfs2_atomic_open+0xa4/0x230
[  115.789891][ T3862]  path_openat+0xf39/0x2df0
[  115.794421][ T3862]  ? gfs2_rename2+0x3000/0x3000
[  115.799280][ T3862]  ? do_filp_open+0x4f0/0x4f0
[  115.803985][ T3862]  do_filp_open+0x264/0x4f0
[  115.808498][ T3862]  ? vfs_tmpfile+0x490/0x490
[  115.813113][ T3862]  ? do_raw_spin_unlock+0x134/0x8a0
[  115.818406][ T3862]  ? _raw_spin_unlock+0x24/0x40
[  115.823257][ T3862]  ? alloc_fd+0x5a7/0x640
[  115.827590][ T3862]  do_sys_openat2+0x124/0x4e0
[  115.832261][ T3862]  ? print_irqtrace_events+0x220/0x220
[  115.837709][ T3862]  ? ptrace_stop+0x74d/0x970
[  115.842295][ T3862]  ? do_sys_open+0x220/0x220
[  115.846882][ T3862]  ? lockdep_hardirqs_on+0x8d/0x130
[  115.852090][ T3862]  ? _raw_spin_unlock_irq+0x2a/0x40
[  115.857282][ T3862]  ? ptrace_notify+0x245/0x340
[  115.862065][ T3862]  __x64_sys_openat+0x243/0x290
[  115.866932][ T3862]  ? __ia32_sys_open+0x270/0x270
[  115.871893][ T3862]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  115.877893][ T3862]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  115.883880][ T3862]  do_syscall_64+0x3d/0xb0
[  115.888293][ T3862]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  115.894177][ T3862] RIP: 0033:0x7fc8868064d9
[  115.898593][ T3862] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  115.918207][ T3862] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  115.926620][ T3862] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  115.934582][ T3862] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3863] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3862] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3862] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3862] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3861] exit_group(0 <unfinished ...>
[pid  3863] <... futex resumed>)        = ?
[pid  3862] <... futex resumed>)        = ?
[pid  3861] <... exit_group resumed>)   = ?
[pid  3863] +++ exited with 0 +++
[pid  3862] +++ exited with 0 +++
[pid  3861] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3861, si_uid=0, si_status=0, si_utime=1, si_stime=31} ---
umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./74/binderfs")                 = 0
[  115.942541][ T3862] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  115.950502][ T3862] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  115.958476][ T3862] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  115.966454][ T3862]  </TASK>
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./74/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./74")                           = 0
mkdir("./75", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3864
./strace-static-x86_64: Process 3864 attached
[pid  3864] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3864] chdir("./75")               = 0
[pid  3864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3864] setpgid(0, 0)               = 0
[pid  3864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3864] write(3, "1000", 4)         = 4
[pid  3864] close(3)                    = 0
[pid  3864] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3864] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3864] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3864] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3865], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3865
./strace-static-x86_64: Process 3865 attached
[pid  3864] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3864] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3865] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3865] memfd_create("syzkaller", 0) = 3
[pid  3865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3865] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3865] munmap(0x7fc87e392000, 16777216) = 0
[pid  3865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3865] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3865] close(3)                    = 0
[pid  3865] mkdir("./file0", 0777)      = 0
[  116.269199][ T3865] loop0: detected capacity change from 0 to 32768
[  116.280561][ T3865] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  116.288762][ T3865] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  116.298566][ T3865] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  116.307543][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  116.314558][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3865] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3865] chdir("./file0")            = 0
[pid  3865] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3865] close(4)                    = 0
[pid  3865] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3864] <... futex resumed>)        = 0
[pid  3864] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3864] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3865] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3865] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3864] <... futex resumed>)        = 0
[pid  3864] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3864] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  116.347500][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  116.355652][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  116.361177][ T3865] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  116.385781][ T3865] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3865] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3864] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3864] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3864] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3864] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3866 attached
 <unfinished ...>
[pid  3866] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3864] <... clone resumed>, parent_tid=[3866], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3866
[pid  3864] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3866] <... set_robust_list resumed>) = 0
[pid  3866] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[  116.394290][ T3865] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  116.394290][ T3865]   inode = 12 2341
[  116.394290][ T3865]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  116.413442][ T3865] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  116.423517][ T3865] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3865 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  116.434175][ T3865] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3866] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  116.444975][ T3865] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  116.453120][ T3865] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  116.462071][ T3865] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  116.468631][ T3865] gfs2: fsid=syz:syz.0: File system withdrawn
[  116.474835][ T3865] CPU: 1 PID: 3865 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  116.485284][ T3865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  116.495356][ T3865] Call Trace:
[  116.498630][ T3865]  <TASK>
[  116.501555][ T3865]  dump_stack_lvl+0x1b1/0x28e
[  116.506259][ T3865]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  116.511725][ T3865]  ? panic+0x710/0x710
[  116.515791][ T3865]  ? kobject_uevent_env+0x46b/0x8e0
[  116.520995][ T3865]  ? do_raw_spin_unlock+0x134/0x8a0
[  116.526203][ T3865]  gfs2_withdraw+0xf33/0x1540
[  116.530906][ T3865]  ? gfs2_lm+0x220/0x220
[  116.535151][ T3865]  ? gfs2_dirent_scan+0xb6/0x650
[  116.540087][ T3865]  ? panic+0x710/0x710
[pid  3866] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3864] exit_group(0 <unfinished ...>
[pid  3866] <... futex resumed>)        = ?
[pid  3864] <... exit_group resumed>)   = ?
[pid  3866] +++ exited with 0 +++
[  116.544158][ T3865]  ? gfs2_permission+0x2ff/0x430
[  116.549088][ T3865]  ? gfs2_consist_inode_i+0xf3/0x110
[  116.554375][ T3865]  gfs2_dirent_scan+0x535/0x650
[  116.559243][ T3865]  ? gfs2_dirent_search+0xb10/0xb10
[  116.564435][ T3865]  gfs2_dirent_search+0x2ea/0xb10
[  116.569464][ T3865]  ? gfs2_dirent_search+0xb10/0xb10
[  116.574668][ T3865]  ? gfs2_dir_search+0x2a0/0x2a0
[  116.579605][ T3865]  ? gfs2_permission+0x3bf/0x430
[  116.584574][ T3865]  gfs2_dir_search+0x8c/0x2a0
[  116.589271][ T3865]  ? do_filldir_main+0x530/0x530
[  116.594210][ T3865]  ? inode_go_held+0xe4/0x1f0
[  116.598901][ T3865]  ? gfs2_glock_wait+0x213/0x2a0
[  116.603840][ T3865]  gfs2_lookupi+0x465/0x650
[  116.608354][ T3865]  ? gfs2_lookup_simple+0x170/0x170
[  116.613553][ T3865]  ? __gfs2_lookup+0x8c/0x260
[  116.618245][ T3865]  __gfs2_lookup+0x8c/0x260
[  116.622739][ T3865]  ? gfs2_atomic_open+0x230/0x230
[  116.627755][ T3865]  ? __d_lookup+0x6a4/0x770
[  116.632245][ T3865]  ? d_hash_and_lookup+0x1c0/0x1c0
[  116.637341][ T3865]  gfs2_atomic_open+0xa4/0x230
[  116.642097][ T3865]  path_openat+0xf39/0x2df0
[  116.646603][ T3865]  ? gfs2_rename2+0x3000/0x3000
[  116.651472][ T3865]  ? do_filp_open+0x4f0/0x4f0
[  116.656271][ T3865]  do_filp_open+0x264/0x4f0
[  116.660789][ T3865]  ? vfs_tmpfile+0x490/0x490
[  116.665400][ T3865]  ? do_raw_spin_unlock+0x134/0x8a0
[  116.670593][ T3865]  ? _raw_spin_unlock+0x24/0x40
[  116.675446][ T3865]  ? alloc_fd+0x5a7/0x640
[  116.679803][ T3865]  do_sys_openat2+0x124/0x4e0
[  116.685526][ T3865]  ? print_irqtrace_events+0x220/0x220
[  116.690974][ T3865]  ? ptrace_stop+0x74d/0x970
[  116.695555][ T3865]  ? do_sys_open+0x220/0x220
[  116.700146][ T3865]  ? lockdep_hardirqs_on+0x8d/0x130
[  116.705364][ T3865]  ? _raw_spin_unlock_irq+0x2a/0x40
[  116.710554][ T3865]  ? ptrace_notify+0x245/0x340
[  116.715306][ T3865]  __x64_sys_openat+0x243/0x290
[  116.720165][ T3865]  ? __ia32_sys_open+0x270/0x270
[  116.725124][ T3865]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  116.731124][ T3865]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  116.737096][ T3865]  do_syscall_64+0x3d/0xb0
[  116.741504][ T3865]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  116.747401][ T3865] RIP: 0033:0x7fc8868064d9
[  116.753459][ T3865] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  116.773150][ T3865] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  116.782258][ T3865] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  116.790327][ T3865] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3865] <... openat resumed>)       = ?
[pid  3865] +++ exited with 0 +++
[pid  3864] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3864, si_uid=0, si_status=0, si_utime=0, si_stime=27} ---
umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./75/binderfs")                 = 0
[  116.798312][ T3865] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  116.806286][ T3865] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  116.814250][ T3865] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  116.822235][ T3865]  </TASK>
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./75/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./75")                           = 0
mkdir("./76", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3867
./strace-static-x86_64: Process 3867 attached
[pid  3867] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3867] chdir("./76")               = 0
[pid  3867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3867] setpgid(0, 0)               = 0
[pid  3867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3867] write(3, "1000", 4)         = 4
[pid  3867] close(3)                    = 0
[pid  3867] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3867] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3867] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3867] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3868], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3868
[pid  3867] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3867] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3868 attached
 <unfinished ...>
[pid  3868] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3868] memfd_create("syzkaller", 0) = 3
[pid  3868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3868] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3868] munmap(0x7fc87e392000, 16777216) = 0
[pid  3868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3868] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3868] close(3)                    = 0
[pid  3868] mkdir("./file0", 0777)      = 0
[  117.107803][ T3868] loop0: detected capacity change from 0 to 32768
[  117.118262][ T3868] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  117.126553][ T3868] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  117.136362][ T3868] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  117.145337][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  117.152187][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3868] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3868] chdir("./file0")            = 0
[pid  3868] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3868] close(4)                    = 0
[pid  3868] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3868] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3867] <... futex resumed>)        = 0
[pid  3867] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3867] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3868] <... futex resumed>)        = 0
[pid  3868] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3868] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3867] <... futex resumed>)        = 0
[pid  3867] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3867] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3868] <... futex resumed>)        = 1
[  117.189040][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  117.196584][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  117.202130][ T3868] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  117.227734][ T3868] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3868] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3867] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3867] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3867] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3867] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3869], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3869
[pid  3867] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3869 attached
[pid  3869] set_robust_list(0x7fc87f3919e0, 24) = 0
[  117.236503][ T3868] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  117.236503][ T3868]   inode = 12 2341
[  117.236503][ T3868]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  117.255637][ T3868] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  117.265043][ T3868] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3868 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  117.275487][ T3868] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3869] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3869] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  117.284334][ T3868] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  117.292265][ T3868] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  117.301481][ T3868] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  117.308203][ T3868] gfs2: fsid=syz:syz.0: File system withdrawn
[  117.314480][ T3868] CPU: 1 PID: 3868 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  117.324924][ T3868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  117.334999][ T3868] Call Trace:
[  117.338287][ T3868]  <TASK>
[  117.341212][ T3868]  dump_stack_lvl+0x1b1/0x28e
[  117.345892][ T3868]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  117.351347][ T3868]  ? panic+0x710/0x710
[  117.355411][ T3868]  ? kobject_uevent_env+0x46b/0x8e0
[  117.360612][ T3868]  ? do_raw_spin_unlock+0x134/0x8a0
[  117.365829][ T3868]  gfs2_withdraw+0xf33/0x1540
[  117.370529][ T3868]  ? gfs2_lm+0x220/0x220
[  117.374771][ T3868]  ? gfs2_dirent_scan+0xb6/0x650
[  117.379713][ T3868]  ? panic+0x710/0x710
[  117.383790][ T3868]  ? gfs2_permission+0x2ff/0x430
[pid  3869] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3867] exit_group(0 <unfinished ...>
[pid  3869] <... futex resumed>)        = ?
[pid  3867] <... exit_group resumed>)   = ?
[pid  3869] +++ exited with 0 +++
[  117.388739][ T3868]  ? gfs2_consist_inode_i+0xf3/0x110
[  117.394063][ T3868]  gfs2_dirent_scan+0x535/0x650
[  117.398916][ T3868]  ? gfs2_dirent_search+0xb10/0xb10
[  117.404127][ T3868]  gfs2_dirent_search+0x2ea/0xb10
[  117.409186][ T3868]  ? gfs2_dirent_search+0xb10/0xb10
[  117.414403][ T3868]  ? gfs2_dir_search+0x2a0/0x2a0
[  117.419337][ T3868]  ? gfs2_permission+0x3bf/0x430
[  117.424292][ T3868]  gfs2_dir_search+0x8c/0x2a0
[  117.428995][ T3868]  ? do_filldir_main+0x530/0x530
[  117.433943][ T3868]  ? inode_go_held+0xe4/0x1f0
[  117.438633][ T3868]  ? gfs2_glock_wait+0x213/0x2a0
[  117.443579][ T3868]  gfs2_lookupi+0x465/0x650
[  117.448096][ T3868]  ? gfs2_lookup_simple+0x170/0x170
[  117.453288][ T3868]  ? __gfs2_lookup+0x8c/0x260
[  117.457967][ T3868]  __gfs2_lookup+0x8c/0x260
[  117.462465][ T3868]  ? gfs2_atomic_open+0x230/0x230
[  117.467485][ T3868]  ? __d_lookup+0x6a4/0x770
[  117.471977][ T3868]  ? d_hash_and_lookup+0x1c0/0x1c0
[  117.477079][ T3868]  gfs2_atomic_open+0xa4/0x230
[  117.481854][ T3868]  path_openat+0xf39/0x2df0
[  117.486370][ T3868]  ? gfs2_rename2+0x3000/0x3000
[  117.491222][ T3868]  ? do_filp_open+0x4f0/0x4f0
[  117.495919][ T3868]  do_filp_open+0x264/0x4f0
[  117.500427][ T3868]  ? vfs_tmpfile+0x490/0x490
[  117.505013][ T3868]  ? do_raw_spin_unlock+0x134/0x8a0
[  117.510204][ T3868]  ? _raw_spin_unlock+0x24/0x40
[  117.515055][ T3868]  ? alloc_fd+0x5a7/0x640
[  117.519394][ T3868]  do_sys_openat2+0x124/0x4e0
[  117.524061][ T3868]  ? print_irqtrace_events+0x220/0x220
[  117.529508][ T3868]  ? ptrace_stop+0x74d/0x970
[  117.534090][ T3868]  ? do_sys_open+0x220/0x220
[  117.538683][ T3868]  ? lockdep_hardirqs_on+0x8d/0x130
[  117.543895][ T3868]  ? _raw_spin_unlock_irq+0x2a/0x40
[  117.549103][ T3868]  ? ptrace_notify+0x245/0x340
[  117.553856][ T3868]  __x64_sys_openat+0x243/0x290
[  117.558698][ T3868]  ? __ia32_sys_open+0x270/0x270
[  117.563626][ T3868]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  117.569595][ T3868]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  117.575585][ T3868]  do_syscall_64+0x3d/0xb0
[  117.580006][ T3868]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  117.585886][ T3868] RIP: 0033:0x7fc8868064d9
[  117.590289][ T3868] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  117.609894][ T3868] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  117.618305][ T3868] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  117.626272][ T3868] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3868] <... openat resumed>)       = ?
[pid  3868] +++ exited with 0 +++
[pid  3867] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3867, si_uid=0, si_status=0, si_utime=2, si_stime=27} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./76/binderfs")                 = 0
[  117.634238][ T3868] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  117.642208][ T3868] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  117.650191][ T3868] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  117.658175][ T3868]  </TASK>
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./76/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./76")                           = 0
mkdir("./77", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3870
./strace-static-x86_64: Process 3870 attached
[pid  3870] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3870] chdir("./77")               = 0
[pid  3870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3870] setpgid(0, 0)               = 0
[pid  3870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3870] write(3, "1000", 4)         = 4
[pid  3870] close(3)                    = 0
[pid  3870] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3870] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3870] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3870] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3871], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3871
[pid  3870] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3870] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3871 attached
 <unfinished ...>
[pid  3871] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3871] memfd_create("syzkaller", 0) = 3
[pid  3871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3871] munmap(0x7fc87e392000, 16777216) = 0
[pid  3871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3871] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3871] close(3)                    = 0
[pid  3871] mkdir("./file0", 0777)      = 0
[  117.940589][ T3871] loop0: detected capacity change from 0 to 32768
[  117.951192][ T3871] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  117.959745][ T3871] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  117.969251][ T3871] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  117.977880][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  117.984753][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3871] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3871] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3871] chdir("./file0")            = 0
[pid  3871] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3871] close(4)                    = 0
[pid  3871] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3870] <... futex resumed>)        = 0
[pid  3871] <... futex resumed>)        = 1
[pid  3870] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3871] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3870] <... futex resumed>)        = 0
[pid  3871] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3870] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3871] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3870] <... futex resumed>)        = 0
[pid  3871] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3870] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  118.022595][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  118.030228][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  118.035457][ T3871] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  118.048335][ T3871] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  118.057208][ T3871] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  118.057208][ T3871]   inode = 12 2341
[pid  3870] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  118.057208][ T3871]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  118.075982][ T3871] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  118.085145][ T3871] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3871 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  118.095268][ T3871] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  118.103942][ T3871] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  118.111290][ T3871] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3870] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  118.120131][ T3871] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  118.126756][ T3871] gfs2: fsid=syz:syz.0: File system withdrawn
[  118.132970][ T3871] CPU: 0 PID: 3871 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  118.143439][ T3871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  118.153489][ T3871] Call Trace:
[  118.156761][ T3871]  <TASK>
[  118.159685][ T3871]  dump_stack_lvl+0x1b1/0x28e
[  118.164360][ T3871]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  118.169811][ T3871]  ? panic+0x710/0x710
[  118.173873][ T3871]  ? kobject_uevent_env+0x46b/0x8e0
[  118.179062][ T3871]  ? do_raw_spin_unlock+0x134/0x8a0
[  118.184279][ T3871]  gfs2_withdraw+0xf33/0x1540
[  118.188984][ T3871]  ? gfs2_lm+0x220/0x220
[  118.193227][ T3871]  ? gfs2_dirent_scan+0xb6/0x650
[  118.198187][ T3871]  ? panic+0x710/0x710
[  118.202258][ T3871]  ? gfs2_permission+0x2ff/0x430
[  118.207309][ T3871]  ? gfs2_consist_inode_i+0xf3/0x110
[  118.212601][ T3871]  gfs2_dirent_scan+0x535/0x650
[  118.217461][ T3871]  ? gfs2_dirent_search+0xb10/0xb10
[  118.222666][ T3871]  gfs2_dirent_search+0x2ea/0xb10
[  118.227691][ T3871]  ? gfs2_dirent_search+0xb10/0xb10
[  118.232891][ T3871]  ? gfs2_dir_search+0x2a0/0x2a0
[  118.237822][ T3871]  ? gfs2_permission+0x3bf/0x430
[  118.242781][ T3871]  gfs2_dir_search+0x8c/0x2a0
[  118.247493][ T3871]  ? do_filldir_main+0x530/0x530
[  118.252445][ T3871]  ? inode_go_held+0xe4/0x1f0
[  118.257122][ T3871]  ? gfs2_glock_wait+0x213/0x2a0
[  118.262055][ T3871]  gfs2_lookupi+0x465/0x650
[  118.266573][ T3871]  ? gfs2_lookup_simple+0x170/0x170
[  118.271795][ T3871]  ? __gfs2_lookup+0x8c/0x260
[  118.276493][ T3871]  __gfs2_lookup+0x8c/0x260
[  118.281094][ T3871]  ? gfs2_atomic_open+0x230/0x230
[  118.286143][ T3871]  ? __d_lookup+0x6a4/0x770
[  118.292409][ T3871]  ? d_hash_and_lookup+0x1c0/0x1c0
[  118.297522][ T3871]  gfs2_atomic_open+0xa4/0x230
[  118.302287][ T3871]  path_openat+0xf39/0x2df0
[  118.306790][ T3871]  ? gfs2_rename2+0x3000/0x3000
[  118.311651][ T3871]  ? do_filp_open+0x4f0/0x4f0
[  118.316331][ T3871]  do_filp_open+0x264/0x4f0
[  118.320827][ T3871]  ? vfs_tmpfile+0x490/0x490
[  118.325426][ T3871]  ? do_raw_spin_unlock+0x134/0x8a0
[  118.330884][ T3871]  ? _raw_spin_unlock+0x24/0x40
[  118.335729][ T3871]  ? alloc_fd+0x5a7/0x640
[  118.340058][ T3871]  do_sys_openat2+0x124/0x4e0
[  118.344737][ T3871]  ? print_irqtrace_events+0x220/0x220
[  118.350190][ T3871]  ? ptrace_stop+0x74d/0x970
[  118.354794][ T3871]  ? do_sys_open+0x220/0x220
[  118.359377][ T3871]  ? lockdep_hardirqs_on+0x8d/0x130
[  118.364570][ T3871]  ? _raw_spin_unlock_irq+0x2a/0x40
[  118.369762][ T3871]  ? ptrace_notify+0x245/0x340
[  118.374527][ T3871]  __x64_sys_openat+0x243/0x290
[  118.379478][ T3871]  ? __ia32_sys_open+0x270/0x270
[  118.384418][ T3871]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  118.390396][ T3871]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  118.396372][ T3871]  do_syscall_64+0x3d/0xb0
[  118.400785][ T3871]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  118.406674][ T3871] RIP: 0033:0x7fc8868064d9
[  118.411081][ T3871] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  118.430680][ T3871] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  118.439085][ T3871] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  118.447046][ T3871] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  118.455007][ T3871] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  118.462970][ T3871] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3870] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3870] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3872], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3872
[pid  3870] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3871] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3871] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3871] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3872 attached
 <unfinished ...>
[pid  3872] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3872] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3872] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3870] exit_group(0 <unfinished ...>
[pid  3871] <... futex resumed>)        = ?
[pid  3870] <... exit_group resumed>)   = ?
[pid  3871] +++ exited with 0 +++
[pid  3872] +++ exited with 0 +++
[pid  3870] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3870, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./77/binderfs")                 = 0
[  118.471017][ T3871] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  118.478993][ T3871]  </TASK>
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./77/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./77")                           = 0
mkdir("./78", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3873
./strace-static-x86_64: Process 3873 attached
[pid  3873] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3873] chdir("./78")               = 0
[pid  3873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3873] setpgid(0, 0)               = 0
[pid  3873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3873] write(3, "1000", 4)         = 4
[pid  3873] close(3)                    = 0
[pid  3873] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3873] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3873] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3873] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3874 attached
, parent_tid=[3874], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3874
[pid  3874] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3874] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3873] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3874] <... futex resumed>)        = 0
[pid  3873] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3874] memfd_create("syzkaller", 0) = 3
[pid  3874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3874] munmap(0x7fc87e392000, 16777216) = 0
[pid  3874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3874] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3874] close(3)                    = 0
[pid  3874] mkdir("./file0", 0777)      = 0
[  118.789524][ T3874] loop0: detected capacity change from 0 to 32768
[  118.802230][ T3874] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  118.810708][ T3874] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  118.820817][ T3874] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  118.829347][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  118.836248][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3874] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3874] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3874] chdir("./file0")            = 0
[pid  3874] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3874] close(4)                    = 0
[pid  3874] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3873] <... futex resumed>)        = 0
[pid  3873] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3873] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3874] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3874] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3873] <... futex resumed>)        = 0
[pid  3873] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3873] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  118.870676][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  118.879408][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  118.884891][ T3874] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  118.919614][ T3874] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  118.929980][ T3874] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  118.929980][ T3874]   inode = 12 2341
[  118.929980][ T3874]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  118.949062][ T3874] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  118.958182][ T3874] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3874 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3874] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3873] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3873] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3873] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3873] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3875], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3875
[pid  3873] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3875 attached
[pid  3875] set_robust_list(0x7fc87f3919e0, 24) = 0
[  118.968230][ T3874] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  118.971975][ T3875] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  118.977071][ T3874] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  118.986184][ T3875] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  118.992815][ T3874] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  119.002364][ T3875] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3874 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  119.011241][ T3874] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  119.021509][ T3875] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3875 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  119.029537][ T3874] gfs2: fsid=syz:syz.0: File system withdrawn
[  119.044016][ T3874] CPU: 0 PID: 3874 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  119.044101][ T3875] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  119.054424][ T3874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  119.054436][ T3874] Call Trace:
[  119.054443][ T3874]  <TASK>
[  119.054450][ T3874]  dump_stack_lvl+0x1b1/0x28e
[  119.054474][ T3874]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  119.054495][ T3874]  ? panic+0x710/0x710
[  119.054515][ T3874]  ? kobject_uevent_env+0x46b/0x8e0
[  119.099794][ T3874]  ? do_raw_spin_unlock+0x134/0x8a0
[  119.104994][ T3874]  gfs2_withdraw+0xf33/0x1540
[  119.109678][ T3874]  ? gfs2_lm+0x220/0x220
[  119.113914][ T3874]  ? gfs2_dirent_scan+0xb6/0x650
[  119.118860][ T3874]  ? panic+0x710/0x710
[  119.122942][ T3874]  ? gfs2_permission+0x2ff/0x430
[  119.127891][ T3874]  ? gfs2_consist_inode_i+0xf3/0x110
[  119.133167][ T3874]  gfs2_dirent_scan+0x535/0x650
[  119.138010][ T3874]  ? gfs2_dirent_search+0xb10/0xb10
[  119.143724][ T3874]  gfs2_dirent_search+0x2ea/0xb10
[  119.148742][ T3874]  ? gfs2_dirent_search+0xb10/0xb10
[  119.153963][ T3874]  ? gfs2_dir_search+0x2a0/0x2a0
[  119.158922][ T3874]  ? gfs2_permission+0x3bf/0x430
[  119.163868][ T3874]  gfs2_dir_search+0x8c/0x2a0
[  119.168539][ T3874]  ? do_filldir_main+0x530/0x530
[  119.173491][ T3874]  ? inode_go_held+0xe4/0x1f0
[  119.178179][ T3874]  ? gfs2_glock_wait+0x213/0x2a0
[  119.183311][ T3874]  gfs2_lookupi+0x465/0x650
[  119.187836][ T3874]  ? gfs2_lookup_simple+0x170/0x170
[  119.193060][ T3874]  ? __gfs2_lookup+0x8c/0x260
[  119.198952][ T3874]  __gfs2_lookup+0x8c/0x260
[  119.203452][ T3874]  ? gfs2_atomic_open+0x230/0x230
[  119.208479][ T3874]  ? __d_lookup+0x6a4/0x770
[  119.212976][ T3874]  ? d_hash_and_lookup+0x1c0/0x1c0
[  119.218077][ T3874]  gfs2_atomic_open+0xa4/0x230
[  119.222836][ T3874]  path_openat+0xf39/0x2df0
[  119.227337][ T3874]  ? gfs2_rename2+0x3000/0x3000
[  119.232192][ T3874]  ? do_filp_open+0x4f0/0x4f0
[  119.236876][ T3874]  do_filp_open+0x264/0x4f0
[  119.241369][ T3874]  ? vfs_tmpfile+0x490/0x490
[  119.245957][ T3874]  ? do_raw_spin_unlock+0x134/0x8a0
[  119.251156][ T3874]  ? _raw_spin_unlock+0x24/0x40
[  119.256000][ T3874]  ? alloc_fd+0x5a7/0x640
[  119.260330][ T3874]  do_sys_openat2+0x124/0x4e0
[  119.265001][ T3874]  ? print_irqtrace_events+0x220/0x220
[  119.270447][ T3874]  ? ptrace_stop+0x74d/0x970
[  119.275037][ T3874]  ? do_sys_open+0x220/0x220
[  119.279621][ T3874]  ? lockdep_hardirqs_on+0x8d/0x130
[  119.284812][ T3874]  ? _raw_spin_unlock_irq+0x2a/0x40
[  119.290005][ T3874]  ? ptrace_notify+0x245/0x340
[  119.295716][ T3874]  __x64_sys_openat+0x243/0x290
[  119.300560][ T3874]  ? __ia32_sys_open+0x270/0x270
[  119.305494][ T3874]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  119.311502][ T3874]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  119.317480][ T3874]  do_syscall_64+0x3d/0xb0
[  119.321887][ T3874]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  119.327771][ T3874] RIP: 0033:0x7fc8868064d9
[  119.332198][ T3874] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  119.351798][ T3874] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  119.360203][ T3874] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3875] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3873] exit_group(0)               = ?
[pid  3875] <... openat resumed>)       = ?
[pid  3874] <... openat resumed>)       = ?
[pid  3875] +++ exited with 0 +++
[pid  3874] +++ exited with 0 +++
[pid  3873] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=0, si_utime=2, si_stime=42} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./78/binderfs")                 = 0
[  119.368163][ T3874] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  119.376120][ T3874] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  119.384078][ T3874] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  119.392037][ T3874] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  119.400012][ T3874]  </TASK>
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./78/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./78")                           = 0
mkdir("./79", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3876
./strace-static-x86_64: Process 3876 attached
[pid  3876] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3876] chdir("./79")               = 0
[pid  3876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3876] setpgid(0, 0)               = 0
[pid  3876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3876] write(3, "1000", 4)         = 4
[pid  3876] close(3)                    = 0
[pid  3876] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3876] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3876] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3877 attached
, parent_tid=[3877], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3877
[pid  3876] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3877] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3877] memfd_create("syzkaller", 0) = 3
[pid  3877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3877] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3877] munmap(0x7fc87e392000, 16777216) = 0
[pid  3877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3877] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3877] close(3)                    = 0
[pid  3877] mkdir("./file0", 0777)      = 0
[  119.702284][ T3877] loop0: detected capacity change from 0 to 32768
[  119.714001][ T3877] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  119.722286][ T3877] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  119.732489][ T3877] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  119.741415][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  119.748184][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3877] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3877] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3877] chdir("./file0")            = 0
[pid  3877] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3877] close(4)                    = 0
[pid  3877] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3877] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3876] <... futex resumed>)        = 0
[pid  3876] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3877] <... futex resumed>)        = 0
[pid  3877] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3877] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3876] <... futex resumed>)        = 0
[pid  3876] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3877] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3876] <... futex resumed>)        = 0
[  119.784274][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  119.792060][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  119.797673][ T3877] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  119.823370][ T3877] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3876] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3876] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3876] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3876] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3878], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3878
[pid  3876] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3878 attached
[pid  3878] set_robust_list(0x7fc87f3919e0, 24) = 0
[  119.832111][ T3877] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  119.832111][ T3877]   inode = 12 2341
[  119.832111][ T3877]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  119.851508][ T3877] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  119.861579][ T3877] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3877 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  119.871813][ T3877] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  119.876878][ T3878] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  119.880928][ T3877] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  119.889233][ T3878] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  119.896144][ T3877] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  119.905367][ T3878] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3877 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  119.914011][ T3877] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  119.924215][ T3878] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3878 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  119.930627][ T3877] gfs2: fsid=syz:syz.0: File system withdrawn
[  119.947503][ T3877] CPU: 0 PID: 3877 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  119.950186][ T3878] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  119.957930][ T3877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  119.957944][ T3877] Call Trace:
[  119.957952][ T3877]  <TASK>
[  119.957961][ T3877]  dump_stack_lvl+0x1b1/0x28e
[  119.987372][ T3877]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  119.992830][ T3877]  ? panic+0x710/0x710
[  119.996920][ T3877]  ? kobject_uevent_env+0x46b/0x8e0
[  120.002126][ T3877]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.007328][ T3877]  gfs2_withdraw+0xf33/0x1540
[  120.012011][ T3877]  ? gfs2_lm+0x220/0x220
[  120.016242][ T3877]  ? gfs2_dirent_scan+0xb6/0x650
[  120.021176][ T3877]  ? panic+0x710/0x710
[  120.025241][ T3877]  ? gfs2_permission+0x2ff/0x430
[  120.030178][ T3877]  ? gfs2_consist_inode_i+0xf3/0x110
[  120.035457][ T3877]  gfs2_dirent_scan+0x535/0x650
[  120.040307][ T3877]  ? gfs2_dirent_search+0xb10/0xb10
[  120.045511][ T3877]  gfs2_dirent_search+0x2ea/0xb10
[  120.050535][ T3877]  ? gfs2_dirent_search+0xb10/0xb10
[  120.055735][ T3877]  ? gfs2_dir_search+0x2a0/0x2a0
[  120.060672][ T3877]  ? gfs2_permission+0x3bf/0x430
[  120.065611][ T3877]  gfs2_dir_search+0x8c/0x2a0
[  120.070320][ T3877]  ? do_filldir_main+0x530/0x530
[  120.075255][ T3877]  ? inode_go_held+0xe4/0x1f0
[  120.079929][ T3877]  ? gfs2_glock_wait+0x213/0x2a0
[  120.084860][ T3877]  gfs2_lookupi+0x465/0x650
[  120.089367][ T3877]  ? gfs2_lookup_simple+0x170/0x170
[  120.094562][ T3877]  ? __gfs2_lookup+0x8c/0x260
[  120.099239][ T3877]  __gfs2_lookup+0x8c/0x260
[  120.103738][ T3877]  ? gfs2_atomic_open+0x230/0x230
[  120.108769][ T3877]  ? __d_lookup+0x6a4/0x770
[  120.113265][ T3877]  ? d_hash_and_lookup+0x1c0/0x1c0
[  120.118446][ T3877]  gfs2_atomic_open+0xa4/0x230
[  120.123230][ T3877]  path_openat+0xf39/0x2df0
[  120.127733][ T3877]  ? gfs2_rename2+0x3000/0x3000
[  120.132588][ T3877]  ? do_filp_open+0x4f0/0x4f0
[  120.137267][ T3877]  do_filp_open+0x264/0x4f0
[  120.141762][ T3877]  ? vfs_tmpfile+0x490/0x490
[  120.146354][ T3877]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.151559][ T3877]  ? _raw_spin_unlock+0x24/0x40
[  120.156411][ T3877]  ? alloc_fd+0x5a7/0x640
[  120.160749][ T3877]  do_sys_openat2+0x124/0x4e0
[  120.165428][ T3877]  ? print_irqtrace_events+0x220/0x220
[  120.170889][ T3877]  ? ptrace_stop+0x74d/0x970
[  120.175499][ T3877]  ? do_sys_open+0x220/0x220
[  120.180188][ T3877]  ? lockdep_hardirqs_on+0x8d/0x130
[  120.185385][ T3877]  ? _raw_spin_unlock_irq+0x2a/0x40
[  120.190589][ T3877]  ? ptrace_notify+0x245/0x340
[  120.195352][ T3877]  __x64_sys_openat+0x243/0x290
[  120.200203][ T3877]  ? __ia32_sys_open+0x270/0x270
[  120.205136][ T3877]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  120.211115][ T3877]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  120.218830][ T3877]  do_syscall_64+0x3d/0xb0
[  120.223242][ T3877]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  120.229124][ T3877] RIP: 0033:0x7fc8868064d9
[  120.233531][ T3877] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  120.253125][ T3877] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  120.261527][ T3877] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  120.269491][ T3877] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  120.277454][ T3877] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3878] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3877] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3878] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3878] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3877] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3876] exit_group(0)               = ?
[pid  3878] <... futex resumed>)        = ?
[pid  3878] +++ exited with 0 +++
[pid  3877] +++ exited with 0 +++
[pid  3876] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=43} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./79/binderfs")                 = 0
[  120.285417][ T3877] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  120.293376][ T3877] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  120.301352][ T3877]  </TASK>
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./79/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./79")                           = 0
mkdir("./80", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3879
./strace-static-x86_64: Process 3879 attached
[pid  3879] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3879] chdir("./80")               = 0
[pid  3879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3879] setpgid(0, 0)               = 0
[pid  3879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3879] write(3, "1000", 4)         = 4
[pid  3879] close(3)                    = 0
[pid  3879] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3879] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3879] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3879] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3880], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3880
[pid  3879] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3879] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3880 attached
 <unfinished ...>
[pid  3880] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3880] memfd_create("syzkaller", 0) = 3
[pid  3880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3880] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3880] munmap(0x7fc87e392000, 16777216) = 0
[pid  3880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3880] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3880] close(3)                    = 0
[pid  3880] mkdir("./file0", 0777)      = 0
[  120.599475][ T3880] loop0: detected capacity change from 0 to 32768
[  120.609503][ T3880] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  120.618744][ T3880] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  120.628468][ T3880] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  120.637488][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  120.644935][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3880] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3880] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3880] chdir("./file0")            = 0
[pid  3880] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3880] close(4)                    = 0
[pid  3880] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3879] <... futex resumed>)        = 0
[pid  3879] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3879] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3880] <... futex resumed>)        = 1
[pid  3880] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3880] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3879] <... futex resumed>)        = 0
[pid  3879] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3879] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3880] <... futex resumed>)        = 1
[  120.681326][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  120.689084][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  120.694722][ T3880] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  120.713174][ T3880] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  120.722134][ T3880] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3880] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3879] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  120.722134][ T3880]   inode = 12 2341
[  120.722134][ T3880]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  120.740849][ T3880] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  120.749896][ T3880] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3880 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  120.760007][ T3880] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  120.773659][ T3880] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3879] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3879] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3879] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3881], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3881
[pid  3879] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  120.781036][ T3880] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  120.789936][ T3880] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  120.796637][ T3880] gfs2: fsid=syz:syz.0: File system withdrawn
[  120.802806][ T3880] CPU: 0 PID: 3880 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  120.813334][ T3880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  120.823574][ T3880] Call Trace:
[  120.826849][ T3880]  <TASK>
[  120.829771][ T3880]  dump_stack_lvl+0x1b1/0x28e
[  120.834459][ T3880]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  120.839937][ T3880]  ? panic+0x710/0x710
[  120.844024][ T3880]  ? kobject_uevent_env+0x46b/0x8e0
[  120.849321][ T3880]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.854533][ T3880]  gfs2_withdraw+0xf33/0x1540
[  120.859228][ T3880]  ? gfs2_lm+0x220/0x220
[  120.863464][ T3880]  ? gfs2_dirent_scan+0xb6/0x650
[  120.868423][ T3880]  ? panic+0x710/0x710
[  120.872496][ T3880]  ? gfs2_permission+0x2ff/0x430
[  120.877434][ T3880]  ? gfs2_consist_inode_i+0xf3/0x110
[  120.882731][ T3880]  gfs2_dirent_scan+0x535/0x650
[  120.887596][ T3880]  ? gfs2_dirent_search+0xb10/0xb10
[  120.892794][ T3880]  gfs2_dirent_search+0x2ea/0xb10
[  120.897830][ T3880]  ? gfs2_dirent_search+0xb10/0xb10
[  120.903018][ T3880]  ? gfs2_dir_search+0x2a0/0x2a0
[  120.907954][ T3880]  ? gfs2_permission+0x3bf/0x430
[  120.912909][ T3880]  gfs2_dir_search+0x8c/0x2a0
[  120.917586][ T3880]  ? do_filldir_main+0x530/0x530
[  120.922520][ T3880]  ? inode_go_held+0xe4/0x1f0
[  120.927193][ T3880]  ? gfs2_glock_wait+0x213/0x2a0
[  120.932125][ T3880]  gfs2_lookupi+0x465/0x650
[  120.936627][ T3880]  ? gfs2_lookup_simple+0x170/0x170
[  120.941819][ T3880]  ? __gfs2_lookup+0x8c/0x260
[  120.946517][ T3880]  __gfs2_lookup+0x8c/0x260
[  120.951037][ T3880]  ? gfs2_atomic_open+0x230/0x230
[  120.956095][ T3880]  ? __d_lookup+0x6a4/0x770
[  120.960605][ T3880]  ? d_hash_and_lookup+0x1c0/0x1c0
[  120.965715][ T3880]  gfs2_atomic_open+0xa4/0x230
[  120.970482][ T3880]  path_openat+0xf39/0x2df0
[  120.974983][ T3880]  ? gfs2_rename2+0x3000/0x3000
[  120.979847][ T3880]  ? do_filp_open+0x4f0/0x4f0
[  120.984529][ T3880]  do_filp_open+0x264/0x4f0
[  120.989024][ T3880]  ? vfs_tmpfile+0x490/0x490
[  120.993614][ T3880]  ? do_raw_spin_unlock+0x134/0x8a0
[  120.998810][ T3880]  ? _raw_spin_unlock+0x24/0x40
[  121.003660][ T3880]  ? alloc_fd+0x5a7/0x640
[  121.007991][ T3880]  do_sys_openat2+0x124/0x4e0
[  121.012662][ T3880]  ? print_irqtrace_events+0x220/0x220
[  121.018113][ T3880]  ? ptrace_stop+0x74d/0x970
[  121.022700][ T3880]  ? do_sys_open+0x220/0x220
[  121.027281][ T3880]  ? lockdep_hardirqs_on+0x8d/0x130
[  121.032472][ T3880]  ? _raw_spin_unlock_irq+0x2a/0x40
[  121.037666][ T3880]  ? ptrace_notify+0x245/0x340
[  121.042436][ T3880]  __x64_sys_openat+0x243/0x290
[  121.047286][ T3880]  ? __ia32_sys_open+0x270/0x270
[  121.052220][ T3880]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  121.058206][ T3880]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  121.064196][ T3880]  do_syscall_64+0x3d/0xb0
[  121.068613][ T3880]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.074498][ T3880] RIP: 0033:0x7fc8868064d9
[  121.078903][ T3880] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  121.098605][ T3880] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  121.107045][ T3880] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  121.115136][ T3880] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  121.123113][ T3880] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
./strace-static-x86_64: Process 3881 attached
[pid  3881] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3881] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3881] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3881] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3880] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3880] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3880] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3879] exit_group(0 <unfinished ...>
[pid  3881] <... futex resumed>)        = ?
[pid  3880] <... futex resumed>)        = ?
[pid  3879] <... exit_group resumed>)   = ?
[pid  3881] +++ exited with 0 +++
[pid  3880] +++ exited with 0 +++
[pid  3879] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./80/binderfs")                 = 0
[  121.132816][ T3880] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  121.140781][ T3880] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  121.149607][ T3880]  </TASK>
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./80/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./80")                           = 0
mkdir("./81", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3882
./strace-static-x86_64: Process 3882 attached
[pid  3882] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3882] chdir("./81")               = 0
[pid  3882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3882] setpgid(0, 0)               = 0
[pid  3882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3882] write(3, "1000", 4)         = 4
[pid  3882] close(3)                    = 0
[pid  3882] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3882] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3882] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3882] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3883], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3883
[pid  3882] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3882] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3883 attached
 <unfinished ...>
[pid  3883] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3883] memfd_create("syzkaller", 0) = 3
[pid  3883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3883] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3883] munmap(0x7fc87e392000, 16777216) = 0
[pid  3883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3883] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3883] close(3)                    = 0
[pid  3883] mkdir("./file0", 0777)      = 0
[  121.478798][ T3883] loop0: detected capacity change from 0 to 32768
[  121.489835][ T3883] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  121.498209][ T3883] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  121.507159][ T3883] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  121.515971][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  121.523019][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3883] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3883] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3883] chdir("./file0")            = 0
[pid  3883] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3883] close(4)                    = 0
[pid  3883] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3882] <... futex resumed>)        = 0
[pid  3882] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3882] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3883] <... futex resumed>)        = 1
[pid  3883] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3883] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3882] <... futex resumed>)        = 0
[pid  3882] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3882] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3883] <... futex resumed>)        = 1
[  121.556110][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  121.566011][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  121.571477][ T3883] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  121.598089][ T3883] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  121.606923][ T3883] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  121.606923][ T3883]   inode = 12 2341
[  121.606923][ T3883]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  121.626056][ T3883] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  121.635220][ T3883] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3883 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3883] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3882] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3882] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3882] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3882] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3884], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3884
[pid  3882] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3884 attached
[pid  3884] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3884] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3884] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  121.645549][ T3883] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  121.654117][ T3883] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  121.661412][ T3883] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  121.670277][ T3883] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  121.678054][ T3883] gfs2: fsid=syz:syz.0: File system withdrawn
[  121.684300][ T3883] CPU: 0 PID: 3883 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  121.694745][ T3883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  121.706631][ T3883] Call Trace:
[  121.709912][ T3883]  <TASK>
[  121.712853][ T3883]  dump_stack_lvl+0x1b1/0x28e
[  121.717539][ T3883]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  121.723005][ T3883]  ? panic+0x710/0x710
[  121.727092][ T3883]  ? kobject_uevent_env+0x46b/0x8e0
[  121.732313][ T3883]  ? do_raw_spin_unlock+0x134/0x8a0
[  121.737509][ T3883]  gfs2_withdraw+0xf33/0x1540
[  121.742209][ T3883]  ? gfs2_lm+0x220/0x220
[pid  3884] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3882] exit_group(0 <unfinished ...>
[pid  3884] <... futex resumed>)        = ?
[pid  3882] <... exit_group resumed>)   = ?
[pid  3884] +++ exited with 0 +++
[  121.746456][ T3883]  ? gfs2_dirent_scan+0xb6/0x650
[  121.751390][ T3883]  ? panic+0x710/0x710
[  121.755483][ T3883]  ? gfs2_permission+0x2ff/0x430
[  121.761056][ T3883]  ? gfs2_consist_inode_i+0xf3/0x110
[  121.766355][ T3883]  gfs2_dirent_scan+0x535/0x650
[  121.771224][ T3883]  ? gfs2_dirent_search+0xb10/0xb10
[  121.776439][ T3883]  gfs2_dirent_search+0x2ea/0xb10
[  121.781478][ T3883]  ? gfs2_dirent_search+0xb10/0xb10
[  121.786681][ T3883]  ? gfs2_dir_search+0x2a0/0x2a0
[  121.792740][ T3883]  ? gfs2_permission+0x3bf/0x430
[  121.797709][ T3883]  gfs2_dir_search+0x8c/0x2a0
[  121.802411][ T3883]  ? do_filldir_main+0x530/0x530
[  121.807347][ T3883]  ? inode_go_held+0xe4/0x1f0
[  121.812017][ T3883]  ? gfs2_glock_wait+0x213/0x2a0
[  121.816947][ T3883]  gfs2_lookupi+0x465/0x650
[  121.821448][ T3883]  ? gfs2_lookup_simple+0x170/0x170
[  121.826640][ T3883]  ? __gfs2_lookup+0x8c/0x260
[  121.831313][ T3883]  __gfs2_lookup+0x8c/0x260
[  121.835818][ T3883]  ? gfs2_atomic_open+0x230/0x230
[  121.840868][ T3883]  ? __d_lookup+0x6a4/0x770
[  121.845377][ T3883]  ? d_hash_and_lookup+0x1c0/0x1c0
[  121.850496][ T3883]  gfs2_atomic_open+0xa4/0x230
[  121.855255][ T3883]  path_openat+0xf39/0x2df0
[  121.859751][ T3883]  ? gfs2_rename2+0x3000/0x3000
[  121.864623][ T3883]  ? do_filp_open+0x4f0/0x4f0
[  121.869314][ T3883]  do_filp_open+0x264/0x4f0
[  121.873838][ T3883]  ? vfs_tmpfile+0x490/0x490
[  121.878446][ T3883]  ? do_raw_spin_unlock+0x134/0x8a0
[  121.883673][ T3883]  ? _raw_spin_unlock+0x24/0x40
[  121.888527][ T3883]  ? alloc_fd+0x5a7/0x640
[  121.892867][ T3883]  do_sys_openat2+0x124/0x4e0
[  121.897543][ T3883]  ? print_irqtrace_events+0x220/0x220
[  121.902996][ T3883]  ? ptrace_stop+0x74d/0x970
[  121.907593][ T3883]  ? do_sys_open+0x220/0x220
[  121.912224][ T3883]  ? lockdep_hardirqs_on+0x8d/0x130
[  121.917414][ T3883]  ? _raw_spin_unlock_irq+0x2a/0x40
[  121.922618][ T3883]  ? ptrace_notify+0x245/0x340
[  121.927386][ T3883]  __x64_sys_openat+0x243/0x290
[  121.932332][ T3883]  ? __ia32_sys_open+0x270/0x270
[  121.937280][ T3883]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  121.943267][ T3883]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  121.949699][ T3883]  do_syscall_64+0x3d/0xb0
[  121.954117][ T3883]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  121.960021][ T3883] RIP: 0033:0x7fc8868064d9
[  121.964427][ T3883] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  121.984026][ T3883] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  121.992440][ T3883] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3883] <... openat resumed>)       = ?
[pid  3883] +++ exited with 0 +++
[pid  3882] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3882, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./81/binderfs")                 = 0
[  122.000499][ T3883] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  122.008487][ T3883] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  122.016457][ T3883] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  122.024433][ T3883] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  122.032410][ T3883]  </TASK>
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./81/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./81")                           = 0
mkdir("./82", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3885
./strace-static-x86_64: Process 3885 attached
[pid  3885] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3885] chdir("./82")               = 0
[pid  3885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3885] setpgid(0, 0)               = 0
[pid  3885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3885] write(3, "1000", 4)         = 4
[pid  3885] close(3)                    = 0
[pid  3885] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3885] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3885] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3885] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3886], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3886
[pid  3885] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3886 attached
 <unfinished ...>
[pid  3886] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3886] memfd_create("syzkaller", 0) = 3
[pid  3886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3886] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3886] munmap(0x7fc87e392000, 16777216) = 0
[pid  3886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3886] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3886] close(3)                    = 0
[pid  3886] mkdir("./file0", 0777)      = 0
[  122.340023][ T3886] loop0: detected capacity change from 0 to 32768
[  122.351097][ T3886] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  122.359313][ T3886] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  122.369083][ T3886] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  122.377996][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  122.384920][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3886] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3886] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3886] chdir("./file0")            = 0
[pid  3886] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3886] close(4)                    = 0
[pid  3886] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3885] <... futex resumed>)        = 0
[pid  3885] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3886] <... futex resumed>)        = 1
[pid  3886] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3886] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3885] <... futex resumed>)        = 0
[pid  3885] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3886] <... futex resumed>)        = 1
[  122.417705][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  122.426532][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  122.431931][ T3886] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  122.453032][ T3886] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3886] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3885] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3885] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3885] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3885] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3885] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3887], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3887
[pid  3885] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3887 attached
[pid  3887] set_robust_list(0x7fc87f3919e0, 24) = 0
[  122.462019][ T3886] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  122.462019][ T3886]   inode = 12 2341
[  122.462019][ T3886]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  122.480970][ T3886] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  122.490046][ T3886] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3886 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  122.500923][ T3886] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  122.505713][ T3887] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  122.509723][ T3886] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  122.518354][ T3887] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  122.525408][ T3886] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  122.534728][ T3887] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3886 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  122.543358][ T3886] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  122.553623][ T3887] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3887 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  122.561648][ T3886] gfs2: fsid=syz:syz.0: File system withdrawn
[  122.570124][ T3887] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  122.575864][ T3886] CPU: 0 PID: 3886 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  122.594462][ T3886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  122.604519][ T3886] Call Trace:
[  122.607787][ T3886]  <TASK>
[  122.610796][ T3886]  dump_stack_lvl+0x1b1/0x28e
[  122.615475][ T3886]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  122.620936][ T3886]  ? panic+0x710/0x710
[  122.624994][ T3886]  ? kobject_uevent_env+0x46b/0x8e0
[  122.630190][ T3886]  ? do_raw_spin_unlock+0x134/0x8a0
[  122.635398][ T3886]  gfs2_withdraw+0xf33/0x1540
[  122.640113][ T3886]  ? gfs2_lm+0x220/0x220
[  122.644346][ T3886]  ? gfs2_dirent_scan+0xb6/0x650
[  122.649311][ T3886]  ? panic+0x710/0x710
[  122.653407][ T3886]  ? gfs2_permission+0x2ff/0x430
[  122.658354][ T3886]  ? gfs2_consist_inode_i+0xf3/0x110
[  122.663641][ T3886]  gfs2_dirent_scan+0x535/0x650
[  122.668497][ T3886]  ? gfs2_dirent_search+0xb10/0xb10
[  122.673693][ T3886]  gfs2_dirent_search+0x2ea/0xb10
[  122.678715][ T3886]  ? gfs2_dirent_search+0xb10/0xb10
[  122.683911][ T3886]  ? gfs2_dir_search+0x2a0/0x2a0
[  122.688851][ T3886]  ? gfs2_permission+0x3bf/0x430
[  122.693788][ T3886]  gfs2_dir_search+0x8c/0x2a0
[  122.698461][ T3886]  ? do_filldir_main+0x530/0x530
[  122.703480][ T3886]  ? inode_go_held+0xe4/0x1f0
[  122.708164][ T3886]  ? gfs2_glock_wait+0x213/0x2a0
[  122.713192][ T3886]  gfs2_lookupi+0x465/0x650
[  122.717697][ T3886]  ? gfs2_lookup_simple+0x170/0x170
[  122.722901][ T3886]  ? __gfs2_lookup+0x8c/0x260
[  122.727596][ T3886]  __gfs2_lookup+0x8c/0x260
[  122.732096][ T3886]  ? gfs2_atomic_open+0x230/0x230
[  122.737116][ T3886]  ? __d_lookup+0x6a4/0x770
[  122.741611][ T3886]  ? d_hash_and_lookup+0x1c0/0x1c0
[  122.746714][ T3886]  gfs2_atomic_open+0xa4/0x230
[  122.751490][ T3886]  path_openat+0xf39/0x2df0
[  122.756078][ T3886]  ? gfs2_rename2+0x3000/0x3000
[  122.760933][ T3886]  ? do_filp_open+0x4f0/0x4f0
[  122.765614][ T3886]  do_filp_open+0x264/0x4f0
[  122.770147][ T3886]  ? vfs_tmpfile+0x490/0x490
[  122.774739][ T3886]  ? do_raw_spin_unlock+0x134/0x8a0
[  122.779955][ T3886]  ? _raw_spin_unlock+0x24/0x40
[  122.784812][ T3886]  ? alloc_fd+0x5a7/0x640
[  122.789146][ T3886]  do_sys_openat2+0x124/0x4e0
[  122.793822][ T3886]  ? print_irqtrace_events+0x220/0x220
[  122.799291][ T3886]  ? ptrace_stop+0x74d/0x970
[  122.803887][ T3886]  ? do_sys_open+0x220/0x220
[  122.808475][ T3886]  ? lockdep_hardirqs_on+0x8d/0x130
[  122.813670][ T3886]  ? _raw_spin_unlock_irq+0x2a/0x40
[  122.818865][ T3886]  ? ptrace_notify+0x245/0x340
[  122.823620][ T3886]  __x64_sys_openat+0x243/0x290
[  122.828466][ T3886]  ? __ia32_sys_open+0x270/0x270
[  122.833397][ T3886]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  122.839371][ T3886]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  122.845345][ T3886]  do_syscall_64+0x3d/0xb0
[  122.849755][ T3886]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  122.855642][ T3886] RIP: 0033:0x7fc8868064d9
[  122.860052][ T3886] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  122.880549][ T3886] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  122.888953][ T3886] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  122.896915][ T3886] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  122.904888][ T3886] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3887] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3886] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3887] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3887] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3886] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3885] exit_group(0 <unfinished ...>
[pid  3887] <... futex resumed>)        = ?
[pid  3885] <... exit_group resumed>)   = ?
[pid  3887] +++ exited with 0 +++
[pid  3886] +++ exited with 0 +++
[pid  3885] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3885, si_uid=0, si_status=0, si_utime=3, si_stime=38} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./82/binderfs")                 = 0
[  122.912862][ T3886] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  122.920825][ T3886] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  122.928804][ T3886]  </TASK>
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./82/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./82")                           = 0
mkdir("./83", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3888
./strace-static-x86_64: Process 3888 attached
[pid  3888] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3888] chdir("./83")               = 0
[pid  3888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3888] setpgid(0, 0)               = 0
[pid  3888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3888] write(3, "1000", 4)         = 4
[pid  3888] close(3)                    = 0
[pid  3888] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3888] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3888] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3888] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3889 attached
, parent_tid=[3889], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3889
[pid  3888] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3889] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3888] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3889] <... set_robust_list resumed>) = 0
[pid  3889] memfd_create("syzkaller", 0) = 3
[pid  3889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3889] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3889] munmap(0x7fc87e392000, 16777216) = 0
[pid  3889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3889] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3889] close(3)                    = 0
[pid  3889] mkdir("./file0", 0777)      = 0
[  123.237096][ T3889] loop0: detected capacity change from 0 to 32768
[  123.249112][ T3889] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  123.257658][ T3889] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  123.267674][ T3889] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  123.277119][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  123.284339][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3889] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3889] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3889] chdir("./file0")            = 0
[pid  3889] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3889] close(4)                    = 0
[pid  3889] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3888] <... futex resumed>)        = 0
[pid  3888] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3888] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3889] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3889] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3888] <... futex resumed>)        = 0
[pid  3888] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3888] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3889] <... futex resumed>)        = 1
[  123.317300][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  123.325066][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  123.330504][ T3889] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  123.357661][ T3889] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  123.366347][ T3889] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  123.366347][ T3889]   inode = 12 2341
[  123.366347][ T3889]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  123.385466][ T3889] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  123.395058][ T3889] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3889 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3889] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3888] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3888] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[  123.405119][ T3889] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  123.413648][ T3889] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  123.420956][ T3889] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  123.429766][ T3889] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  123.437932][ T3889] gfs2: fsid=syz:syz.0: File system withdrawn
[  123.444129][ T3889] CPU: 0 PID: 3889 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  123.454560][ T3889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  123.464616][ T3889] Call Trace:
[  123.467884][ T3889]  <TASK>
[  123.470808][ T3889]  dump_stack_lvl+0x1b1/0x28e
[  123.475492][ T3889]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  123.480937][ T3889]  ? panic+0x710/0x710
[  123.484996][ T3889]  ? kobject_uevent_env+0x46b/0x8e0
[  123.490194][ T3889]  ? do_raw_spin_unlock+0x134/0x8a0
[  123.495412][ T3889]  gfs2_withdraw+0xf33/0x1540
[  123.500102][ T3889]  ? gfs2_lm+0x220/0x220
[  123.504348][ T3889]  ? gfs2_dirent_scan+0xb6/0x650
[  123.509280][ T3889]  ? panic+0x710/0x710
[  123.513338][ T3889]  ? gfs2_permission+0x2ff/0x430
[  123.518271][ T3889]  ? gfs2_consist_inode_i+0xf3/0x110
[  123.523553][ T3889]  gfs2_dirent_scan+0x535/0x650
[  123.528414][ T3889]  ? gfs2_dirent_search+0xb10/0xb10
[  123.533608][ T3889]  gfs2_dirent_search+0x2ea/0xb10
[  123.538632][ T3889]  ? gfs2_dirent_search+0xb10/0xb10
[  123.544263][ T3889]  ? gfs2_dir_search+0x2a0/0x2a0
[  123.549195][ T3889]  ? gfs2_permission+0x3bf/0x430
[  123.554138][ T3889]  gfs2_dir_search+0x8c/0x2a0
[  123.558813][ T3889]  ? do_filldir_main+0x530/0x530
[  123.563742][ T3889]  ? inode_go_held+0xe4/0x1f0
[  123.568417][ T3889]  ? gfs2_glock_wait+0x213/0x2a0
[  123.573346][ T3889]  gfs2_lookupi+0x465/0x650
[  123.577846][ T3889]  ? gfs2_lookup_simple+0x170/0x170
[  123.583041][ T3889]  ? __gfs2_lookup+0x8c/0x260
[  123.587717][ T3889]  __gfs2_lookup+0x8c/0x260
[  123.592218][ T3889]  ? gfs2_atomic_open+0x230/0x230
[  123.597236][ T3889]  ? __d_lookup+0x6a4/0x770
[  123.601730][ T3889]  ? d_hash_and_lookup+0x1c0/0x1c0
[  123.606831][ T3889]  gfs2_atomic_open+0xa4/0x230
[  123.611603][ T3889]  path_openat+0xf39/0x2df0
[  123.616120][ T3889]  ? gfs2_rename2+0x3000/0x3000
[  123.620987][ T3889]  ? do_filp_open+0x4f0/0x4f0
[  123.626031][ T3889]  do_filp_open+0x264/0x4f0
[  123.630535][ T3889]  ? vfs_tmpfile+0x490/0x490
[  123.635136][ T3889]  ? do_raw_spin_unlock+0x134/0x8a0
[  123.640355][ T3889]  ? _raw_spin_unlock+0x24/0x40
[  123.645375][ T3889]  ? alloc_fd+0x5a7/0x640
[  123.649707][ T3889]  do_sys_openat2+0x124/0x4e0
[  123.654987][ T3889]  ? print_irqtrace_events+0x220/0x220
[  123.660434][ T3889]  ? ptrace_stop+0x74d/0x970
[  123.665020][ T3889]  ? do_sys_open+0x220/0x220
[  123.669604][ T3889]  ? lockdep_hardirqs_on+0x8d/0x130
[  123.674837][ T3889]  ? _raw_spin_unlock_irq+0x2a/0x40
[  123.680035][ T3889]  ? ptrace_notify+0x245/0x340
[  123.684793][ T3889]  __x64_sys_openat+0x243/0x290
[  123.689638][ T3889]  ? __ia32_sys_open+0x270/0x270
[  123.694569][ T3889]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  123.700553][ T3889]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  123.706524][ T3889]  do_syscall_64+0x3d/0xb0
[  123.710943][ T3889]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  123.716826][ T3889] RIP: 0033:0x7fc8868064d9
[  123.721945][ T3889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  123.741543][ T3889] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  123.749951][ T3889] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3888] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3888] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID <unfinished ...>
[pid  3889] <... openat resumed>)       = -1 EIO (Input/output error)
./strace-static-x86_64: Process 3890 attached
[pid  3889] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3888] <... clone resumed>, parent_tid=[3890], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3890
[pid  3890] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3889] <... futex resumed>)        = 0
[pid  3890] <... set_robust_list resumed>) = 0
[pid  3889] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3888] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3890] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3890] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3888] exit_group(0)               = ?
[pid  3889] <... futex resumed>)        = ?
[pid  3889] +++ exited with 0 +++
[pid  3890] +++ exited with 0 +++
[pid  3888] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3888, si_uid=0, si_status=0, si_utime=0, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./83/binderfs")                 = 0
[  123.757913][ T3889] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  123.765876][ T3889] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  123.773839][ T3889] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  123.781810][ T3889] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  123.789783][ T3889]  </TASK>
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./83/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./83")                           = 0
mkdir("./84", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3891 attached
, child_tidptr=0x55555635f5d0) = 3891
[pid  3891] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3891] chdir("./84")               = 0
[pid  3891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3891] setpgid(0, 0)               = 0
[pid  3891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3891] write(3, "1000", 4)         = 4
[pid  3891] close(3)                    = 0
[pid  3891] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3891] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3891] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3891] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3892], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3892
[pid  3891] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3891] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3892 attached
 <unfinished ...>
[pid  3892] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3892] memfd_create("syzkaller", 0) = 3
[pid  3892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3892] munmap(0x7fc87e392000, 16777216) = 0
[pid  3892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3892] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3892] close(3)                    = 0
[pid  3892] mkdir("./file0", 0777)      = 0
[  124.095443][ T3892] loop0: detected capacity change from 0 to 32768
[  124.106294][ T3892] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  124.114816][ T3892] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  124.124647][ T3892] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  124.133337][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  124.140230][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3892] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3892] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3892] chdir("./file0")            = 0
[pid  3892] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3892] close(4)                    = 0
[pid  3892] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3891] <... futex resumed>)        = 0
[pid  3891] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3891] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3892] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3892] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3891] <... futex resumed>)        = 0
[pid  3892] <... futex resumed>)        = 1
[pid  3891] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3892] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3891] <... futex resumed>)        = 0
[  124.174952][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  124.182476][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  124.187718][ T3892] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  124.222311][ T3892] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  124.230916][ T3892] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  124.230916][ T3892]   inode = 12 2341
[  124.230916][ T3892]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  124.250821][ T3892] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  124.259867][ T3892] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3892 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3891] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3891] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3891] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3891] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3893], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3893
[pid  3891] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3893 attached
[pid  3893] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3893] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3893] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  124.269918][ T3892] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  124.278969][ T3892] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  124.286410][ T3892] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  124.295461][ T3892] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  124.302112][ T3892] gfs2: fsid=syz:syz.0: File system withdrawn
[  124.308187][ T3892] CPU: 0 PID: 3892 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  124.318591][ T3892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  124.328649][ T3892] Call Trace:
[  124.331937][ T3892]  <TASK>
[  124.334884][ T3892]  dump_stack_lvl+0x1b1/0x28e
[  124.339575][ T3892]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  124.345036][ T3892]  ? panic+0x710/0x710
[  124.349130][ T3892]  ? kobject_uevent_env+0x46b/0x8e0
[  124.354342][ T3892]  ? do_raw_spin_unlock+0x134/0x8a0
[  124.359540][ T3892]  gfs2_withdraw+0xf33/0x1540
[  124.364405][ T3892]  ? gfs2_lm+0x220/0x220
[  124.368644][ T3892]  ? gfs2_dirent_scan+0xb6/0x650
[  124.373576][ T3892]  ? panic+0x710/0x710
[  124.377637][ T3892]  ? gfs2_permission+0x2ff/0x430
[  124.382576][ T3892]  ? gfs2_consist_inode_i+0xf3/0x110
[  124.387858][ T3892]  gfs2_dirent_scan+0x535/0x650
[  124.392709][ T3892]  ? gfs2_dirent_search+0xb10/0xb10
[  124.397908][ T3892]  gfs2_dirent_search+0x2ea/0xb10
[  124.402931][ T3892]  ? gfs2_dirent_search+0xb10/0xb10
[  124.408130][ T3892]  ? gfs2_dir_search+0x2a0/0x2a0
[  124.413064][ T3892]  ? gfs2_permission+0x3bf/0x430
[  124.418004][ T3892]  gfs2_dir_search+0x8c/0x2a0
[  124.422681][ T3892]  ? do_filldir_main+0x530/0x530
[  124.427701][ T3892]  ? inode_go_held+0xe4/0x1f0
[  124.432375][ T3892]  ? gfs2_glock_wait+0x213/0x2a0
[  124.437311][ T3892]  gfs2_lookupi+0x465/0x650
[  124.442002][ T3892]  ? gfs2_lookup_simple+0x170/0x170
[  124.447199][ T3892]  ? __gfs2_lookup+0x8c/0x260
[  124.451883][ T3892]  __gfs2_lookup+0x8c/0x260
[  124.456383][ T3892]  ? gfs2_atomic_open+0x230/0x230
[  124.461405][ T3892]  ? __d_lookup+0x6a4/0x770
[  124.465900][ T3892]  ? d_hash_and_lookup+0x1c0/0x1c0
[  124.471007][ T3892]  gfs2_atomic_open+0xa4/0x230
[  124.475770][ T3892]  path_openat+0xf39/0x2df0
[  124.480274][ T3892]  ? gfs2_rename2+0x3000/0x3000
[  124.485131][ T3892]  ? do_filp_open+0x4f0/0x4f0
[  124.489810][ T3892]  do_filp_open+0x264/0x4f0
[  124.494304][ T3892]  ? vfs_tmpfile+0x490/0x490
[  124.498895][ T3892]  ? do_raw_spin_unlock+0x134/0x8a0
[  124.504093][ T3892]  ? _raw_spin_unlock+0x24/0x40
[  124.508938][ T3892]  ? alloc_fd+0x5a7/0x640
[  124.513272][ T3892]  do_sys_openat2+0x124/0x4e0
[  124.517944][ T3892]  ? print_irqtrace_events+0x220/0x220
[  124.523390][ T3892]  ? ptrace_stop+0x74d/0x970
[  124.527973][ T3892]  ? do_sys_open+0x220/0x220
[  124.532557][ T3892]  ? lockdep_hardirqs_on+0x8d/0x130
[  124.537751][ T3892]  ? _raw_spin_unlock_irq+0x2a/0x40
[  124.542942][ T3892]  ? ptrace_notify+0x245/0x340
[  124.547696][ T3892]  __x64_sys_openat+0x243/0x290
[  124.552543][ T3892]  ? __ia32_sys_open+0x270/0x270
[  124.557475][ T3892]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  124.563447][ T3892]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  124.569421][ T3892]  do_syscall_64+0x3d/0xb0
[  124.573831][ T3892]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.579715][ T3892] RIP: 0033:0x7fc8868064d9
[  124.584123][ T3892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  124.603720][ T3892] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  124.612124][ T3892] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3893] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3892] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3892] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3891] exit_group(0 <unfinished ...>
[pid  3892] <... futex resumed>)        = ?
[pid  3891] <... exit_group resumed>)   = ?
[pid  3892] +++ exited with 0 +++
[pid  3893] <... futex resumed>)        = ?
[pid  3893] +++ exited with 0 +++
[pid  3891] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3891, si_uid=0, si_status=0, si_utime=4, si_stime=27} ---
umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./84/binderfs")                 = 0
[  124.620090][ T3892] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  124.628049][ T3892] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  124.636006][ T3892] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  124.643967][ T3892] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  124.651941][ T3892]  </TASK>
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./84/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./84")                           = 0
mkdir("./85", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3894
./strace-static-x86_64: Process 3894 attached
[pid  3894] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3894] chdir("./85")               = 0
[pid  3894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3894] setpgid(0, 0)               = 0
[pid  3894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3894] write(3, "1000", 4)         = 4
[pid  3894] close(3)                    = 0
[pid  3894] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3894] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3894] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3894] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3895 attached
 <unfinished ...>
[pid  3895] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3895] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3894] <... clone resumed>, parent_tid=[3895], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3895
[pid  3894] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3894] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3895] <... futex resumed>)        = 0
[pid  3895] memfd_create("syzkaller", 0) = 3
[pid  3895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3895] munmap(0x7fc87e392000, 16777216) = 0
[pid  3895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3895] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3895] close(3)                    = 0
[pid  3895] mkdir("./file0", 0777)      = 0
[  124.944344][ T3895] loop0: detected capacity change from 0 to 32768
[  124.955484][ T3895] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  124.964195][ T3895] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  124.973429][ T3895] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  124.982207][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  124.989250][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3895] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3895] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3895] chdir("./file0")            = 0
[pid  3895] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3895] close(4)                    = 0
[pid  3895] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3894] <... futex resumed>)        = 0
[pid  3894] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3894] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3895] <... futex resumed>)        = 1
[pid  3895] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3895] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3894] <... futex resumed>)        = 0
[pid  3894] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3894] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3895] <... futex resumed>)        = 1
[  125.024898][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  125.032715][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  125.038017][ T3895] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  125.053046][ T3895] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  125.061719][ T3895] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  125.061719][ T3895]   inode = 12 2341
[pid  3895] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3894] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3894] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  125.061719][ T3895]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  125.080738][ T3895] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  125.089813][ T3895] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3895 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  125.100055][ T3895] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  125.108651][ T3895] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  125.116007][ T3895] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[  125.125025][ T3895] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  125.132135][ T3895] gfs2: fsid=syz:syz.0: File system withdrawn
[  125.138504][ T3895] CPU: 0 PID: 3895 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  125.148937][ T3895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  125.158989][ T3895] Call Trace:
[  125.162259][ T3895]  <TASK>
[  125.165184][ T3895]  dump_stack_lvl+0x1b1/0x28e
[  125.169861][ T3895]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  125.176184][ T3895]  ? panic+0x710/0x710
[  125.180253][ T3895]  ? kobject_uevent_env+0x46b/0x8e0
[  125.185447][ T3895]  ? do_raw_spin_unlock+0x134/0x8a0
[  125.190645][ T3895]  gfs2_withdraw+0xf33/0x1540
[  125.195327][ T3895]  ? gfs2_lm+0x220/0x220
[  125.199567][ T3895]  ? gfs2_dirent_scan+0xb6/0x650
[  125.204500][ T3895]  ? panic+0x710/0x710
[  125.208565][ T3895]  ? gfs2_permission+0x2ff/0x430
[  125.213500][ T3895]  ? gfs2_consist_inode_i+0xf3/0x110
[  125.218781][ T3895]  gfs2_dirent_scan+0x535/0x650
[  125.223630][ T3895]  ? gfs2_dirent_search+0xb10/0xb10
[  125.229002][ T3895]  gfs2_dirent_search+0x2ea/0xb10
[  125.234024][ T3895]  ? gfs2_dirent_search+0xb10/0xb10
[  125.239569][ T3895]  ? gfs2_dir_search+0x2a0/0x2a0
[  125.244499][ T3895]  ? gfs2_permission+0x3bf/0x430
[  125.249437][ T3895]  gfs2_dir_search+0x8c/0x2a0
[  125.254111][ T3895]  ? do_filldir_main+0x530/0x530
[  125.259042][ T3895]  ? inode_go_held+0xe4/0x1f0
[  125.263717][ T3895]  ? gfs2_glock_wait+0x213/0x2a0
[  125.268649][ T3895]  gfs2_lookupi+0x465/0x650
[  125.273156][ T3895]  ? gfs2_lookup_simple+0x170/0x170
[  125.278353][ T3895]  ? __gfs2_lookup+0x8c/0x260
[  125.283034][ T3895]  __gfs2_lookup+0x8c/0x260
[  125.287535][ T3895]  ? gfs2_atomic_open+0x230/0x230
[  125.292559][ T3895]  ? __d_lookup+0x6a4/0x770
[  125.297054][ T3895]  ? d_hash_and_lookup+0x1c0/0x1c0
[  125.302163][ T3895]  gfs2_atomic_open+0xa4/0x230
[  125.306925][ T3895]  path_openat+0xf39/0x2df0
[  125.311432][ T3895]  ? gfs2_rename2+0x3000/0x3000
[  125.316295][ T3895]  ? do_filp_open+0x4f0/0x4f0
[  125.320976][ T3895]  do_filp_open+0x264/0x4f0
[  125.325469][ T3895]  ? vfs_tmpfile+0x490/0x490
[  125.330057][ T3895]  ? do_raw_spin_unlock+0x134/0x8a0
[  125.335263][ T3895]  ? _raw_spin_unlock+0x24/0x40
[  125.340110][ T3895]  ? alloc_fd+0x5a7/0x640
[  125.344444][ T3895]  do_sys_openat2+0x124/0x4e0
[  125.349116][ T3895]  ? print_irqtrace_events+0x220/0x220
[  125.354561][ T3895]  ? ptrace_stop+0x74d/0x970
[  125.359144][ T3895]  ? do_sys_open+0x220/0x220
[  125.363733][ T3895]  ? lockdep_hardirqs_on+0x8d/0x130
[  125.368925][ T3895]  ? _raw_spin_unlock_irq+0x2a/0x40
[  125.374119][ T3895]  ? ptrace_notify+0x245/0x340
[  125.378878][ T3895]  __x64_sys_openat+0x243/0x290
[  125.383722][ T3895]  ? __ia32_sys_open+0x270/0x270
[  125.388661][ T3895]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  125.394640][ T3895]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  125.400617][ T3895]  do_syscall_64+0x3d/0xb0
[  125.405027][ T3895]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.410909][ T3895] RIP: 0033:0x7fc8868064d9
[  125.415317][ T3895] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  125.434913][ T3895] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  125.443315][ T3895] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  125.451276][ T3895] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  125.459251][ T3895] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  125.467210][ T3895] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3894] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3894] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3896], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3896
[pid  3894] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3895] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3895] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3895] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 3896 attached
 <unfinished ...>
[pid  3896] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3896] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3896] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3896] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3894] exit_group(0 <unfinished ...>
[pid  3896] <... futex resumed>)        = ?
[pid  3895] <... futex resumed>)        = ?
[pid  3894] <... exit_group resumed>)   = ?
[pid  3895] +++ exited with 0 +++
[pid  3896] +++ exited with 0 +++
[pid  3894] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3894, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./85/binderfs")                 = 0
[  125.475173][ T3895] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  125.483148][ T3895]  </TASK>
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./85/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./85")                           = 0
mkdir("./86", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3897
./strace-static-x86_64: Process 3897 attached
[pid  3897] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3897] chdir("./86")               = 0
[pid  3897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3897] setpgid(0, 0)               = 0
[pid  3897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3897] write(3, "1000", 4)         = 4
[pid  3897] close(3)                    = 0
[pid  3897] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3897] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3897] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3897] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3898], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3898
./strace-static-x86_64: Process 3898 attached
[pid  3898] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3897] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3898] <... set_robust_list resumed>) = 0
[pid  3897] <... futex resumed>)        = 0
[pid  3897] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3898] memfd_create("syzkaller", 0) = 3
[pid  3898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3898] munmap(0x7fc87e392000, 16777216) = 0
[pid  3898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3898] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3898] close(3)                    = 0
[pid  3898] mkdir("./file0", 0777)      = 0
[  125.778810][ T3898] loop0: detected capacity change from 0 to 32768
[  125.789884][ T3898] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  125.798651][ T3898] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  125.808561][ T3898] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  125.817121][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  125.824017][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3898] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3898] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3898] chdir("./file0")            = 0
[pid  3898] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3898] close(4)                    = 0
[pid  3898] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3897] <... futex resumed>)        = 0
[pid  3897] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3897] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3898] <... futex resumed>)        = 1
[pid  3898] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3898] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3897] <... futex resumed>)        = 0
[pid  3897] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3897] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3898] <... futex resumed>)        = 1
[  125.863549][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  125.872271][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  125.877541][ T3898] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  125.894269][ T3898] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  125.903309][ T3898] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3898] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3897] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3897] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3897] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3897] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3899], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3899
[pid  3897] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3899 attached
[pid  3899] set_robust_list(0x7fc87f3919e0, 24) = 0
[  125.903309][ T3898]   inode = 12 2341
[  125.903309][ T3898]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  125.922437][ T3898] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  125.931916][ T3898] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3898 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  125.942389][ T3898] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  125.947072][ T3899] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  125.959778][ T3899] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  125.959778][ T3899]   inode = 12 2341
[  125.959778][ T3899]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  125.960056][ T3898] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  125.978954][ T3899] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  125.985863][ T3898] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  125.995307][ T3899] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3898 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  126.003779][ T3898] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  126.014058][ T3899] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3899 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  126.021911][ T3898] gfs2: fsid=syz:syz.0: File system withdrawn
[  126.030598][ T3899] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  126.036583][ T3898] CPU: 1 PID: 3898 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  126.054918][ T3898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  126.066289][ T3898] Call Trace:
[  126.069567][ T3898]  <TASK>
[  126.072502][ T3898]  dump_stack_lvl+0x1b1/0x28e
[  126.077173][ T3898]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  126.082643][ T3898]  ? panic+0x710/0x710
[  126.086708][ T3898]  ? kobject_uevent_env+0x46b/0x8e0
[  126.091943][ T3898]  ? do_raw_spin_unlock+0x134/0x8a0
[  126.097192][ T3898]  gfs2_withdraw+0xf33/0x1540
[  126.101982][ T3898]  ? gfs2_lm+0x220/0x220
[  126.106230][ T3898]  ? gfs2_dirent_scan+0xb6/0x650
[pid  3899] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3897] exit_group(0)               = ?
[  126.111183][ T3898]  ? panic+0x710/0x710
[  126.115258][ T3898]  ? gfs2_permission+0x2ff/0x430
[  126.120206][ T3898]  ? gfs2_consist_inode_i+0xf3/0x110
[  126.125502][ T3898]  gfs2_dirent_scan+0x535/0x650
[  126.130350][ T3898]  ? gfs2_dirent_search+0xb10/0xb10
[  126.135559][ T3898]  gfs2_dirent_search+0x2ea/0xb10
[  126.140610][ T3898]  ? gfs2_dirent_search+0xb10/0xb10
[  126.145816][ T3898]  ? gfs2_dir_search+0x2a0/0x2a0
[  126.150746][ T3898]  ? gfs2_permission+0x3bf/0x430
[  126.155692][ T3898]  gfs2_dir_search+0x8c/0x2a0
[  126.160380][ T3898]  ? do_filldir_main+0x530/0x530
[  126.166717][ T3898]  ? inode_go_held+0xe4/0x1f0
[  126.171412][ T3898]  ? gfs2_glock_wait+0x213/0x2a0
[  126.176361][ T3898]  gfs2_lookupi+0x465/0x650
[  126.180881][ T3898]  ? gfs2_lookup_simple+0x170/0x170
[  126.186090][ T3898]  ? __gfs2_lookup+0x8c/0x260
[  126.190784][ T3898]  __gfs2_lookup+0x8c/0x260
[  126.195282][ T3898]  ? gfs2_atomic_open+0x230/0x230
[  126.200299][ T3898]  ? __d_lookup+0x6a4/0x770
[  126.204829][ T3898]  ? d_hash_and_lookup+0x1c0/0x1c0
[  126.209935][ T3898]  gfs2_atomic_open+0xa4/0x230
[  126.214727][ T3898]  path_openat+0xf39/0x2df0
[  126.219241][ T3898]  ? gfs2_rename2+0x3000/0x3000
[  126.224114][ T3898]  ? do_filp_open+0x4f0/0x4f0
[  126.228810][ T3898]  do_filp_open+0x264/0x4f0
[  126.233322][ T3898]  ? vfs_tmpfile+0x490/0x490
[  126.237907][ T3898]  ? do_raw_spin_unlock+0x134/0x8a0
[  126.243106][ T3898]  ? _raw_spin_unlock+0x24/0x40
[  126.248047][ T3898]  ? alloc_fd+0x5a7/0x640
[  126.252395][ T3898]  do_sys_openat2+0x124/0x4e0
[  126.257061][ T3898]  ? print_irqtrace_events+0x220/0x220
[  126.262507][ T3898]  ? ptrace_stop+0x74d/0x970
[  126.267097][ T3898]  ? do_sys_open+0x220/0x220
[  126.271689][ T3898]  ? lockdep_hardirqs_on+0x8d/0x130
[  126.276899][ T3898]  ? _raw_spin_unlock_irq+0x2a/0x40
[  126.282120][ T3898]  ? ptrace_notify+0x245/0x340
[  126.286893][ T3898]  __x64_sys_openat+0x243/0x290
[  126.291760][ T3898]  ? __ia32_sys_open+0x270/0x270
[  126.296698][ T3898]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  126.302688][ T3898]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  126.308679][ T3898]  do_syscall_64+0x3d/0xb0
[  126.313104][ T3898]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  126.319007][ T3898] RIP: 0033:0x7fc8868064d9
[  126.323415][ T3898] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  126.343039][ T3898] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  126.351716][ T3898] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3898] <... openat resumed>)       = ?
[pid  3898] +++ exited with 0 +++
[pid  3899] <... openat resumed>)       = ?
[pid  3899] +++ exited with 0 +++
[pid  3897] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3897, si_uid=0, si_status=0, si_utime=1, si_stime=41} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./86/binderfs")                 = 0
[  126.359696][ T3898] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  126.367670][ T3898] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  126.375639][ T3898] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  126.383625][ T3898] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  126.391624][ T3898]  </TASK>
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./86/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./86")                           = 0
mkdir("./87", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3900
./strace-static-x86_64: Process 3900 attached
[pid  3900] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3900] chdir("./87")               = 0
[pid  3900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3900] setpgid(0, 0)               = 0
[pid  3900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3900] write(3, "1000", 4)         = 4
[pid  3900] close(3)                    = 0
[pid  3900] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3900] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3900] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3900] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3901], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3901
[pid  3900] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3900] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3901 attached
 <unfinished ...>
[pid  3901] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3901] memfd_create("syzkaller", 0) = 3
[pid  3901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3901] munmap(0x7fc87e392000, 16777216) = 0
[pid  3901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3901] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3901] close(3)                    = 0
[pid  3901] mkdir("./file0", 0777)      = 0
[  126.714354][ T3901] loop0: detected capacity change from 0 to 32768
[  126.724025][ T3901] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  126.732303][ T3901] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  126.742319][ T3901] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  126.751774][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  126.758641][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3901] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3901] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3901] chdir("./file0")            = 0
[pid  3901] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3901] close(4)                    = 0
[pid  3901] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3901] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3900] <... futex resumed>)        = 0
[pid  3900] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3900] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3901] <... futex resumed>)        = 0
[pid  3901] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3901] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3900] <... futex resumed>)        = 0
[pid  3901] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3900] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3901] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3900] <... futex resumed>)        = 0
[pid  3901] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  126.792555][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  126.800274][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  126.805515][ T3901] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3900] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  126.839550][ T3901] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  126.850992][ T3901] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  126.850992][ T3901]   inode = 12 2341
[  126.850992][ T3901]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  126.870047][ T3901] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  126.879508][ T3901] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3901 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3900] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3900] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3900] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3902], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3902
[pid  3900] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3902 attached
[pid  3902] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3902] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3902] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  126.889841][ T3901] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  126.898546][ T3901] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  126.905940][ T3901] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  126.914870][ T3901] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  126.922174][ T3901] gfs2: fsid=syz:syz.0: File system withdrawn
[  126.928605][ T3901] CPU: 0 PID: 3901 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  126.939020][ T3901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  126.949071][ T3901] Call Trace:
[  126.952352][ T3901]  <TASK>
[  126.955299][ T3901]  dump_stack_lvl+0x1b1/0x28e
[  126.959985][ T3901]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  126.965444][ T3901]  ? panic+0x710/0x710
[  126.969530][ T3901]  ? kobject_uevent_env+0x46b/0x8e0
[  126.974736][ T3901]  ? do_raw_spin_unlock+0x134/0x8a0
[  126.979930][ T3901]  gfs2_withdraw+0xf33/0x1540
[  126.984609][ T3901]  ? gfs2_lm+0x220/0x220
[pid  3902] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3900] exit_group(0 <unfinished ...>
[pid  3902] <... futex resumed>)        = ?
[pid  3900] <... exit_group resumed>)   = ?
[pid  3902] +++ exited with 0 +++
[  126.988858][ T3901]  ? gfs2_dirent_scan+0xb6/0x650
[  126.993883][ T3901]  ? panic+0x710/0x710
[  126.997962][ T3901]  ? gfs2_permission+0x2ff/0x430
[  127.002912][ T3901]  ? gfs2_consist_inode_i+0xf3/0x110
[  127.008199][ T3901]  gfs2_dirent_scan+0x535/0x650
[  127.013064][ T3901]  ? gfs2_dirent_search+0xb10/0xb10
[  127.018257][ T3901]  gfs2_dirent_search+0x2ea/0xb10
[  127.023285][ T3901]  ? gfs2_dirent_search+0xb10/0xb10
[  127.028515][ T3901]  ? gfs2_dir_search+0x2a0/0x2a0
[  127.033468][ T3901]  ? gfs2_permission+0x3bf/0x430
[  127.038405][ T3901]  gfs2_dir_search+0x8c/0x2a0
[  127.043086][ T3901]  ? do_filldir_main+0x530/0x530
[  127.048038][ T3901]  ? inode_go_held+0xe4/0x1f0
[  127.052722][ T3901]  ? gfs2_glock_wait+0x213/0x2a0
[  127.057665][ T3901]  gfs2_lookupi+0x465/0x650
[  127.062202][ T3901]  ? gfs2_lookup_simple+0x170/0x170
[  127.067401][ T3901]  ? __gfs2_lookup+0x8c/0x260
[  127.072083][ T3901]  __gfs2_lookup+0x8c/0x260
[  127.076584][ T3901]  ? gfs2_atomic_open+0x230/0x230
[  127.081608][ T3901]  ? __d_lookup+0x6a4/0x770
[  127.086103][ T3901]  ? d_hash_and_lookup+0x1c0/0x1c0
[  127.091555][ T3901]  gfs2_atomic_open+0xa4/0x230
[  127.096319][ T3901]  path_openat+0xf39/0x2df0
[  127.100831][ T3901]  ? gfs2_rename2+0x3000/0x3000
[  127.105688][ T3901]  ? do_filp_open+0x4f0/0x4f0
[  127.110372][ T3901]  do_filp_open+0x264/0x4f0
[  127.114870][ T3901]  ? vfs_tmpfile+0x490/0x490
[  127.119466][ T3901]  ? do_raw_spin_unlock+0x134/0x8a0
[  127.124663][ T3901]  ? _raw_spin_unlock+0x24/0x40
[  127.129523][ T3901]  ? alloc_fd+0x5a7/0x640
[  127.133856][ T3901]  do_sys_openat2+0x124/0x4e0
[  127.138616][ T3901]  ? print_irqtrace_events+0x220/0x220
[  127.144066][ T3901]  ? ptrace_stop+0x74d/0x970
[  127.149001][ T3901]  ? do_sys_open+0x220/0x220
[  127.153588][ T3901]  ? lockdep_hardirqs_on+0x8d/0x130
[  127.158779][ T3901]  ? _raw_spin_unlock_irq+0x2a/0x40
[  127.163973][ T3901]  ? ptrace_notify+0x245/0x340
[  127.168729][ T3901]  __x64_sys_openat+0x243/0x290
[  127.173575][ T3901]  ? __ia32_sys_open+0x270/0x270
[  127.178509][ T3901]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  127.184482][ T3901]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  127.190457][ T3901]  do_syscall_64+0x3d/0xb0
[  127.194867][ T3901]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  127.200756][ T3901] RIP: 0033:0x7fc8868064d9
[  127.205163][ T3901] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  127.224762][ T3901] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  127.233171][ T3901] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3901] <... openat resumed>)       = ?
[pid  3901] +++ exited with 0 +++
[pid  3900] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3900, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./87/binderfs")                 = 0
[  127.241134][ T3901] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  127.249105][ T3901] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  127.257066][ T3901] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  127.265036][ T3901] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  127.273011][ T3901]  </TASK>
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./87/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./87")                           = 0
mkdir("./88", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3903
./strace-static-x86_64: Process 3903 attached
[pid  3903] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3903] chdir("./88")               = 0
[pid  3903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3903] setpgid(0, 0)               = 0
[pid  3903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3903] write(3, "1000", 4)         = 4
[pid  3903] close(3)                    = 0
[pid  3903] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3903] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3903] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3903] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3904 attached
, parent_tid=[3904], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3904
[pid  3903] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3903] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3904] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3904] memfd_create("syzkaller", 0) = 3
[pid  3904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3904] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3904] munmap(0x7fc87e392000, 16777216) = 0
[pid  3904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3904] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3904] close(3)                    = 0
[pid  3904] mkdir("./file0", 0777)      = 0
[  127.589739][ T3904] loop0: detected capacity change from 0 to 32768
[  127.601055][ T3904] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  127.609307][ T3904] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  127.618605][ T3904] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  127.627327][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  127.634220][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3904] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3904] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3904] chdir("./file0")            = 0
[pid  3904] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3904] close(4)                    = 0
[pid  3904] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3904] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3903] <... futex resumed>)        = 0
[pid  3903] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3904] <... futex resumed>)        = 0
[pid  3903] <... futex resumed>)        = 1
[pid  3904] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3903] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3904] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3904] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3903] <... futex resumed>)        = 0
[pid  3904] <... futex resumed>)        = 1
[pid  3903] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[  127.669803][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  127.677425][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  127.682806][ T3904] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3904] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3903] <... futex resumed>)        = 0
[  127.711295][ T3904] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  127.720113][ T3904] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  127.720113][ T3904]   inode = 12 2341
[  127.720113][ T3904]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  127.739237][ T3904] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  127.748577][ T3904] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3904 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3903] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3903] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3903] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3903] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3905], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3905
[pid  3903] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3905 attached
[pid  3905] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3905] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3905] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  127.759085][ T3904] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  127.768388][ T3904] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  127.776244][ T3904] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  127.785436][ T3904] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  127.792099][ T3904] gfs2: fsid=syz:syz.0: File system withdrawn
[  127.798179][ T3904] CPU: 1 PID: 3904 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  127.808596][ T3904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  127.818656][ T3904] Call Trace:
[  127.821932][ T3904]  <TASK>
[  127.824864][ T3904]  dump_stack_lvl+0x1b1/0x28e
[  127.829544][ T3904]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  127.834993][ T3904]  ? panic+0x710/0x710
[  127.839064][ T3904]  ? kobject_uevent_env+0x46b/0x8e0
[  127.844253][ T3904]  ? do_raw_spin_unlock+0x134/0x8a0
[  127.849460][ T3904]  gfs2_withdraw+0xf33/0x1540
[  127.854143][ T3904]  ? gfs2_lm+0x220/0x220
[  127.858373][ T3904]  ? gfs2_dirent_scan+0xb6/0x650
[  127.863313][ T3904]  ? panic+0x710/0x710
[  127.867378][ T3904]  ? gfs2_permission+0x2ff/0x430
[  127.872314][ T3904]  ? gfs2_consist_inode_i+0xf3/0x110
[  127.877601][ T3904]  gfs2_dirent_scan+0x535/0x650
[  127.882452][ T3904]  ? gfs2_dirent_search+0xb10/0xb10
[  127.887648][ T3904]  gfs2_dirent_search+0x2ea/0xb10
[  127.892670][ T3904]  ? gfs2_dirent_search+0xb10/0xb10
[  127.897906][ T3904]  ? gfs2_dir_search+0x2a0/0x2a0
[  127.902855][ T3904]  ? gfs2_permission+0x3bf/0x430
[  127.907819][ T3904]  gfs2_dir_search+0x8c/0x2a0
[  127.912509][ T3904]  ? do_filldir_main+0x530/0x530
[  127.917442][ T3904]  ? inode_go_held+0xe4/0x1f0
[  127.922111][ T3904]  ? gfs2_glock_wait+0x213/0x2a0
[  127.927040][ T3904]  gfs2_lookupi+0x465/0x650
[  127.931545][ T3904]  ? gfs2_lookup_simple+0x170/0x170
[  127.936739][ T3904]  ? __gfs2_lookup+0x8c/0x260
[  127.941415][ T3904]  __gfs2_lookup+0x8c/0x260
[  127.945924][ T3904]  ? gfs2_atomic_open+0x230/0x230
[  127.950947][ T3904]  ? __d_lookup+0x6a4/0x770
[  127.955443][ T3904]  ? d_hash_and_lookup+0x1c0/0x1c0
[  127.960547][ T3904]  gfs2_atomic_open+0xa4/0x230
[  127.965307][ T3904]  path_openat+0xf39/0x2df0
[  127.969813][ T3904]  ? gfs2_rename2+0x3000/0x3000
[  127.974669][ T3904]  ? do_filp_open+0x4f0/0x4f0
[  127.979353][ T3904]  do_filp_open+0x264/0x4f0
[  127.983852][ T3904]  ? vfs_tmpfile+0x490/0x490
[  127.988449][ T3904]  ? do_raw_spin_unlock+0x134/0x8a0
[  127.993644][ T3904]  ? _raw_spin_unlock+0x24/0x40
[  127.998491][ T3904]  ? alloc_fd+0x5a7/0x640
[  128.002848][ T3904]  do_sys_openat2+0x124/0x4e0
[  128.007533][ T3904]  ? print_irqtrace_events+0x220/0x220
[  128.012994][ T3904]  ? ptrace_stop+0x74d/0x970
[  128.017593][ T3904]  ? do_sys_open+0x220/0x220
[  128.022182][ T3904]  ? lockdep_hardirqs_on+0x8d/0x130
[  128.027374][ T3904]  ? _raw_spin_unlock_irq+0x2a/0x40
[  128.032566][ T3904]  ? ptrace_notify+0x245/0x340
[  128.037321][ T3904]  __x64_sys_openat+0x243/0x290
[  128.042167][ T3904]  ? __ia32_sys_open+0x270/0x270
[  128.047098][ T3904]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  128.053072][ T3904]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  128.059044][ T3904]  do_syscall_64+0x3d/0xb0
[  128.063454][ T3904]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  128.069337][ T3904] RIP: 0033:0x7fc8868064d9
[  128.073745][ T3904] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  128.093343][ T3904] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  128.101754][ T3904] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3905] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3904] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3904] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3903] exit_group(0 <unfinished ...>
[pid  3904] <... futex resumed>)        = ?
[pid  3903] <... exit_group resumed>)   = ?
[pid  3905] <... futex resumed>)        = ?
[pid  3904] +++ exited with 0 +++
[pid  3905] +++ exited with 0 +++
[pid  3903] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3903, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./88/binderfs")                 = 0
[  128.109727][ T3904] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  128.117692][ T3904] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  128.125696][ T3904] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  128.133832][ T3904] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  128.141811][ T3904]  </TASK>
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./88/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./88")                           = 0
mkdir("./89", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3906
./strace-static-x86_64: Process 3906 attached
[pid  3906] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3906] chdir("./89")               = 0
[pid  3906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3906] setpgid(0, 0)               = 0
[pid  3906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3906] write(3, "1000", 4)         = 4
[pid  3906] close(3)                    = 0
[pid  3906] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3906] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3906] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3906] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3907], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3907
[pid  3906] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3906] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3907 attached
 <unfinished ...>
[pid  3907] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3907] memfd_create("syzkaller", 0) = 3
[pid  3907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3907] munmap(0x7fc87e392000, 16777216) = 0
[pid  3907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3907] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3907] close(3)                    = 0
[pid  3907] mkdir("./file0", 0777)      = 0
[  128.440805][ T3907] loop0: detected capacity change from 0 to 32768
[  128.450891][ T3907] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  128.459090][ T3907] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  128.468322][ T3907] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  128.477086][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  128.484299][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3907] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3907] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3907] chdir("./file0")            = 0
[pid  3907] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3907] close(4)                    = 0
[pid  3907] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3907] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3906] <... futex resumed>)        = 0
[pid  3906] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3906] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3907] <... futex resumed>)        = 0
[pid  3907] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3907] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3906] <... futex resumed>)        = 0
[pid  3907] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3906] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3907] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3906] <... futex resumed>)        = 0
[pid  3907] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  128.520033][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  128.528813][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  128.534282][ T3907] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  128.569556][ T3907] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  128.578360][ T3907] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  128.578360][ T3907]   inode = 12 2341
[  128.578360][ T3907]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  128.597337][ T3907] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  128.606633][ T3907] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3907 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3906] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3906] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3906] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3906] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3908], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3908
[pid  3906] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3908 attached
[pid  3908] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3908] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3908] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  128.616716][ T3907] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  128.625199][ T3907] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  128.633160][ T3907] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  128.642268][ T3907] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  128.649854][ T3907] gfs2: fsid=syz:syz.0: File system withdrawn
[  128.656123][ T3907] CPU: 0 PID: 3907 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  128.666565][ T3907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  128.676619][ T3907] Call Trace:
[  128.679898][ T3907]  <TASK>
[  128.682820][ T3907]  dump_stack_lvl+0x1b1/0x28e
[  128.687488][ T3907]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  128.692929][ T3907]  ? panic+0x710/0x710
[  128.697247][ T3907]  ? kobject_uevent_env+0x46b/0x8e0
[  128.702440][ T3907]  ? do_raw_spin_unlock+0x134/0x8a0
[  128.708758][ T3907]  gfs2_withdraw+0xf33/0x1540
[  128.713432][ T3907]  ? gfs2_lm+0x220/0x220
[  128.717656][ T3907]  ? gfs2_dirent_scan+0xb6/0x650
[  128.722583][ T3907]  ? panic+0x710/0x710
[  128.726635][ T3907]  ? gfs2_permission+0x2ff/0x430
[  128.731734][ T3907]  ? gfs2_consist_inode_i+0xf3/0x110
[  128.737177][ T3907]  gfs2_dirent_scan+0x535/0x650
[  128.742017][ T3907]  ? gfs2_dirent_search+0xb10/0xb10
[  128.747206][ T3907]  gfs2_dirent_search+0x2ea/0xb10
[  128.752219][ T3907]  ? gfs2_dirent_search+0xb10/0xb10
[  128.757408][ T3907]  ? gfs2_dir_search+0x2a0/0x2a0
[  128.762330][ T3907]  ? gfs2_permission+0x3bf/0x430
[  128.767256][ T3907]  gfs2_dir_search+0x8c/0x2a0
[  128.771923][ T3907]  ? do_filldir_main+0x530/0x530
[  128.776847][ T3907]  ? inode_go_held+0xe4/0x1f0
[  128.781516][ T3907]  ? gfs2_glock_wait+0x213/0x2a0
[  128.786448][ T3907]  gfs2_lookupi+0x465/0x650
[  128.790942][ T3907]  ? gfs2_lookup_simple+0x170/0x170
[  128.796131][ T3907]  ? __gfs2_lookup+0x8c/0x260
[  128.800803][ T3907]  __gfs2_lookup+0x8c/0x260
[  128.805328][ T3907]  ? gfs2_atomic_open+0x230/0x230
[  128.810342][ T3907]  ? __d_lookup+0x6a4/0x770
[  128.814830][ T3907]  ? d_hash_and_lookup+0x1c0/0x1c0
[  128.819928][ T3907]  gfs2_atomic_open+0xa4/0x230
[  128.824696][ T3907]  path_openat+0xf39/0x2df0
[  128.829194][ T3907]  ? gfs2_rename2+0x3000/0x3000
[  128.834039][ T3907]  ? do_filp_open+0x4f0/0x4f0
[  128.838711][ T3907]  do_filp_open+0x264/0x4f0
[  128.843203][ T3907]  ? vfs_tmpfile+0x490/0x490
[  128.847784][ T3907]  ? do_raw_spin_unlock+0x134/0x8a0
[  128.852972][ T3907]  ? _raw_spin_unlock+0x24/0x40
[  128.857849][ T3907]  ? alloc_fd+0x5a7/0x640
[  128.862192][ T3907]  do_sys_openat2+0x124/0x4e0
[  128.866875][ T3907]  ? print_irqtrace_events+0x220/0x220
[  128.872321][ T3907]  ? ptrace_stop+0x74d/0x970
[  128.876902][ T3907]  ? do_sys_open+0x220/0x220
[  128.881481][ T3907]  ? lockdep_hardirqs_on+0x8d/0x130
[  128.886665][ T3907]  ? _raw_spin_unlock_irq+0x2a/0x40
[  128.892030][ T3907]  ? ptrace_notify+0x245/0x340
[  128.896781][ T3907]  __x64_sys_openat+0x243/0x290
[  128.901628][ T3907]  ? __ia32_sys_open+0x270/0x270
[  128.906565][ T3907]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  128.912603][ T3907]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  128.918588][ T3907]  do_syscall_64+0x3d/0xb0
[  128.922996][ T3907]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  128.928879][ T3907] RIP: 0033:0x7fc8868064d9
[  128.933278][ T3907] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  128.952869][ T3907] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  128.961280][ T3907] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3908] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3907] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3907] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3906] exit_group(0 <unfinished ...>
[pid  3908] <... futex resumed>)        = ?
[pid  3906] <... exit_group resumed>)   = ?
[pid  3908] +++ exited with 0 +++
[pid  3907] <... futex resumed>)        = ?
[pid  3907] +++ exited with 0 +++
[pid  3906] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3906, si_uid=0, si_status=0, si_utime=0, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./89/binderfs")                 = 0
[  128.969252][ T3907] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  128.977238][ T3907] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  128.985204][ T3907] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  128.993160][ T3907] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  129.001160][ T3907]  </TASK>
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./89/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./89")                           = 0
mkdir("./90", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3909
./strace-static-x86_64: Process 3909 attached
[pid  3909] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3909] chdir("./90")               = 0
[pid  3909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3909] setpgid(0, 0)               = 0
[pid  3909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3909] write(3, "1000", 4)         = 4
[pid  3909] close(3)                    = 0
[pid  3909] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3909] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3909] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3909] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3910 attached
, parent_tid=[3910], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3910
[pid  3910] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3909] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3910] <... set_robust_list resumed>) = 0
[pid  3909] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3910] memfd_create("syzkaller", 0) = 3
[pid  3910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3910] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3910] munmap(0x7fc87e392000, 16777216) = 0
[pid  3910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3910] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3910] close(3)                    = 0
[pid  3910] mkdir("./file0", 0777)      = 0
[  129.320304][ T3910] loop0: detected capacity change from 0 to 32768
[  129.331215][ T3910] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  129.339386][ T3910] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  129.349335][ T3910] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  129.359905][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  129.366837][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3910] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3910] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3910] chdir("./file0")            = 0
[pid  3910] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3910] close(4)                    = 0
[pid  3910] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3909] <... futex resumed>)        = 0
[pid  3909] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3909] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3910] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3910] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3909] <... futex resumed>)        = 0
[pid  3909] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3909] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3910] <... futex resumed>)        = 1
[  129.403945][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  129.412853][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  129.418160][ T3910] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  129.442386][ T3910] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3910] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3909] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  129.451928][ T3910] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  129.451928][ T3910]   inode = 12 2341
[  129.451928][ T3910]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  129.471069][ T3910] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  129.480175][ T3910] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3910 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  129.490253][ T3910] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3909] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[  129.498751][ T3910] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  129.506075][ T3910] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  129.514966][ T3910] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  129.521626][ T3910] gfs2: fsid=syz:syz.0: File system withdrawn
[  129.527898][ T3910] CPU: 0 PID: 3910 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  129.538326][ T3910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  129.548375][ T3910] Call Trace:
[  129.551657][ T3910]  <TASK>
[pid  3909] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3909] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3911], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3911
[pid  3909] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3911 attached
[pid  3911] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3911] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3911] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  129.554578][ T3910]  dump_stack_lvl+0x1b1/0x28e
[  129.559251][ T3910]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  129.564707][ T3910]  ? panic+0x710/0x710
[  129.569552][ T3910]  ? kobject_uevent_env+0x46b/0x8e0
[  129.574764][ T3910]  ? do_raw_spin_unlock+0x134/0x8a0
[  129.579995][ T3910]  gfs2_withdraw+0xf33/0x1540
[  129.584684][ T3910]  ? gfs2_lm+0x220/0x220
[  129.588924][ T3910]  ? gfs2_dirent_scan+0xb6/0x650
[  129.593950][ T3910]  ? panic+0x710/0x710
[  129.598105][ T3910]  ? gfs2_permission+0x2ff/0x430
[  129.603502][ T3910]  ? gfs2_consist_inode_i+0xf3/0x110
[  129.608821][ T3910]  gfs2_dirent_scan+0x535/0x650
[  129.613702][ T3910]  ? gfs2_dirent_search+0xb10/0xb10
[  129.618932][ T3910]  gfs2_dirent_search+0x2ea/0xb10
[  129.624003][ T3910]  ? gfs2_dirent_search+0xb10/0xb10
[  129.629245][ T3910]  ? gfs2_dir_search+0x2a0/0x2a0
[  129.634206][ T3910]  ? gfs2_permission+0x3bf/0x430
[  129.639158][ T3910]  gfs2_dir_search+0x8c/0x2a0
[  129.643840][ T3910]  ? do_filldir_main+0x530/0x530
[  129.648776][ T3910]  ? inode_go_held+0xe4/0x1f0
[  129.653453][ T3910]  ? gfs2_glock_wait+0x213/0x2a0
[  129.658386][ T3910]  gfs2_lookupi+0x465/0x650
[  129.662890][ T3910]  ? gfs2_lookup_simple+0x170/0x170
[  129.668082][ T3910]  ? __gfs2_lookup+0x8c/0x260
[  129.672758][ T3910]  __gfs2_lookup+0x8c/0x260
[  129.677258][ T3910]  ? gfs2_atomic_open+0x230/0x230
[  129.682283][ T3910]  ? __d_lookup+0x6a4/0x770
[  129.686777][ T3910]  ? d_hash_and_lookup+0x1c0/0x1c0
[  129.691882][ T3910]  gfs2_atomic_open+0xa4/0x230
[  129.696648][ T3910]  path_openat+0xf39/0x2df0
[  129.701151][ T3910]  ? gfs2_rename2+0x3000/0x3000
[  129.706007][ T3910]  ? do_filp_open+0x4f0/0x4f0
[  129.710691][ T3910]  do_filp_open+0x264/0x4f0
[  129.715191][ T3910]  ? vfs_tmpfile+0x490/0x490
[  129.719779][ T3910]  ? do_raw_spin_unlock+0x134/0x8a0
[  129.724975][ T3910]  ? _raw_spin_unlock+0x24/0x40
[  129.729821][ T3910]  ? alloc_fd+0x5a7/0x640
[  129.734151][ T3910]  do_sys_openat2+0x124/0x4e0
[  129.738822][ T3910]  ? print_irqtrace_events+0x220/0x220
[  129.744268][ T3910]  ? ptrace_stop+0x74d/0x970
[  129.748852][ T3910]  ? do_sys_open+0x220/0x220
[  129.753524][ T3910]  ? lockdep_hardirqs_on+0x8d/0x130
[  129.758722][ T3910]  ? _raw_spin_unlock_irq+0x2a/0x40
[  129.763916][ T3910]  ? ptrace_notify+0x245/0x340
[  129.768671][ T3910]  __x64_sys_openat+0x243/0x290
[  129.773517][ T3910]  ? __ia32_sys_open+0x270/0x270
[  129.778449][ T3910]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  129.784434][ T3910]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  129.790412][ T3910]  do_syscall_64+0x3d/0xb0
[  129.794822][ T3910]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  129.800737][ T3910] RIP: 0033:0x7fc8868064d9
[  129.805149][ T3910] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  129.824768][ T3910] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  129.833183][ T3910] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  129.841163][ T3910] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3911] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3910] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3910] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3910] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3909] exit_group(0 <unfinished ...>
[pid  3910] <... futex resumed>)        = ?
[pid  3910] +++ exited with 0 +++
[pid  3909] <... exit_group resumed>)   = ?
[pid  3911] <... futex resumed>)        = ?
[pid  3911] +++ exited with 0 +++
[pid  3909] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3909, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./90/binderfs")                 = 0
[  129.849125][ T3910] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  129.857085][ T3910] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  129.865045][ T3910] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  129.873020][ T3910]  </TASK>
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./90/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./90")                           = 0
mkdir("./91", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3912
./strace-static-x86_64: Process 3912 attached
[pid  3912] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3912] chdir("./91")               = 0
[pid  3912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3912] setpgid(0, 0)               = 0
[pid  3912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3912] write(3, "1000", 4)         = 4
[pid  3912] close(3)                    = 0
[pid  3912] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3912] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3912] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3912] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3913 attached
 <unfinished ...>
[pid  3913] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3912] <... clone resumed>, parent_tid=[3913], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3913
[pid  3913] <... set_robust_list resumed>) = 0
[pid  3912] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3912] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3913] memfd_create("syzkaller", 0) = 3
[pid  3913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3913] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3913] munmap(0x7fc87e392000, 16777216) = 0
[pid  3913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3913] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3913] close(3)                    = 0
[pid  3913] mkdir("./file0", 0777)      = 0
[  130.166197][ T3913] loop0: detected capacity change from 0 to 32768
[  130.176045][ T3913] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  130.184565][ T3913] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  130.194573][ T3913] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  130.203418][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  130.210591][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3913] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3913] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3913] chdir("./file0")            = 0
[pid  3913] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3913] close(4)                    = 0
[pid  3913] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3912] <... futex resumed>)        = 0
[pid  3912] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3912] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3913] <... futex resumed>)        = 1
[pid  3913] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3913] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3912] <... futex resumed>)        = 0
[pid  3912] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3912] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3913] <... futex resumed>)        = 1
[  130.242761][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  130.250430][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  130.255684][ T3913] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  130.271342][ T3913] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  130.280390][ T3913] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  130.280390][ T3913]   inode = 12 2341
[pid  3913] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3912] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3912] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3912] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3912] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3914], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3914
[pid  3912] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3914 attached
[pid  3914] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3914] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3914] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  130.280390][ T3913]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  130.300361][ T3913] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  130.309684][ T3913] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3913 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  130.320157][ T3913] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  130.328649][ T3913] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  130.336281][ T3913] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  130.345638][ T3913] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  130.352412][ T3913] gfs2: fsid=syz:syz.0: File system withdrawn
[  130.358511][ T3913] CPU: 0 PID: 3913 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  130.368926][ T3913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  130.378969][ T3913] Call Trace:
[  130.382249][ T3913]  <TASK>
[  130.385189][ T3913]  dump_stack_lvl+0x1b1/0x28e
[  130.389962][ T3913]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  130.395411][ T3913]  ? panic+0x710/0x710
[  130.399561][ T3913]  ? kobject_uevent_env+0x46b/0x8e0
[  130.404762][ T3913]  ? do_raw_spin_unlock+0x134/0x8a0
[  130.409976][ T3913]  gfs2_withdraw+0xf33/0x1540
[  130.414672][ T3913]  ? gfs2_lm+0x220/0x220
[  130.418928][ T3913]  ? gfs2_dirent_scan+0xb6/0x650
[  130.423859][ T3913]  ? panic+0x710/0x710
[  130.427915][ T3913]  ? gfs2_permission+0x2ff/0x430
[  130.432856][ T3913]  ? gfs2_consist_inode_i+0xf3/0x110
[  130.438155][ T3913]  gfs2_dirent_scan+0x535/0x650
[pid  3914] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3912] exit_group(0 <unfinished ...>
[pid  3914] <... futex resumed>)        = ?
[pid  3912] <... exit_group resumed>)   = ?
[pid  3914] +++ exited with 0 +++
[  130.443003][ T3913]  ? gfs2_dirent_search+0xb10/0xb10
[  130.448205][ T3913]  gfs2_dirent_search+0x2ea/0xb10
[  130.453247][ T3913]  ? gfs2_dirent_search+0xb10/0xb10
[  130.458451][ T3913]  ? gfs2_dir_search+0x2a0/0x2a0
[  130.463399][ T3913]  ? gfs2_permission+0x3bf/0x430
[  130.468333][ T3913]  gfs2_dir_search+0x8c/0x2a0
[  130.473019][ T3913]  ? do_filldir_main+0x530/0x530
[  130.477969][ T3913]  ? inode_go_held+0xe4/0x1f0
[  130.482640][ T3913]  ? gfs2_glock_wait+0x213/0x2a0
[  130.487659][ T3913]  gfs2_lookupi+0x465/0x650
[  130.492167][ T3913]  ? gfs2_lookup_simple+0x170/0x170
[  130.497357][ T3913]  ? __gfs2_lookup+0x8c/0x260
[  130.502052][ T3913]  __gfs2_lookup+0x8c/0x260
[  130.506569][ T3913]  ? gfs2_atomic_open+0x230/0x230
[  130.511640][ T3913]  ? __d_lookup+0x6a4/0x770
[  130.516154][ T3913]  ? d_hash_and_lookup+0x1c0/0x1c0
[  130.521264][ T3913]  gfs2_atomic_open+0xa4/0x230
[  130.526072][ T3913]  path_openat+0xf39/0x2df0
[  130.530567][ T3913]  ? gfs2_rename2+0x3000/0x3000
[  130.535417][ T3913]  ? do_filp_open+0x4f0/0x4f0
[  130.540107][ T3913]  do_filp_open+0x264/0x4f0
[  130.544614][ T3913]  ? vfs_tmpfile+0x490/0x490
[  130.549213][ T3913]  ? do_raw_spin_unlock+0x134/0x8a0
[  130.554416][ T3913]  ? _raw_spin_unlock+0x24/0x40
[  130.559265][ T3913]  ? alloc_fd+0x5a7/0x640
[  130.563586][ T3913]  do_sys_openat2+0x124/0x4e0
[  130.568280][ T3913]  ? print_irqtrace_events+0x220/0x220
[  130.573727][ T3913]  ? ptrace_stop+0x74d/0x970
[  130.578304][ T3913]  ? do_sys_open+0x220/0x220
[  130.582884][ T3913]  ? lockdep_hardirqs_on+0x8d/0x130
[  130.588087][ T3913]  ? _raw_spin_unlock_irq+0x2a/0x40
[  130.593317][ T3913]  ? ptrace_notify+0x245/0x340
[  130.598084][ T3913]  __x64_sys_openat+0x243/0x290
[  130.602946][ T3913]  ? __ia32_sys_open+0x270/0x270
[  130.607888][ T3913]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  130.613877][ T3913]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  130.619845][ T3913]  do_syscall_64+0x3d/0xb0
[  130.624278][ T3913]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  130.630176][ T3913] RIP: 0033:0x7fc8868064d9
[  130.634575][ T3913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  130.654184][ T3913] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  130.662608][ T3913] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  130.670758][ T3913] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  130.678734][ T3913] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  130.686703][ T3913] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3913] <... openat resumed>)       = ?
[pid  3913] +++ exited with 0 +++
[pid  3912] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3912, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./91/binderfs")                 = 0
[  130.694683][ T3913] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  130.702681][ T3913]  </TASK>
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./91/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./91")                           = 0
mkdir("./92", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3915
./strace-static-x86_64: Process 3915 attached
[pid  3915] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3915] chdir("./92")               = 0
[pid  3915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3915] setpgid(0, 0)               = 0
[pid  3915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3915] write(3, "1000", 4)         = 4
[pid  3915] close(3)                    = 0
[pid  3915] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3915] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3915] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3915] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3916 attached
, parent_tid=[3916], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3916
[pid  3915] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3915] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3916] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3916] memfd_create("syzkaller", 0) = 3
[pid  3916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3916] munmap(0x7fc87e392000, 16777216) = 0
[pid  3916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3916] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3916] close(3)                    = 0
[pid  3916] mkdir("./file0", 0777)      = 0
[  130.990028][ T3916] loop0: detected capacity change from 0 to 32768
[  131.000620][ T3916] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  131.009109][ T3916] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  131.019819][ T3916] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  131.028840][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  131.035954][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3916] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3916] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3916] chdir("./file0")            = 0
[pid  3916] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3916] close(4)                    = 0
[pid  3916] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3916] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3915] <... futex resumed>)        = 0
[pid  3915] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3915] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3916] <... futex resumed>)        = 0
[pid  3916] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3916] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3915] <... futex resumed>)        = 0
[pid  3916] <... futex resumed>)        = 1
[pid  3915] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3916] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  131.077617][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 41ms
[  131.086355][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  131.091739][ T3916] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3915] <... futex resumed>)        = 0
[  131.118994][ T3916] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  131.127651][ T3916] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  131.127651][ T3916]   inode = 12 2341
[  131.127651][ T3916]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  131.146651][ T3916] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  131.155836][ T3916] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3916 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3915] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3915] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3915] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3915] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3917], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3917
[pid  3915] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3917 attached
[pid  3917] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3917] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3917] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  131.165939][ T3916] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  131.174541][ T3916] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  131.181788][ T3916] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  131.191302][ T3916] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  131.198080][ T3916] gfs2: fsid=syz:syz.0: File system withdrawn
[  131.204471][ T3916] CPU: 1 PID: 3916 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  131.214910][ T3916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  131.224986][ T3916] Call Trace:
[  131.228279][ T3916]  <TASK>
[  131.231220][ T3916]  dump_stack_lvl+0x1b1/0x28e
[  131.235895][ T3916]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  131.241350][ T3916]  ? panic+0x710/0x710
[  131.245429][ T3916]  ? kobject_uevent_env+0x46b/0x8e0
[  131.250649][ T3916]  ? do_raw_spin_unlock+0x134/0x8a0
[  131.255861][ T3916]  gfs2_withdraw+0xf33/0x1540
[  131.260541][ T3916]  ? gfs2_lm+0x220/0x220
[  131.264771][ T3916]  ? gfs2_dirent_scan+0xb6/0x650
[  131.269726][ T3916]  ? panic+0x710/0x710
[  131.273809][ T3916]  ? gfs2_permission+0x2ff/0x430
[  131.278761][ T3916]  ? gfs2_consist_inode_i+0xf3/0x110
[  131.284038][ T3916]  gfs2_dirent_scan+0x535/0x650
[  131.288896][ T3916]  ? gfs2_dirent_search+0xb10/0xb10
[  131.294092][ T3916]  gfs2_dirent_search+0x2ea/0xb10
[  131.299137][ T3916]  ? gfs2_dirent_search+0xb10/0xb10
[  131.304354][ T3916]  ? gfs2_dir_search+0x2a0/0x2a0
[  131.309372][ T3916]  ? gfs2_permission+0x3bf/0x430
[  131.314317][ T3916]  gfs2_dir_search+0x8c/0x2a0
[  131.318996][ T3916]  ? do_filldir_main+0x530/0x530
[  131.323930][ T3916]  ? inode_go_held+0xe4/0x1f0
[  131.328606][ T3916]  ? gfs2_glock_wait+0x213/0x2a0
[  131.333560][ T3916]  gfs2_lookupi+0x465/0x650
[  131.338067][ T3916]  ? gfs2_lookup_simple+0x170/0x170
[  131.343283][ T3916]  ? __gfs2_lookup+0x8c/0x260
[  131.347970][ T3916]  __gfs2_lookup+0x8c/0x260
[  131.352476][ T3916]  ? gfs2_atomic_open+0x230/0x230
[  131.357519][ T3916]  ? __d_lookup+0x6a4/0x770
[  131.362014][ T3916]  ? d_hash_and_lookup+0x1c0/0x1c0
[  131.367379][ T3916]  gfs2_atomic_open+0xa4/0x230
[  131.372144][ T3916]  path_openat+0xf39/0x2df0
[  131.376646][ T3916]  ? gfs2_rename2+0x3000/0x3000
[  131.381521][ T3916]  ? do_filp_open+0x4f0/0x4f0
[  131.386206][ T3916]  do_filp_open+0x264/0x4f0
[  131.390702][ T3916]  ? vfs_tmpfile+0x490/0x490
[  131.395296][ T3916]  ? do_raw_spin_unlock+0x134/0x8a0
[  131.400493][ T3916]  ? _raw_spin_unlock+0x24/0x40
[  131.405350][ T3916]  ? alloc_fd+0x5a7/0x640
[  131.409682][ T3916]  do_sys_openat2+0x124/0x4e0
[  131.414441][ T3916]  ? print_irqtrace_events+0x220/0x220
[  131.420065][ T3916]  ? ptrace_stop+0x74d/0x970
[  131.424671][ T3916]  ? do_sys_open+0x220/0x220
[  131.429259][ T3916]  ? lockdep_hardirqs_on+0x8d/0x130
[  131.434455][ T3916]  ? _raw_spin_unlock_irq+0x2a/0x40
[  131.439652][ T3916]  ? ptrace_notify+0x245/0x340
[  131.444886][ T3916]  __x64_sys_openat+0x243/0x290
[  131.449736][ T3916]  ? __ia32_sys_open+0x270/0x270
[  131.454673][ T3916]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  131.460655][ T3916]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  131.466639][ T3916]  do_syscall_64+0x3d/0xb0
[  131.471050][ T3916]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  131.476941][ T3916] RIP: 0033:0x7fc8868064d9
[  131.481352][ T3916] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  131.500957][ T3916] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  131.509364][ T3916] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3917] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3916] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3916] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3916] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3915] exit_group(0 <unfinished ...>
[pid  3917] <... futex resumed>)        = ?
[pid  3915] <... exit_group resumed>)   = ?
[pid  3916] <... futex resumed>)        = ?
[pid  3916] +++ exited with 0 +++
[pid  3917] +++ exited with 0 +++
[pid  3915] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3915, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./92/binderfs")                 = 0
[  131.517331][ T3916] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  131.525294][ T3916] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  131.533255][ T3916] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  131.541221][ T3916] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  131.549221][ T3916]  </TASK>
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./92/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./92")                           = 0
mkdir("./93", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3918
./strace-static-x86_64: Process 3918 attached
[pid  3918] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3918] chdir("./93")               = 0
[pid  3918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3918] setpgid(0, 0)               = 0
[pid  3918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3918] write(3, "1000", 4)         = 4
[pid  3918] close(3)                    = 0
[pid  3918] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3918] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3918] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3918] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3919], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3919
[pid  3918] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3918] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3919 attached
 <unfinished ...>
[pid  3919] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3919] memfd_create("syzkaller", 0) = 3
[pid  3919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3919] munmap(0x7fc87e392000, 16777216) = 0
[pid  3919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3919] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3919] close(3)                    = 0
[pid  3919] mkdir("./file0", 0777)      = 0
[  131.855918][ T3919] loop0: detected capacity change from 0 to 32768
[  131.867495][ T3919] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  131.876875][ T3919] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  131.886787][ T3919] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  131.895672][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  131.902612][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3919] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3919] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3919] chdir("./file0")            = 0
[pid  3919] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3919] close(4)                    = 0
[pid  3919] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3919] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3918] <... futex resumed>)        = 0
[pid  3918] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3918] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3919] <... futex resumed>)        = 0
[pid  3919] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3919] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3918] <... futex resumed>)        = 0
[pid  3919] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3918] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  131.938051][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  131.945615][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  131.951408][ T3919] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  131.977138][ T3919] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  131.985808][ T3919] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  131.985808][ T3919]   inode = 12 2341
[  131.985808][ T3919]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  132.005042][ T3919] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  132.015193][ T3919] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3919 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  132.025728][ T3919] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3918] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3918] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3918] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3918] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3920], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3920
[pid  3918] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3920 attached
[pid  3920] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3920] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3920] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  132.034624][ T3919] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  132.042787][ T3919] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  132.052282][ T3919] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  132.058845][ T3919] gfs2: fsid=syz:syz.0: File system withdrawn
[  132.065067][ T3919] CPU: 1 PID: 3919 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  132.075502][ T3919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  132.085576][ T3919] Call Trace:
[  132.088863][ T3919]  <TASK>
[  132.091800][ T3919]  dump_stack_lvl+0x1b1/0x28e
[  132.096588][ T3919]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  132.102068][ T3919]  ? panic+0x710/0x710
[  132.106146][ T3919]  ? kobject_uevent_env+0x46b/0x8e0
[  132.111420][ T3919]  ? do_raw_spin_unlock+0x134/0x8a0
[  132.116645][ T3919]  gfs2_withdraw+0xf33/0x1540
[  132.121383][ T3919]  ? gfs2_lm+0x220/0x220
[  132.125637][ T3919]  ? gfs2_dirent_scan+0xb6/0x650
[  132.130591][ T3919]  ? panic+0x710/0x710
[  132.134666][ T3919]  ? gfs2_permission+0x2ff/0x430
[pid  3920] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3918] exit_group(0 <unfinished ...>
[pid  3920] <... futex resumed>)        = ?
[pid  3918] <... exit_group resumed>)   = ?
[pid  3920] +++ exited with 0 +++
[  132.139604][ T3919]  ? gfs2_consist_inode_i+0xf3/0x110
[  132.144897][ T3919]  gfs2_dirent_scan+0x535/0x650
[  132.149766][ T3919]  ? gfs2_dirent_search+0xb10/0xb10
[  132.154974][ T3919]  gfs2_dirent_search+0x2ea/0xb10
[  132.160032][ T3919]  ? gfs2_dirent_search+0xb10/0xb10
[  132.165228][ T3919]  ? gfs2_dir_search+0x2a0/0x2a0
[  132.170167][ T3919]  ? gfs2_permission+0x3bf/0x430
[  132.175147][ T3919]  gfs2_dir_search+0x8c/0x2a0
[  132.179847][ T3919]  ? do_filldir_main+0x530/0x530
[  132.184790][ T3919]  ? inode_go_held+0xe4/0x1f0
[  132.189477][ T3919]  ? gfs2_glock_wait+0x213/0x2a0
[  132.194418][ T3919]  gfs2_lookupi+0x465/0x650
[  132.198932][ T3919]  ? gfs2_lookup_simple+0x170/0x170
[  132.204134][ T3919]  ? __gfs2_lookup+0x8c/0x260
[  132.208822][ T3919]  __gfs2_lookup+0x8c/0x260
[  132.213318][ T3919]  ? gfs2_atomic_open+0x230/0x230
[  132.218338][ T3919]  ? __d_lookup+0x6a4/0x770
[  132.222832][ T3919]  ? d_hash_and_lookup+0x1c0/0x1c0
[  132.227933][ T3919]  gfs2_atomic_open+0xa4/0x230
[  132.232693][ T3919]  path_openat+0xf39/0x2df0
[  132.237220][ T3919]  ? gfs2_rename2+0x3000/0x3000
[  132.242466][ T3919]  ? do_filp_open+0x4f0/0x4f0
[  132.247176][ T3919]  do_filp_open+0x264/0x4f0
[  132.251698][ T3919]  ? vfs_tmpfile+0x490/0x490
[  132.256294][ T3919]  ? do_raw_spin_unlock+0x134/0x8a0
[  132.261517][ T3919]  ? _raw_spin_unlock+0x24/0x40
[  132.266414][ T3919]  ? alloc_fd+0x5a7/0x640
[  132.270750][ T3919]  do_sys_openat2+0x124/0x4e0
[  132.275430][ T3919]  ? print_irqtrace_events+0x220/0x220
[  132.282642][ T3919]  ? ptrace_stop+0x74d/0x970
[  132.287243][ T3919]  ? do_sys_open+0x220/0x220
[  132.291826][ T3919]  ? lockdep_hardirqs_on+0x8d/0x130
[  132.297016][ T3919]  ? _raw_spin_unlock_irq+0x2a/0x40
[  132.302209][ T3919]  ? ptrace_notify+0x245/0x340
[  132.306961][ T3919]  __x64_sys_openat+0x243/0x290
[  132.311813][ T3919]  ? __ia32_sys_open+0x270/0x270
[  132.316758][ T3919]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  132.322732][ T3919]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  132.328713][ T3919]  do_syscall_64+0x3d/0xb0
[  132.333143][ T3919]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  132.339032][ T3919] RIP: 0033:0x7fc8868064d9
[  132.343440][ T3919] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  132.363045][ T3919] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  132.371450][ T3919] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  132.379419][ T3919] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3919] <... openat resumed>)       = ?
[pid  3919] +++ exited with 0 +++
[pid  3918] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3918, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./93/binderfs")                 = 0
[  132.387382][ T3919] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  132.395356][ T3919] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  132.403340][ T3919] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  132.411347][ T3919]  </TASK>
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./93/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./93")                           = 0
mkdir("./94", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3921
./strace-static-x86_64: Process 3921 attached
[pid  3921] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3921] chdir("./94")               = 0
[pid  3921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3921] setpgid(0, 0)               = 0
[pid  3921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3921] write(3, "1000", 4)         = 4
[pid  3921] close(3)                    = 0
[pid  3921] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3921] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3921] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3921] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3922], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3922
[pid  3921] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3921] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3922 attached
 <unfinished ...>
[pid  3922] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3922] memfd_create("syzkaller", 0) = 3
[pid  3922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3922] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3922] munmap(0x7fc87e392000, 16777216) = 0
[pid  3922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3922] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3922] close(3)                    = 0
[pid  3922] mkdir("./file0", 0777)      = 0
[  132.786645][ T3922] loop0: detected capacity change from 0 to 32768
[  132.800359][ T3922] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  132.808632][ T3922] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  132.819443][ T3922] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  132.828788][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  132.835921][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3922] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3922] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3922] chdir("./file0")            = 0
[pid  3922] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3922] close(4)                    = 0
[pid  3922] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3921] <... futex resumed>)        = 0
[pid  3922] <... futex resumed>)        = 1
[pid  3921] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3921] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3922] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3922] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3921] <... futex resumed>)        = 0
[pid  3921] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3921] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  132.891385][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 55ms
[  132.899331][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  132.904626][ T3922] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  132.934154][ T3922] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  132.942684][ T3922] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  132.942684][ T3922]   inode = 12 2341
[  132.942684][ T3922]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  132.961732][ T3922] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  132.971279][ T3922] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3922 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3922] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3921] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3921] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3921] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3921] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3923], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3923
[pid  3921] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3923 attached
[pid  3923] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3923] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3923] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  132.981612][ T3922] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  132.990170][ T3922] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  132.998771][ T3922] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  133.008362][ T3922] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  133.015157][ T3922] gfs2: fsid=syz:syz.0: File system withdrawn
[  133.021356][ T3922] CPU: 1 PID: 3922 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  133.031789][ T3922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  133.041856][ T3922] Call Trace:
[  133.045145][ T3922]  <TASK>
[  133.048083][ T3922]  dump_stack_lvl+0x1b1/0x28e
[  133.052783][ T3922]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  133.058256][ T3922]  ? panic+0x710/0x710
[  133.062336][ T3922]  ? kobject_uevent_env+0x46b/0x8e0
[  133.067546][ T3922]  ? do_raw_spin_unlock+0x134/0x8a0
[  133.072766][ T3922]  gfs2_withdraw+0xf33/0x1540
[  133.077475][ T3922]  ? gfs2_lm+0x220/0x220
[  133.081727][ T3922]  ? gfs2_dirent_scan+0xb6/0x650
[  133.086682][ T3922]  ? panic+0x710/0x710
[  133.090761][ T3922]  ? gfs2_permission+0x2ff/0x430
[  133.095716][ T3922]  ? gfs2_consist_inode_i+0xf3/0x110
[  133.101027][ T3922]  gfs2_dirent_scan+0x535/0x650
[  133.105898][ T3922]  ? gfs2_dirent_search+0xb10/0xb10
[  133.111126][ T3922]  gfs2_dirent_search+0x2ea/0xb10
[  133.116849][ T3922]  ? gfs2_dirent_search+0xb10/0xb10
[  133.122046][ T3922]  ? gfs2_dir_search+0x2a0/0x2a0
[  133.126981][ T3922]  ? gfs2_permission+0x3bf/0x430
[  133.131919][ T3922]  gfs2_dir_search+0x8c/0x2a0
[  133.136597][ T3922]  ? do_filldir_main+0x530/0x530
[  133.141530][ T3922]  ? inode_go_held+0xe4/0x1f0
[  133.146214][ T3922]  ? gfs2_glock_wait+0x213/0x2a0
[  133.151234][ T3922]  gfs2_lookupi+0x465/0x650
[  133.155740][ T3922]  ? gfs2_lookup_simple+0x170/0x170
[  133.160934][ T3922]  ? __gfs2_lookup+0x8c/0x260
[  133.165616][ T3922]  __gfs2_lookup+0x8c/0x260
[  133.170125][ T3922]  ? gfs2_atomic_open+0x230/0x230
[  133.175151][ T3922]  ? __d_lookup+0x6a4/0x770
[  133.179648][ T3922]  ? d_hash_and_lookup+0x1c0/0x1c0
[  133.186143][ T3922]  gfs2_atomic_open+0xa4/0x230
[  133.190905][ T3922]  path_openat+0xf39/0x2df0
[  133.195408][ T3922]  ? gfs2_rename2+0x3000/0x3000
[  133.200283][ T3922]  ? do_filp_open+0x4f0/0x4f0
[  133.204971][ T3922]  do_filp_open+0x264/0x4f0
[  133.209468][ T3922]  ? vfs_tmpfile+0x490/0x490
[  133.214059][ T3922]  ? do_raw_spin_unlock+0x134/0x8a0
[  133.219256][ T3922]  ? _raw_spin_unlock+0x24/0x40
[  133.224106][ T3922]  ? alloc_fd+0x5a7/0x640
[  133.228437][ T3922]  do_sys_openat2+0x124/0x4e0
[  133.233110][ T3922]  ? print_irqtrace_events+0x220/0x220
[  133.238557][ T3922]  ? ptrace_stop+0x74d/0x970
[  133.243143][ T3922]  ? do_sys_open+0x220/0x220
[  133.247730][ T3922]  ? lockdep_hardirqs_on+0x8d/0x130
[  133.252958][ T3922]  ? _raw_spin_unlock_irq+0x2a/0x40
[  133.258151][ T3922]  ? ptrace_notify+0x245/0x340
[  133.262908][ T3922]  __x64_sys_openat+0x243/0x290
[  133.267848][ T3922]  ? __ia32_sys_open+0x270/0x270
[  133.273477][ T3922]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  133.279453][ T3922]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  133.285430][ T3922]  do_syscall_64+0x3d/0xb0
[  133.289839][ T3922]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  133.295722][ T3922] RIP: 0033:0x7fc8868064d9
[  133.300128][ T3922] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  133.319727][ T3922] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  133.328138][ T3922] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3923] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3922] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3922] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3922] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3921] exit_group(0 <unfinished ...>
[pid  3923] <... futex resumed>)        = ?
[pid  3922] <... futex resumed>)        = ?
[pid  3921] <... exit_group resumed>)   = ?
[pid  3923] +++ exited with 0 +++
[pid  3922] +++ exited with 0 +++
[pid  3921] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3921, si_uid=0, si_status=0, si_utime=1, si_stime=34} ---
umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./94/binderfs")                 = 0
[  133.336101][ T3922] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  133.344061][ T3922] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  133.352023][ T3922] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  133.359985][ T3922] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  133.367959][ T3922]  </TASK>
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./94/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./94")                           = 0
mkdir("./95", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3924
./strace-static-x86_64: Process 3924 attached
[pid  3924] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3924] chdir("./95")               = 0
[pid  3924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3924] setpgid(0, 0)               = 0
[pid  3924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3924] write(3, "1000", 4)         = 4
[pid  3924] close(3)                    = 0
[pid  3924] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3924] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3924] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3924] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3925], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3925
./strace-static-x86_64: Process 3925 attached
[pid  3924] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3924] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3925] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3925] memfd_create("syzkaller", 0) = 3
[pid  3925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3925] munmap(0x7fc87e392000, 16777216) = 0
[pid  3925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3925] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3925] close(3)                    = 0
[pid  3925] mkdir("./file0", 0777)      = 0
[  133.744864][ T3925] loop0: detected capacity change from 0 to 32768
[  133.754923][ T3925] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  133.763175][ T3925] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  133.773186][ T3925] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  133.781805][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  133.788608][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3925] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3925] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3925] chdir("./file0")            = 0
[pid  3925] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3925] close(4)                    = 0
[pid  3925] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3925] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3924] <... futex resumed>)        = 0
[pid  3924] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3924] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3925] <... futex resumed>)        = 0
[pid  3925] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3925] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3924] <... futex resumed>)        = 0
[pid  3925] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  133.825823][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  133.833387][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  133.838653][ T3925] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3924] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  133.872299][ T3925] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  133.881353][ T3925] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  133.881353][ T3925]   inode = 12 2341
[  133.881353][ T3925]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  133.900152][ T3925] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  133.909227][ T3925] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3925 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3924] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3924] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3924] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3924] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3926], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3926
[pid  3924] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3926 attached
[pid  3926] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3926] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3926] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  133.921314][ T3925] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  133.929840][ T3925] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  133.937150][ T3925] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  133.946429][ T3925] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  133.954755][ T3925] gfs2: fsid=syz:syz.0: File system withdrawn
[  133.960975][ T3925] CPU: 1 PID: 3925 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  133.971407][ T3925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  133.981483][ T3925] Call Trace:
[  133.984768][ T3925]  <TASK>
[  133.987686][ T3925]  dump_stack_lvl+0x1b1/0x28e
[  133.992369][ T3925]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  133.997846][ T3925]  ? panic+0x710/0x710
[  134.001934][ T3925]  ? kobject_uevent_env+0x46b/0x8e0
[  134.007142][ T3925]  ? do_raw_spin_unlock+0x134/0x8a0
[  134.012339][ T3925]  gfs2_withdraw+0xf33/0x1540
[  134.017018][ T3925]  ? gfs2_lm+0x220/0x220
[  134.021252][ T3925]  ? gfs2_dirent_scan+0xb6/0x650
[  134.026190][ T3925]  ? panic+0x710/0x710
[  134.030275][ T3925]  ? gfs2_permission+0x2ff/0x430
[  134.035222][ T3925]  ? gfs2_consist_inode_i+0xf3/0x110
[  134.040502][ T3925]  gfs2_dirent_scan+0x535/0x650
[  134.045362][ T3925]  ? gfs2_dirent_search+0xb10/0xb10
[  134.050576][ T3925]  gfs2_dirent_search+0x2ea/0xb10
[  134.055598][ T3925]  ? gfs2_dirent_search+0xb10/0xb10
[  134.060795][ T3925]  ? gfs2_dir_search+0x2a0/0x2a0
[  134.065723][ T3925]  ? gfs2_permission+0x3bf/0x430
[  134.070662][ T3925]  gfs2_dir_search+0x8c/0x2a0
[  134.075334][ T3925]  ? do_filldir_main+0x530/0x530
[  134.080271][ T3925]  ? inode_go_held+0xe4/0x1f0
[  134.084955][ T3925]  ? gfs2_glock_wait+0x213/0x2a0
[  134.089895][ T3925]  gfs2_lookupi+0x465/0x650
[  134.094400][ T3925]  ? gfs2_lookup_simple+0x170/0x170
[  134.099594][ T3925]  ? __gfs2_lookup+0x8c/0x260
[  134.104272][ T3925]  __gfs2_lookup+0x8c/0x260
[  134.108768][ T3925]  ? gfs2_atomic_open+0x230/0x230
[  134.113811][ T3925]  ? __d_lookup+0x6a4/0x770
[  134.118316][ T3925]  ? d_hash_and_lookup+0x1c0/0x1c0
[  134.123419][ T3925]  gfs2_atomic_open+0xa4/0x230
[  134.128184][ T3925]  path_openat+0xf39/0x2df0
[  134.132685][ T3925]  ? gfs2_rename2+0x3000/0x3000
[  134.137543][ T3925]  ? do_filp_open+0x4f0/0x4f0
[  134.142224][ T3925]  do_filp_open+0x264/0x4f0
[  134.146719][ T3925]  ? vfs_tmpfile+0x490/0x490
[  134.151311][ T3925]  ? do_raw_spin_unlock+0x134/0x8a0
[  134.156507][ T3925]  ? _raw_spin_unlock+0x24/0x40
[  134.161354][ T3925]  ? alloc_fd+0x5a7/0x640
[  134.165688][ T3925]  do_sys_openat2+0x124/0x4e0
[  134.170361][ T3925]  ? print_irqtrace_events+0x220/0x220
[  134.175810][ T3925]  ? ptrace_stop+0x74d/0x970
[  134.180397][ T3925]  ? do_sys_open+0x220/0x220
[  134.184984][ T3925]  ? lockdep_hardirqs_on+0x8d/0x130
[  134.190178][ T3925]  ? _raw_spin_unlock_irq+0x2a/0x40
[  134.195389][ T3925]  ? ptrace_notify+0x245/0x340
[  134.200235][ T3925]  __x64_sys_openat+0x243/0x290
[  134.205080][ T3925]  ? __ia32_sys_open+0x270/0x270
[  134.210012][ T3925]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  134.215986][ T3925]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  134.221958][ T3925]  do_syscall_64+0x3d/0xb0
[  134.226369][ T3925]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  134.232254][ T3925] RIP: 0033:0x7fc8868064d9
[  134.236657][ T3925] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  134.256252][ T3925] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  134.264657][ T3925] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3926] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3925] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3925] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3925] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3924] exit_group(0 <unfinished ...>
[pid  3926] <... futex resumed>)        = ?
[pid  3925] <... futex resumed>)        = ?
[pid  3926] +++ exited with 0 +++
[pid  3925] +++ exited with 0 +++
[pid  3924] <... exit_group resumed>)   = ?
[pid  3924] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3924, si_uid=0, si_status=0, si_utime=5, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./95/binderfs")                 = 0
[  134.272618][ T3925] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  134.280577][ T3925] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  134.288539][ T3925] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  134.296501][ T3925] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  134.304494][ T3925]  </TASK>
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./95/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./95")                           = 0
mkdir("./96", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3927
./strace-static-x86_64: Process 3927 attached
[pid  3927] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3927] chdir("./96")               = 0
[pid  3927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3927] setpgid(0, 0)               = 0
[pid  3927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3927] write(3, "1000", 4)         = 4
[pid  3927] close(3)                    = 0
[pid  3927] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3927] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3927] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3927] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3928 attached
, parent_tid=[3928], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3928
[pid  3928] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3927] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3928] <... set_robust_list resumed>) = 0
[pid  3927] <... futex resumed>)        = 0
[pid  3928] memfd_create("syzkaller", 0 <unfinished ...>
[pid  3927] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3928] <... memfd_create resumed>) = 3
[pid  3928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3928] munmap(0x7fc87e392000, 16777216) = 0
[pid  3928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3928] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3928] close(3)                    = 0
[pid  3928] mkdir("./file0", 0777)      = 0
[  134.630796][ T3928] loop0: detected capacity change from 0 to 32768
[  134.640598][ T3928] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  134.648850][ T3928] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  134.659288][ T3928] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  134.668261][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  134.675371][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3928] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3928] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3928] chdir("./file0")            = 0
[pid  3928] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3928] close(4)                    = 0
[pid  3928] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3927] <... futex resumed>)        = 0
[pid  3928] <... futex resumed>)        = 1
[pid  3927] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3928] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3927] <... futex resumed>)        = 0
[pid  3927] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3928] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3928] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3927] <... futex resumed>)        = 0
[pid  3928] <... futex resumed>)        = 1
[pid  3927] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3927] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  134.710586][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  134.718094][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  134.723628][ T3928] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  134.746501][ T3928] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3928] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3927] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3927] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3927] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3927] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3929], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3929
[pid  3927] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3929 attached
[pid  3929] set_robust_list(0x7fc87f3919e0, 24) = 0
[  134.754945][ T3928] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  134.754945][ T3928]   inode = 12 2341
[  134.754945][ T3928]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  134.774345][ T3928] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  134.784590][ T3928] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3928 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  134.795117][ T3928] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  134.801545][ T3929] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  134.805267][ T3928] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  134.813029][ T3929] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  134.820853][ T3928] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  134.829368][ T3929] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3928 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  134.838469][ T3928] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  134.848182][ T3929] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3929 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  134.855065][ T3928] gfs2: fsid=syz:syz.0: File system withdrawn
[  134.865419][ T3929] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  134.871544][ T3928] CPU: 1 PID: 3928 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  134.889625][ T3928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  134.899675][ T3928] Call Trace:
[  134.902947][ T3928]  <TASK>
[  134.905875][ T3928]  dump_stack_lvl+0x1b1/0x28e
[  134.910552][ T3928]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  134.916006][ T3928]  ? panic+0x710/0x710
[  134.920072][ T3928]  ? kobject_uevent_env+0x46b/0x8e0
[  134.925269][ T3928]  ? do_raw_spin_unlock+0x134/0x8a0
[  134.930469][ T3928]  gfs2_withdraw+0xf33/0x1540
[  134.935152][ T3928]  ? gfs2_lm+0x220/0x220
[  134.939386][ T3928]  ? gfs2_dirent_scan+0xb6/0x650
[  134.944318][ T3928]  ? panic+0x710/0x710
[  134.948380][ T3928]  ? gfs2_permission+0x2ff/0x430
[  134.953322][ T3928]  ? gfs2_consist_inode_i+0xf3/0x110
[  134.958606][ T3928]  gfs2_dirent_scan+0x535/0x650
[  134.963457][ T3928]  ? gfs2_dirent_search+0xb10/0xb10
[  134.968658][ T3928]  gfs2_dirent_search+0x2ea/0xb10
[  134.973683][ T3928]  ? gfs2_dirent_search+0xb10/0xb10
[  134.978881][ T3928]  ? gfs2_dir_search+0x2a0/0x2a0
[  134.983814][ T3928]  ? gfs2_permission+0x3bf/0x430
[  134.988751][ T3928]  gfs2_dir_search+0x8c/0x2a0
[  134.993427][ T3928]  ? do_filldir_main+0x530/0x530
[  134.998361][ T3928]  ? inode_go_held+0xe4/0x1f0
[  135.003035][ T3928]  ? gfs2_glock_wait+0x213/0x2a0
[  135.007968][ T3928]  gfs2_lookupi+0x465/0x650
[  135.012475][ T3928]  ? gfs2_lookup_simple+0x170/0x170
[  135.017787][ T3928]  ? __gfs2_lookup+0x8c/0x260
[  135.022467][ T3928]  __gfs2_lookup+0x8c/0x260
[  135.026964][ T3928]  ? gfs2_atomic_open+0x230/0x230
[  135.031985][ T3928]  ? __d_lookup+0x6a4/0x770
[  135.036483][ T3928]  ? d_hash_and_lookup+0x1c0/0x1c0
[  135.041587][ T3928]  gfs2_atomic_open+0xa4/0x230
[  135.046352][ T3928]  path_openat+0xf39/0x2df0
[  135.050878][ T3928]  ? gfs2_rename2+0x3000/0x3000
[  135.055741][ T3928]  ? do_filp_open+0x4f0/0x4f0
[  135.060423][ T3928]  do_filp_open+0x264/0x4f0
[  135.064916][ T3928]  ? vfs_tmpfile+0x490/0x490
[  135.069508][ T3928]  ? do_raw_spin_unlock+0x134/0x8a0
[  135.074792][ T3928]  ? _raw_spin_unlock+0x24/0x40
[  135.079640][ T3928]  ? alloc_fd+0x5a7/0x640
[  135.083973][ T3928]  do_sys_openat2+0x124/0x4e0
[  135.088645][ T3928]  ? print_irqtrace_events+0x220/0x220
[  135.094097][ T3928]  ? ptrace_stop+0x74d/0x970
[  135.098684][ T3928]  ? do_sys_open+0x220/0x220
[  135.103287][ T3928]  ? lockdep_hardirqs_on+0x8d/0x130
[  135.108486][ T3928]  ? _raw_spin_unlock_irq+0x2a/0x40
[  135.113686][ T3928]  ? ptrace_notify+0x245/0x340
[  135.118452][ T3928]  __x64_sys_openat+0x243/0x290
[  135.123298][ T3928]  ? __ia32_sys_open+0x270/0x270
[  135.128236][ T3928]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  135.134211][ T3928]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  135.140186][ T3928]  do_syscall_64+0x3d/0xb0
[  135.144602][ T3928]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.150486][ T3928] RIP: 0033:0x7fc8868064d9
[  135.154897][ T3928] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  135.174501][ T3928] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  135.182910][ T3928] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  135.190872][ T3928] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  135.198837][ T3928] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3929] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3928] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3928] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3928] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3929] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3929] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3929] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3927] exit_group(0 <unfinished ...>
[pid  3928] <... futex resumed>)        = ?
[pid  3927] <... exit_group resumed>)   = ?
[pid  3929] <... futex resumed>)        = ?
[pid  3928] +++ exited with 0 +++
[pid  3929] +++ exited with 0 +++
[pid  3927] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3927, si_uid=0, si_status=0, si_utime=0, si_stime=40} ---
umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./96/binderfs")                 = 0
[  135.206802][ T3928] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  135.214769][ T3928] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  135.222748][ T3928]  </TASK>
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./96/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./96")                           = 0
mkdir("./97", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3930
./strace-static-x86_64: Process 3930 attached
[pid  3930] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3930] chdir("./97")               = 0
[pid  3930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3930] setpgid(0, 0)               = 0
[pid  3930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3930] write(3, "1000", 4)         = 4
[pid  3930] close(3)                    = 0
[pid  3930] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3930] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3930] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3930] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3931], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3931
[pid  3930] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3930] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3931 attached
 <unfinished ...>
[pid  3931] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3931] memfd_create("syzkaller", 0) = 3
[pid  3931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3931] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3931] munmap(0x7fc87e392000, 16777216) = 0
[pid  3931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3931] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3931] close(3)                    = 0
[pid  3931] mkdir("./file0", 0777)      = 0
[  135.522571][ T3931] loop0: detected capacity change from 0 to 32768
[  135.533201][ T3931] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  135.541641][ T3931] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  135.551942][ T3931] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  135.560827][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  135.567843][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3931] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3931] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3931] chdir("./file0")            = 0
[pid  3931] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3931] close(4)                    = 0
[pid  3931] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3930] <... futex resumed>)        = 0
[pid  3930] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3930] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3931] <... futex resumed>)        = 1
[pid  3931] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3931] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3930] <... futex resumed>)        = 0
[pid  3930] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3930] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3931] <... futex resumed>)        = 1
[  135.603128][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  135.610907][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  135.616420][ T3931] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  135.642460][ T3931] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3931] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3930] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3930] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3930] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3930] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3932], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3932
[  135.650999][ T3931] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  135.650999][ T3931]   inode = 12 2341
[  135.650999][ T3931]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  135.670514][ T3931] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  135.679572][ T3931] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3931 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  135.690121][ T3931] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3930] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3932 attached
[pid  3932] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3932] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3932] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  135.698639][ T3931] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  135.705933][ T3931] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  135.714784][ T3931] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  135.721454][ T3931] gfs2: fsid=syz:syz.0: File system withdrawn
[  135.727627][ T3931] CPU: 0 PID: 3931 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  135.738037][ T3931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  135.748098][ T3931] Call Trace:
[  135.751384][ T3931]  <TASK>
[  135.754328][ T3931]  dump_stack_lvl+0x1b1/0x28e
[  135.759000][ T3931]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  135.764461][ T3931]  ? panic+0x710/0x710
[  135.768537][ T3931]  ? kobject_uevent_env+0x46b/0x8e0
[  135.773756][ T3931]  ? do_raw_spin_unlock+0x134/0x8a0
[  135.778973][ T3931]  gfs2_withdraw+0xf33/0x1540
[  135.783673][ T3931]  ? gfs2_lm+0x220/0x220
[  135.787933][ T3931]  ? gfs2_dirent_scan+0xb6/0x650
[  135.792882][ T3931]  ? panic+0x710/0x710
[  135.796954][ T3931]  ? gfs2_permission+0x2ff/0x430
[  135.801920][ T3931]  ? gfs2_consist_inode_i+0xf3/0x110
[  135.807215][ T3931]  gfs2_dirent_scan+0x535/0x650
[  135.812061][ T3931]  ? gfs2_dirent_search+0xb10/0xb10
[  135.817253][ T3931]  gfs2_dirent_search+0x2ea/0xb10
[  135.822271][ T3931]  ? gfs2_dirent_search+0xb10/0xb10
[  135.827491][ T3931]  ? gfs2_dir_search+0x2a0/0x2a0
[  135.832443][ T3931]  ? gfs2_permission+0x3bf/0x430
[  135.837389][ T3931]  gfs2_dir_search+0x8c/0x2a0
[  135.842077][ T3931]  ? do_filldir_main+0x530/0x530
[  135.847011][ T3931]  ? inode_go_held+0xe4/0x1f0
[  135.851702][ T3931]  ? gfs2_glock_wait+0x213/0x2a0
[  135.856636][ T3931]  gfs2_lookupi+0x465/0x650
[  135.861142][ T3931]  ? gfs2_lookup_simple+0x170/0x170
[  135.866338][ T3931]  ? __gfs2_lookup+0x8c/0x260
[  135.871017][ T3931]  __gfs2_lookup+0x8c/0x260
[  135.875517][ T3931]  ? gfs2_atomic_open+0x230/0x230
[  135.880546][ T3931]  ? __d_lookup+0x6a4/0x770
[  135.885055][ T3931]  ? d_hash_and_lookup+0x1c0/0x1c0
[  135.890158][ T3931]  gfs2_atomic_open+0xa4/0x230
[  135.894920][ T3931]  path_openat+0xf39/0x2df0
[  135.899444][ T3931]  ? gfs2_rename2+0x3000/0x3000
[  135.904326][ T3931]  ? do_filp_open+0x4f0/0x4f0
[  135.909025][ T3931]  do_filp_open+0x264/0x4f0
[  135.913529][ T3931]  ? vfs_tmpfile+0x490/0x490
[  135.918120][ T3931]  ? do_raw_spin_unlock+0x134/0x8a0
[  135.923319][ T3931]  ? _raw_spin_unlock+0x24/0x40
[  135.928164][ T3931]  ? alloc_fd+0x5a7/0x640
[  135.932502][ T3931]  do_sys_openat2+0x124/0x4e0
[  135.937171][ T3931]  ? print_irqtrace_events+0x220/0x220
[  135.942618][ T3931]  ? ptrace_stop+0x74d/0x970
[  135.947204][ T3931]  ? do_sys_open+0x220/0x220
[  135.952138][ T3931]  ? lockdep_hardirqs_on+0x8d/0x130
[  135.957417][ T3931]  ? _raw_spin_unlock_irq+0x2a/0x40
[  135.962701][ T3931]  ? ptrace_notify+0x245/0x340
[  135.967459][ T3931]  __x64_sys_openat+0x243/0x290
[  135.972306][ T3931]  ? __ia32_sys_open+0x270/0x270
[  135.977325][ T3931]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  135.983299][ T3931]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  135.989275][ T3931]  do_syscall_64+0x3d/0xb0
[  135.993683][ T3931]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  135.999567][ T3931] RIP: 0033:0x7fc8868064d9
[  136.003974][ T3931] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  136.023583][ T3931] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  136.031993][ T3931] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  136.039955][ T3931] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3932] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3931] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3931] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3931] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3930] exit_group(0 <unfinished ...>
[pid  3932] <... futex resumed>)        = ?
[pid  3931] <... futex resumed>)        = ?
[pid  3930] <... exit_group resumed>)   = ?
[pid  3931] +++ exited with 0 +++
[pid  3932] +++ exited with 0 +++
[pid  3930] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3930, si_uid=0, si_status=0, si_utime=1, si_stime=28} ---
umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./97/binderfs")                 = 0
[  136.047917][ T3931] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  136.055879][ T3931] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  136.063841][ T3931] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  136.072770][ T3931]  </TASK>
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./97/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./97")                           = 0
mkdir("./98", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3933
./strace-static-x86_64: Process 3933 attached
[pid  3933] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3933] chdir("./98")               = 0
[pid  3933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3933] setpgid(0, 0)               = 0
[pid  3933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3933] write(3, "1000", 4)         = 4
[pid  3933] close(3)                    = 0
[pid  3933] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3933] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3933] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3933] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3934], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3934
[pid  3933] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3933] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3934 attached
 <unfinished ...>
[pid  3934] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3934] memfd_create("syzkaller", 0) = 3
[pid  3934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3934] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3934] munmap(0x7fc87e392000, 16777216) = 0
[pid  3934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3934] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3934] close(3)                    = 0
[pid  3934] mkdir("./file0", 0777)      = 0
[  136.393985][ T3934] loop0: detected capacity change from 0 to 32768
[  136.403728][ T3934] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  136.412749][ T3934] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  136.422594][ T3934] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  136.431586][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  136.438358][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3934] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3934] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3934] chdir("./file0")            = 0
[pid  3934] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3934] close(4)                    = 0
[pid  3934] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3933] <... futex resumed>)        = 0
[pid  3933] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3933] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3934] <... futex resumed>)        = 1
[pid  3934] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3934] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3933] <... futex resumed>)        = 0
[pid  3933] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3933] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3934] <... futex resumed>)        = 1
[  136.472940][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  136.480522][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  136.485773][ T3934] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  136.500490][ T3934] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  136.509318][ T3934] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  136.509318][ T3934]   inode = 12 2341
[pid  3934] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3933] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3933] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3933] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3933] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3933] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3935], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3935
[pid  3933] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3935 attached
[pid  3935] set_robust_list(0x7fc87f3919e0, 24) = 0
[  136.509318][ T3934]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  136.528586][ T3934] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  136.539114][ T3934] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3934 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  136.549531][ T3934] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  136.556736][ T3935] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  136.559358][ T3934] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  136.566704][ T3935] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  136.573798][ T3934] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  136.583131][ T3935] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3934 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  136.591628][ T3934] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  136.602036][ T3935] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3935 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  136.609816][ T3934] gfs2: fsid=syz:syz.0: File system withdrawn
[  136.618366][ T3935] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  136.624172][ T3934] CPU: 1 PID: 3934 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  136.643043][ T3934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  136.653102][ T3934] Call Trace:
[  136.656384][ T3934]  <TASK>
[  136.659316][ T3934]  dump_stack_lvl+0x1b1/0x28e
[  136.663994][ T3934]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  136.669442][ T3934]  ? panic+0x710/0x710
[  136.673503][ T3934]  ? kobject_uevent_env+0x46b/0x8e0
[  136.678714][ T3934]  ? do_raw_spin_unlock+0x134/0x8a0
[  136.683938][ T3934]  gfs2_withdraw+0xf33/0x1540
[  136.688663][ T3934]  ? gfs2_lm+0x220/0x220
[  136.692918][ T3934]  ? gfs2_dirent_scan+0xb6/0x650
[  136.697873][ T3934]  ? panic+0x710/0x710
[  136.701944][ T3934]  ? gfs2_permission+0x2ff/0x430
[  136.706885][ T3934]  ? gfs2_consist_inode_i+0xf3/0x110
[  136.712180][ T3934]  gfs2_dirent_scan+0x535/0x650
[  136.717023][ T3934]  ? gfs2_dirent_search+0xb10/0xb10
[pid  3935] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3933] exit_group(0)               = ?
[  136.722229][ T3934]  gfs2_dirent_search+0x2ea/0xb10
[  136.727267][ T3934]  ? gfs2_dirent_search+0xb10/0xb10
[  136.732462][ T3934]  ? gfs2_dir_search+0x2a0/0x2a0
[  136.737388][ T3934]  ? gfs2_permission+0x3bf/0x430
[  136.742335][ T3934]  gfs2_dir_search+0x8c/0x2a0
[  136.747006][ T3934]  ? do_filldir_main+0x530/0x530
[  136.751943][ T3934]  ? inode_go_held+0xe4/0x1f0
[  136.756648][ T3934]  ? gfs2_glock_wait+0x213/0x2a0
[  136.762114][ T3934]  gfs2_lookupi+0x465/0x650
[  136.766618][ T3934]  ? gfs2_lookup_simple+0x170/0x170
[  136.771811][ T3934]  ? __gfs2_lookup+0x8c/0x260
[  136.776483][ T3934]  __gfs2_lookup+0x8c/0x260
[  136.780995][ T3934]  ? gfs2_atomic_open+0x230/0x230
[  136.786027][ T3934]  ? __d_lookup+0x6a4/0x770
[  136.790615][ T3934]  ? d_hash_and_lookup+0x1c0/0x1c0
[  136.795744][ T3934]  gfs2_atomic_open+0xa4/0x230
[  136.800519][ T3934]  path_openat+0xf39/0x2df0
[  136.805034][ T3934]  ? gfs2_rename2+0x3000/0x3000
[  136.809890][ T3934]  ? do_filp_open+0x4f0/0x4f0
[  136.814589][ T3934]  do_filp_open+0x264/0x4f0
[  136.819101][ T3934]  ? vfs_tmpfile+0x490/0x490
[  136.823689][ T3934]  ? do_raw_spin_unlock+0x134/0x8a0
[  136.828898][ T3934]  ? _raw_spin_unlock+0x24/0x40
[  136.833746][ T3934]  ? alloc_fd+0x5a7/0x640
[  136.838087][ T3934]  do_sys_openat2+0x124/0x4e0
[  136.842780][ T3934]  ? print_irqtrace_events+0x220/0x220
[  136.848230][ T3934]  ? ptrace_stop+0x74d/0x970
[  136.852817][ T3934]  ? do_sys_open+0x220/0x220
[  136.857428][ T3934]  ? lockdep_hardirqs_on+0x8d/0x130
[  136.862642][ T3934]  ? _raw_spin_unlock_irq+0x2a/0x40
[  136.867837][ T3934]  ? ptrace_notify+0x245/0x340
[  136.872595][ T3934]  __x64_sys_openat+0x243/0x290
[  136.877445][ T3934]  ? __ia32_sys_open+0x270/0x270
[  136.882390][ T3934]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  136.888388][ T3934]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  136.894364][ T3934]  do_syscall_64+0x3d/0xb0
[  136.898769][ T3934]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  136.904659][ T3934] RIP: 0033:0x7fc8868064d9
[  136.909075][ T3934] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  136.928673][ T3934] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  136.937080][ T3934] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  136.945045][ T3934] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  136.953036][ T3934] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  136.961010][ T3934] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3935] <... openat resumed>)       = ?
[pid  3934] <... openat resumed>)       = ?
[pid  3935] +++ exited with 0 +++
[pid  3934] +++ exited with 0 +++
[pid  3933] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3933, si_uid=0, si_status=0, si_utime=0, si_stime=41} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./98/binderfs")                 = 0
[  136.968987][ T3934] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  136.976962][ T3934]  </TASK>
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./98/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./98")                           = 0
mkdir("./99", 0777)                     = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3936
./strace-static-x86_64: Process 3936 attached
[pid  3936] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3936] chdir("./99")               = 0
[pid  3936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3936] setpgid(0, 0)               = 0
[pid  3936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3936] write(3, "1000", 4)         = 4
[pid  3936] close(3)                    = 0
[pid  3936] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3936] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3936] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3936] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3937 attached
, parent_tid=[3937], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3937
[pid  3936] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3936] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3937] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3937] memfd_create("syzkaller", 0) = 3
[pid  3937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3937] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3937] munmap(0x7fc87e392000, 16777216) = 0
[pid  3937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3937] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3937] close(3)                    = 0
[pid  3937] mkdir("./file0", 0777)      = 0
[  137.273717][ T3937] loop0: detected capacity change from 0 to 32768
[  137.284483][ T3937] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  137.292924][ T3937] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  137.303447][ T3937] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  137.312063][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  137.318839][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3937] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3937] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3937] chdir("./file0")            = 0
[pid  3937] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3937] close(4)                    = 0
[pid  3937] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3936] <... futex resumed>)        = 0
[pid  3936] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3936] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3937] <... futex resumed>)        = 1
[pid  3937] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3937] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3936] <... futex resumed>)        = 0
[pid  3937] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3936] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  137.358736][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  137.366351][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  137.371921][ T3937] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  137.387437][ T3937] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  137.396556][ T3937] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  137.396556][ T3937]   inode = 12 2341
[pid  3936] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3936] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3936] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3936] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3938], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3938
[pid  3936] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3938 attached
[pid  3938] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3938] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3938] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  137.396556][ T3937]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  137.415380][ T3937] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  137.424819][ T3937] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3937 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  137.435100][ T3937] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  137.443779][ T3937] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  137.452272][ T3937] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  137.461189][ T3937] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  137.467820][ T3937] gfs2: fsid=syz:syz.0: File system withdrawn
[  137.473956][ T3937] CPU: 1 PID: 3937 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  137.484375][ T3937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  137.494437][ T3937] Call Trace:
[  137.497724][ T3937]  <TASK>
[  137.500662][ T3937]  dump_stack_lvl+0x1b1/0x28e
[  137.505342][ T3937]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  137.510797][ T3937]  ? panic+0x710/0x710
[  137.514876][ T3937]  ? kobject_uevent_env+0x46b/0x8e0
[  137.520076][ T3937]  ? do_raw_spin_unlock+0x134/0x8a0
[  137.525986][ T3937]  gfs2_withdraw+0xf33/0x1540
[  137.530684][ T3937]  ? gfs2_lm+0x220/0x220
[  137.534918][ T3937]  ? gfs2_dirent_scan+0xb6/0x650
[  137.539856][ T3937]  ? panic+0x710/0x710
[  137.543928][ T3937]  ? gfs2_permission+0x2ff/0x430
[  137.548886][ T3937]  ? gfs2_consist_inode_i+0xf3/0x110
[  137.554169][ T3937]  gfs2_dirent_scan+0x535/0x650
[pid  3938] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3936] exit_group(0 <unfinished ...>
[pid  3938] <... futex resumed>)        = ?
[pid  3936] <... exit_group resumed>)   = ?
[pid  3938] +++ exited with 0 +++
[  137.559036][ T3937]  ? gfs2_dirent_search+0xb10/0xb10
[  137.564296][ T3937]  gfs2_dirent_search+0x2ea/0xb10
[  137.569338][ T3937]  ? gfs2_dirent_search+0xb10/0xb10
[  137.574558][ T3937]  ? gfs2_dir_search+0x2a0/0x2a0
[  137.579497][ T3937]  ? gfs2_permission+0x3bf/0x430
[  137.584451][ T3937]  gfs2_dir_search+0x8c/0x2a0
[  137.589136][ T3937]  ? do_filldir_main+0x530/0x530
[  137.594095][ T3937]  ? inode_go_held+0xe4/0x1f0
[  137.598789][ T3937]  ? gfs2_glock_wait+0x213/0x2a0
[  137.603722][ T3937]  gfs2_lookupi+0x465/0x650
[  137.608240][ T3937]  ? gfs2_lookup_simple+0x170/0x170
[  137.613444][ T3937]  ? __gfs2_lookup+0x8c/0x260
[  137.618137][ T3937]  __gfs2_lookup+0x8c/0x260
[  137.622744][ T3937]  ? gfs2_atomic_open+0x230/0x230
[  137.627766][ T3937]  ? __d_lookup+0x6a4/0x770
[  137.632272][ T3937]  ? d_hash_and_lookup+0x1c0/0x1c0
[  137.637401][ T3937]  gfs2_atomic_open+0xa4/0x230
[  137.642196][ T3937]  path_openat+0xf39/0x2df0
[  137.646698][ T3937]  ? gfs2_rename2+0x3000/0x3000
[  137.651569][ T3937]  ? do_filp_open+0x4f0/0x4f0
[  137.656275][ T3937]  do_filp_open+0x264/0x4f0
[  137.660780][ T3937]  ? vfs_tmpfile+0x490/0x490
[  137.665382][ T3937]  ? do_raw_spin_unlock+0x134/0x8a0
[  137.670584][ T3937]  ? _raw_spin_unlock+0x24/0x40
[  137.675433][ T3937]  ? alloc_fd+0x5a7/0x640
[  137.679803][ T3937]  do_sys_openat2+0x124/0x4e0
[  137.684508][ T3937]  ? print_irqtrace_events+0x220/0x220
[  137.689983][ T3937]  ? ptrace_stop+0x74d/0x970
[  137.694587][ T3937]  ? do_sys_open+0x220/0x220
[  137.699170][ T3937]  ? lockdep_hardirqs_on+0x8d/0x130
[  137.704361][ T3937]  ? _raw_spin_unlock_irq+0x2a/0x40
[  137.709552][ T3937]  ? ptrace_notify+0x245/0x340
[  137.714303][ T3937]  __x64_sys_openat+0x243/0x290
[  137.719148][ T3937]  ? __ia32_sys_open+0x270/0x270
[  137.724091][ T3937]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  137.730088][ T3937]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  137.736078][ T3937]  do_syscall_64+0x3d/0xb0
[  137.740487][ T3937]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  137.746470][ T3937] RIP: 0033:0x7fc8868064d9
[  137.750890][ T3937] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  137.770493][ T3937] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  137.778929][ T3937] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  137.786906][ T3937] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  137.794884][ T3937] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  137.802859][ T3937] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3937] <... openat resumed>)       = ?
[pid  3937] +++ exited with 0 +++
[pid  3936] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3936, si_uid=0, si_status=0, si_utime=3, si_stime=26} ---
umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./99/binderfs")                 = 0
[  137.810820][ T3937] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  137.818901][ T3937]  </TASK>
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./99/file0")                     = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./99")                           = 0
mkdir("./100", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3939
./strace-static-x86_64: Process 3939 attached
[pid  3939] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3939] chdir("./100")              = 0
[pid  3939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3939] setpgid(0, 0)               = 0
[pid  3939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3939] write(3, "1000", 4)         = 4
[pid  3939] close(3)                    = 0
[pid  3939] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3939] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3939] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3939] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3940], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3940
[pid  3939] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3939] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3940 attached
 <unfinished ...>
[pid  3940] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3940] memfd_create("syzkaller", 0) = 3
[pid  3940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3940] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3940] munmap(0x7fc87e392000, 16777216) = 0
[pid  3940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3940] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3940] close(3)                    = 0
[pid  3940] mkdir("./file0", 0777)      = 0
[  138.123416][ T3940] loop0: detected capacity change from 0 to 32768
[  138.143801][ T3940] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  138.152041][ T3940] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  138.162301][ T3940] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  138.171234][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  138.178022][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3940] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3940] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3940] chdir("./file0")            = 0
[pid  3940] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3940] close(4)                    = 0
[pid  3940] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3939] <... futex resumed>)        = 0
[pid  3940] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3939] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3939] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3940] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3940] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3940] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3939] <... futex resumed>)        = 0
[pid  3940] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3939] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  138.216470][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  138.225262][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  138.230717][ T3940] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3939] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  138.263756][ T3940] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  138.273140][ T3940] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  138.273140][ T3940]   inode = 12 2341
[  138.273140][ T3940]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  138.292711][ T3940] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  138.302077][ T3940] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3940 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3939] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3939] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3939] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3941], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3941
[pid  3939] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3941 attached
[pid  3941] set_robust_list(0x7fc87f3919e0, 24) = 0
[  138.312289][ T3940] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  138.321696][ T3941] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  138.321752][ T3940] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  138.330730][ T3941] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  138.337552][ T3940] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  138.346913][ T3941] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3940 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  138.355846][ T3940] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  138.365795][ T3941] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3941 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  138.372209][ T3940] gfs2: fsid=syz:syz.0: File system withdrawn
[  138.383959][ T3941] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  138.388048][ T3940] CPU: 1 PID: 3940 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  138.406752][ T3940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  138.416810][ T3940] Call Trace:
[  138.420102][ T3940]  <TASK>
[  138.423033][ T3940]  dump_stack_lvl+0x1b1/0x28e
[  138.427972][ T3940]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  138.433428][ T3940]  ? panic+0x710/0x710
[  138.437505][ T3940]  ? kobject_uevent_env+0x46b/0x8e0
[  138.442700][ T3940]  ? do_raw_spin_unlock+0x134/0x8a0
[  138.447900][ T3940]  gfs2_withdraw+0xf33/0x1540
[  138.452586][ T3940]  ? gfs2_lm+0x220/0x220
[  138.456820][ T3940]  ? gfs2_dirent_scan+0xb6/0x650
[  138.461760][ T3940]  ? panic+0x710/0x710
[  138.465825][ T3940]  ? gfs2_permission+0x2ff/0x430
[  138.470764][ T3940]  ? gfs2_consist_inode_i+0xf3/0x110
[  138.476048][ T3940]  gfs2_dirent_scan+0x535/0x650
[  138.480900][ T3940]  ? gfs2_dirent_search+0xb10/0xb10
[  138.486102][ T3940]  gfs2_dirent_search+0x2ea/0xb10
[  138.491127][ T3940]  ? gfs2_dirent_search+0xb10/0xb10
[  138.496323][ T3940]  ? gfs2_dir_search+0x2a0/0x2a0
[  138.501253][ T3940]  ? gfs2_permission+0x3bf/0x430
[  138.506192][ T3940]  gfs2_dir_search+0x8c/0x2a0
[  138.510870][ T3940]  ? do_filldir_main+0x530/0x530
[  138.515803][ T3940]  ? inode_go_held+0xe4/0x1f0
[  138.520480][ T3940]  ? gfs2_glock_wait+0x213/0x2a0
[  138.525414][ T3940]  gfs2_lookupi+0x465/0x650
[  138.529920][ T3940]  ? gfs2_lookup_simple+0x170/0x170
[  138.535115][ T3940]  ? __gfs2_lookup+0x8c/0x260
[  138.540267][ T3940]  __gfs2_lookup+0x8c/0x260
[  138.546504][ T3940]  ? gfs2_atomic_open+0x230/0x230
[  138.551526][ T3940]  ? __d_lookup+0x6a4/0x770
[  138.556021][ T3940]  ? d_hash_and_lookup+0x1c0/0x1c0
[  138.561126][ T3940]  gfs2_atomic_open+0xa4/0x230
[  138.565888][ T3940]  path_openat+0xf39/0x2df0
[  138.570390][ T3940]  ? gfs2_rename2+0x3000/0x3000
[  138.575250][ T3940]  ? do_filp_open+0x4f0/0x4f0
[  138.579933][ T3940]  do_filp_open+0x264/0x4f0
[  138.584435][ T3940]  ? vfs_tmpfile+0x490/0x490
[  138.589024][ T3940]  ? do_raw_spin_unlock+0x134/0x8a0
[  138.594225][ T3940]  ? _raw_spin_unlock+0x24/0x40
[  138.599075][ T3940]  ? alloc_fd+0x5a7/0x640
[  138.603406][ T3940]  do_sys_openat2+0x124/0x4e0
[  138.608082][ T3940]  ? print_irqtrace_events+0x220/0x220
[  138.613792][ T3940]  ? ptrace_stop+0x74d/0x970
[  138.618378][ T3940]  ? do_sys_open+0x220/0x220
[  138.622964][ T3940]  ? lockdep_hardirqs_on+0x8d/0x130
[  138.628158][ T3940]  ? _raw_spin_unlock_irq+0x2a/0x40
[  138.633350][ T3940]  ? ptrace_notify+0x245/0x340
[  138.638106][ T3940]  __x64_sys_openat+0x243/0x290
[  138.642956][ T3940]  ? __ia32_sys_open+0x270/0x270
[  138.647890][ T3940]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  138.653864][ T3940]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  138.659841][ T3940]  do_syscall_64+0x3d/0xb0
[  138.664255][ T3940]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  138.670142][ T3940] RIP: 0033:0x7fc8868064d9
[  138.674549][ T3940] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  138.694147][ T3940] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  138.702551][ T3940] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3941] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3941] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3941] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3940] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3940] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3939] exit_group(0)               = ?
[pid  3941] <... futex resumed>)        = ?
[pid  3941] +++ exited with 0 +++
[pid  3940] <... futex resumed>)        = ?
[pid  3940] +++ exited with 0 +++
[pid  3939] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3939, si_uid=0, si_status=0, si_utime=4, si_stime=34} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./100/binderfs")                = 0
[  138.710513][ T3940] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  138.718500][ T3940] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  138.726486][ T3940] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  138.734454][ T3940] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  138.742436][ T3940]  </TASK>
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./100/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./100")                          = 0
mkdir("./101", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3942
./strace-static-x86_64: Process 3942 attached
[pid  3942] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3942] chdir("./101")              = 0
[pid  3942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3942] setpgid(0, 0)               = 0
[pid  3942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3942] write(3, "1000", 4)         = 4
[pid  3942] close(3)                    = 0
[pid  3942] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3942] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3942] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3942] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3943 attached
, parent_tid=[3943], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3943
[pid  3943] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3942] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3943] <... set_robust_list resumed>) = 0
[pid  3942] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3943] memfd_create("syzkaller", 0) = 3
[pid  3943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3943] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3943] munmap(0x7fc87e392000, 16777216) = 0
[pid  3943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3943] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3943] close(3)                    = 0
[pid  3943] mkdir("./file0", 0777)      = 0
[  139.052771][ T3943] loop0: detected capacity change from 0 to 32768
[  139.062811][ T3943] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  139.071167][ T3943] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  139.080806][ T3943] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  139.089584][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  139.096968][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3943] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3943] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3943] chdir("./file0")            = 0
[pid  3943] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3943] close(4)                    = 0
[pid  3943] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3943] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3942] <... futex resumed>)        = 0
[pid  3942] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3942] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3943] <... futex resumed>)        = 0
[pid  3943] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3943] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3942] <... futex resumed>)        = 0
[pid  3942] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3942] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3943] <... futex resumed>)        = 1
[  139.135426][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  139.143635][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  139.148932][ T3943] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  139.171020][ T3943] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3943] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3942] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3942] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3942] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3942] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3944], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3944
[pid  3942] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3944 attached
[pid  3944] set_robust_list(0x7fc87f3919e0, 24) = 0
[  139.179928][ T3943] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  139.179928][ T3943]   inode = 12 2341
[  139.179928][ T3943]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  139.199065][ T3943] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  139.208703][ T3943] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3943 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  139.219562][ T3943] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  139.225901][ T3944] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  139.229079][ T3943] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  139.237114][ T3944] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  139.244089][ T3943] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  139.253404][ T3944] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3943 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  139.261932][ T3943] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  139.272197][ T3944] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3944 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  139.279989][ T3943] gfs2: fsid=syz:syz.0: File system withdrawn
[  139.288637][ T3944] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  139.294975][ T3943] CPU: 1 PID: 3943 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  139.313148][ T3943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  139.323215][ T3943] Call Trace:
[  139.326519][ T3943]  <TASK>
[  139.329459][ T3943]  dump_stack_lvl+0x1b1/0x28e
[  139.334128][ T3943]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  139.339576][ T3943]  ? panic+0x710/0x710
[  139.343635][ T3943]  ? kobject_uevent_env+0x46b/0x8e0
[  139.348832][ T3943]  ? do_raw_spin_unlock+0x134/0x8a0
[  139.354493][ T3943]  gfs2_withdraw+0xf33/0x1540
[  139.359290][ T3943]  ? gfs2_lm+0x220/0x220
[  139.363520][ T3943]  ? gfs2_dirent_scan+0xb6/0x650
[  139.368883][ T3943]  ? panic+0x710/0x710
[  139.372942][ T3943]  ? gfs2_permission+0x2ff/0x430
[  139.377871][ T3943]  ? gfs2_consist_inode_i+0xf3/0x110
[pid  3944] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3942] exit_group(0)               = ?
[  139.383150][ T3943]  gfs2_dirent_scan+0x535/0x650
[  139.388005][ T3943]  ? gfs2_dirent_search+0xb10/0xb10
[  139.393212][ T3943]  gfs2_dirent_search+0x2ea/0xb10
[  139.398499][ T3943]  ? gfs2_dirent_search+0xb10/0xb10
[  139.403807][ T3943]  ? gfs2_dir_search+0x2a0/0x2a0
[  139.408752][ T3943]  ? gfs2_permission+0x3bf/0x430
[  139.413708][ T3943]  gfs2_dir_search+0x8c/0x2a0
[  139.418382][ T3943]  ? do_filldir_main+0x530/0x530
[  139.423318][ T3943]  ? inode_go_held+0xe4/0x1f0
[  139.428003][ T3943]  ? gfs2_glock_wait+0x213/0x2a0
[  139.432933][ T3943]  gfs2_lookupi+0x465/0x650
[  139.437428][ T3943]  ? gfs2_lookup_simple+0x170/0x170
[  139.442617][ T3943]  ? __gfs2_lookup+0x8c/0x260
[  139.447288][ T3943]  __gfs2_lookup+0x8c/0x260
[  139.451794][ T3943]  ? gfs2_atomic_open+0x230/0x230
[  139.456913][ T3943]  ? __d_lookup+0x6a4/0x770
[  139.461414][ T3943]  ? d_hash_and_lookup+0x1c0/0x1c0
[  139.466534][ T3943]  gfs2_atomic_open+0xa4/0x230
[  139.471299][ T3943]  path_openat+0xf39/0x2df0
[  139.475803][ T3943]  ? gfs2_rename2+0x3000/0x3000
[  139.480668][ T3943]  ? do_filp_open+0x4f0/0x4f0
[  139.485366][ T3943]  do_filp_open+0x264/0x4f0
[  139.489859][ T3943]  ? vfs_tmpfile+0x490/0x490
[  139.494462][ T3943]  ? do_raw_spin_unlock+0x134/0x8a0
[  139.499670][ T3943]  ? _raw_spin_unlock+0x24/0x40
[  139.504517][ T3943]  ? alloc_fd+0x5a7/0x640
[  139.508841][ T3943]  do_sys_openat2+0x124/0x4e0
[  139.513510][ T3943]  ? print_irqtrace_events+0x220/0x220
[  139.518958][ T3943]  ? ptrace_stop+0x74d/0x970
[  139.523550][ T3943]  ? do_sys_open+0x220/0x220
[  139.528150][ T3943]  ? lockdep_hardirqs_on+0x8d/0x130
[  139.533343][ T3943]  ? _raw_spin_unlock_irq+0x2a/0x40
[  139.538549][ T3943]  ? ptrace_notify+0x245/0x340
[  139.543321][ T3943]  __x64_sys_openat+0x243/0x290
[  139.548176][ T3943]  ? __ia32_sys_open+0x270/0x270
[  139.553118][ T3943]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  139.559098][ T3943]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  139.565092][ T3943]  do_syscall_64+0x3d/0xb0
[  139.569508][ T3943]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  139.575407][ T3943] RIP: 0033:0x7fc8868064d9
[  139.579916][ T3943] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  139.599513][ T3943] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  139.607919][ T3943] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  139.615896][ T3943] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  139.623879][ T3943] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3944] <... openat resumed>)       = ?
[pid  3943] <... openat resumed>)       = ?
[pid  3944] +++ exited with 0 +++
[pid  3943] +++ exited with 0 +++
[pid  3942] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3942, si_uid=0, si_status=0, si_utime=1, si_stime=43} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./101/binderfs")                = 0
[  139.631851][ T3943] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  139.639831][ T3943] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  139.647824][ T3943]  </TASK>
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./101/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./101")                          = 0
mkdir("./102", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3945
./strace-static-x86_64: Process 3945 attached
[pid  3945] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3945] chdir("./102")              = 0
[pid  3945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3945] setpgid(0, 0)               = 0
[pid  3945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3945] write(3, "1000", 4)         = 4
[pid  3945] close(3)                    = 0
[pid  3945] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3945] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3945] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3945] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3946], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3946
[pid  3945] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3945] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3946 attached
 <unfinished ...>
[pid  3946] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3946] memfd_create("syzkaller", 0) = 3
[pid  3946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3946] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3946] munmap(0x7fc87e392000, 16777216) = 0
[pid  3946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3946] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3946] close(3)                    = 0
[pid  3946] mkdir("./file0", 0777)      = 0
[  139.969799][ T3946] loop0: detected capacity change from 0 to 32768
[  139.980465][ T3946] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  139.989020][ T3946] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  139.998690][ T3946] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  140.007360][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  140.014587][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3946] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3946] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3946] chdir("./file0")            = 0
[pid  3946] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3946] close(4)                    = 0
[pid  3946] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3945] <... futex resumed>)        = 0
[pid  3946] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3945] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3946] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3945] <... futex resumed>)        = 0
[pid  3946] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3945] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3946] <... futex resumed>)        = 0
[pid  3945] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3946] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3945] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  140.049206][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  140.057630][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  140.062926][ T3946] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  140.075728][ T3946] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  140.084467][ T3946] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  140.084467][ T3946]   inode = 12 2341
[pid  3945] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  140.084467][ T3946]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  140.103450][ T3946] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  140.112690][ T3946] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3946 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  140.122833][ T3946] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  140.131468][ T3946] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  140.138761][ T3946] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3945] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3945] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3945] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3947], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3947
[pid  3945] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3947 attached
[pid  3947] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3947] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3947] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  140.147688][ T3946] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  140.154452][ T3946] gfs2: fsid=syz:syz.0: File system withdrawn
[  140.160628][ T3946] CPU: 0 PID: 3946 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  140.171051][ T3946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  140.181110][ T3946] Call Trace:
[  140.184405][ T3946]  <TASK>
[  140.187358][ T3946]  dump_stack_lvl+0x1b1/0x28e
[  140.192055][ T3946]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  140.197521][ T3946]  ? panic+0x710/0x710
[  140.201596][ T3946]  ? kobject_uevent_env+0x46b/0x8e0
[  140.206784][ T3946]  ? do_raw_spin_unlock+0x134/0x8a0
[  140.211992][ T3946]  gfs2_withdraw+0xf33/0x1540
[  140.216701][ T3946]  ? gfs2_lm+0x220/0x220
[  140.220944][ T3946]  ? gfs2_dirent_scan+0xb6/0x650
[  140.225872][ T3946]  ? panic+0x710/0x710
[  140.229932][ T3946]  ? gfs2_permission+0x2ff/0x430
[  140.234876][ T3946]  ? gfs2_consist_inode_i+0xf3/0x110
[  140.240174][ T3946]  gfs2_dirent_scan+0x535/0x650
[  140.245019][ T3946]  ? gfs2_dirent_search+0xb10/0xb10
[  140.250222][ T3946]  gfs2_dirent_search+0x2ea/0xb10
[  140.255260][ T3946]  ? gfs2_dirent_search+0xb10/0xb10
[  140.260449][ T3946]  ? gfs2_dir_search+0x2a0/0x2a0
[  140.265375][ T3946]  ? gfs2_permission+0x3bf/0x430
[  140.270315][ T3946]  gfs2_dir_search+0x8c/0x2a0
[  140.274993][ T3946]  ? do_filldir_main+0x530/0x530
[  140.279931][ T3946]  ? inode_go_held+0xe4/0x1f0
[  140.284605][ T3946]  ? gfs2_glock_wait+0x213/0x2a0
[  140.289536][ T3946]  gfs2_lookupi+0x465/0x650
[  140.294040][ T3946]  ? gfs2_lookup_simple+0x170/0x170
[  140.299233][ T3946]  ? __gfs2_lookup+0x8c/0x260
[  140.303911][ T3946]  __gfs2_lookup+0x8c/0x260
[  140.308410][ T3946]  ? gfs2_atomic_open+0x230/0x230
[  140.313429][ T3946]  ? __d_lookup+0x6a4/0x770
[  140.317929][ T3946]  ? d_hash_and_lookup+0x1c0/0x1c0
[  140.323031][ T3946]  gfs2_atomic_open+0xa4/0x230
[  140.327790][ T3946]  path_openat+0xf39/0x2df0
[  140.332289][ T3946]  ? gfs2_rename2+0x3000/0x3000
[  140.337152][ T3946]  ? do_filp_open+0x4f0/0x4f0
[  140.341862][ T3946]  do_filp_open+0x264/0x4f0
[  140.346357][ T3946]  ? vfs_tmpfile+0x490/0x490
[  140.350954][ T3946]  ? do_raw_spin_unlock+0x134/0x8a0
[  140.356237][ T3946]  ? _raw_spin_unlock+0x24/0x40
[  140.361084][ T3946]  ? alloc_fd+0x5a7/0x640
[  140.365413][ T3946]  do_sys_openat2+0x124/0x4e0
[  140.370094][ T3946]  ? print_irqtrace_events+0x220/0x220
[  140.375552][ T3946]  ? ptrace_stop+0x74d/0x970
[  140.380143][ T3946]  ? do_sys_open+0x220/0x220
[  140.384734][ T3946]  ? lockdep_hardirqs_on+0x8d/0x130
[  140.389928][ T3946]  ? _raw_spin_unlock_irq+0x2a/0x40
[  140.395122][ T3946]  ? ptrace_notify+0x245/0x340
[  140.399879][ T3946]  __x64_sys_openat+0x243/0x290
[  140.404727][ T3946]  ? __ia32_sys_open+0x270/0x270
[  140.409658][ T3946]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  140.415631][ T3946]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  140.421610][ T3946]  do_syscall_64+0x3d/0xb0
[  140.426019][ T3946]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  140.431905][ T3946] RIP: 0033:0x7fc8868064d9
[  140.436312][ T3946] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  140.455907][ T3946] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  140.464309][ T3946] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  140.472274][ T3946] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  140.480236][ T3946] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  140.488195][ T3946] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3947] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3946] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3946] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3946] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3945] exit_group(0)               = ?
[pid  3946] <... futex resumed>)        = ?
[pid  3946] +++ exited with 0 +++
[pid  3947] <... futex resumed>)        = ?
[pid  3947] +++ exited with 0 +++
[pid  3945] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3945, si_uid=0, si_status=0, si_utime=1, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./102/binderfs")                = 0
[  140.496159][ T3946] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  140.504134][ T3946]  </TASK>
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./102/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./102")                          = 0
mkdir("./103", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3948
./strace-static-x86_64: Process 3948 attached
[pid  3948] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3948] chdir("./103")              = 0
[pid  3948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3948] setpgid(0, 0)               = 0
[pid  3948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3948] write(3, "1000", 4)         = 4
[pid  3948] close(3)                    = 0
[pid  3948] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3948] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3948] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3948] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3949], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3949
[pid  3948] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3948] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3949 attached
 <unfinished ...>
[pid  3949] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3949] memfd_create("syzkaller", 0) = 3
[pid  3949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3949] munmap(0x7fc87e392000, 16777216) = 0
[pid  3949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3949] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3949] close(3)                    = 0
[pid  3949] mkdir("./file0", 0777)      = 0
[  140.810629][ T3949] loop0: detected capacity change from 0 to 32768
[  140.819996][ T3949] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  140.828515][ T3949] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  140.837881][ T3949] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  140.847207][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  140.854115][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3949] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3949] chdir("./file0")            = 0
[pid  3949] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3949] close(4)                    = 0
[pid  3949] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3948] <... futex resumed>)        = 0
[pid  3948] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3948] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3949] <... futex resumed>)        = 1
[pid  3949] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3949] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3948] <... futex resumed>)        = 0
[pid  3948] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3948] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3949] <... futex resumed>)        = 1
[  140.888260][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  140.896001][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  140.901511][ T3949] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  140.914893][ T3949] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  140.923339][ T3949] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  140.923339][ T3949]   inode = 12 2341
[pid  3949] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3948] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3948] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3948] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3948] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3950], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3950
[pid  3948] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3950 attached
[pid  3950] set_robust_list(0x7fc87f3919e0, 24) = 0
[  140.923339][ T3949]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  140.942472][ T3949] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  140.951988][ T3949] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3949 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  140.962535][ T3949] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  140.967536][ T3950] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  140.979416][ T3950] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  140.979416][ T3950]   inode = 12 2341
[  140.979416][ T3950]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  140.979791][ T3949] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  140.998535][ T3950] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  141.006113][ T3949] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  141.014715][ T3950] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3949 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  141.023457][ T3949] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  141.033449][ T3950] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3950 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  141.041627][ T3949] gfs2: fsid=syz:syz.0: File system withdrawn
[  141.049906][ T3950] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  141.055932][ T3949] CPU: 1 PID: 3949 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  141.074642][ T3949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  141.084707][ T3949] Call Trace:
[  141.087991][ T3949]  <TASK>
[  141.090919][ T3949]  dump_stack_lvl+0x1b1/0x28e
[  141.095605][ T3949]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  141.101059][ T3949]  ? panic+0x710/0x710
[  141.105135][ T3949]  ? kobject_uevent_env+0x46b/0x8e0
[  141.110325][ T3949]  ? do_raw_spin_unlock+0x134/0x8a0
[  141.115518][ T3949]  gfs2_withdraw+0xf33/0x1540
[  141.120282][ T3949]  ? gfs2_lm+0x220/0x220
[  141.124511][ T3949]  ? gfs2_dirent_scan+0xb6/0x650
[  141.129437][ T3949]  ? panic+0x710/0x710
[  141.133496][ T3949]  ? gfs2_permission+0x2ff/0x430
[pid  3950] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3948] exit_group(0)               = ?
[  141.138424][ T3949]  ? gfs2_consist_inode_i+0xf3/0x110
[  141.143700][ T3949]  gfs2_dirent_scan+0x535/0x650
[  141.148548][ T3949]  ? gfs2_dirent_search+0xb10/0xb10
[  141.153740][ T3949]  gfs2_dirent_search+0x2ea/0xb10
[  141.158783][ T3949]  ? gfs2_dirent_search+0xb10/0xb10
[  141.163972][ T3949]  ? gfs2_dir_search+0x2a0/0x2a0
[  141.168909][ T3949]  ? gfs2_permission+0x3bf/0x430
[  141.173842][ T3949]  gfs2_dir_search+0x8c/0x2a0
[  141.178515][ T3949]  ? do_filldir_main+0x530/0x530
[  141.183443][ T3949]  ? inode_go_held+0xe4/0x1f0
[  141.188126][ T3949]  ? gfs2_glock_wait+0x213/0x2a0
[  141.193069][ T3949]  gfs2_lookupi+0x465/0x650
[  141.197570][ T3949]  ? gfs2_lookup_simple+0x170/0x170
[  141.202780][ T3949]  ? __gfs2_lookup+0x8c/0x260
[  141.207450][ T3949]  __gfs2_lookup+0x8c/0x260
[  141.211946][ T3949]  ? gfs2_atomic_open+0x230/0x230
[  141.216957][ T3949]  ? __d_lookup+0x6a4/0x770
[  141.221442][ T3949]  ? d_hash_and_lookup+0x1c0/0x1c0
[  141.226540][ T3949]  gfs2_atomic_open+0xa4/0x230
[  141.231298][ T3949]  path_openat+0xf39/0x2df0
[  141.235788][ T3949]  ? gfs2_rename2+0x3000/0x3000
[  141.240633][ T3949]  ? do_filp_open+0x4f0/0x4f0
[  141.245304][ T3949]  do_filp_open+0x264/0x4f0
[  141.249789][ T3949]  ? vfs_tmpfile+0x490/0x490
[  141.254369][ T3949]  ? do_raw_spin_unlock+0x134/0x8a0
[  141.259555][ T3949]  ? _raw_spin_unlock+0x24/0x40
[  141.264390][ T3949]  ? alloc_fd+0x5a7/0x640
[  141.268711][ T3949]  do_sys_openat2+0x124/0x4e0
[  141.273386][ T3949]  ? print_irqtrace_events+0x220/0x220
[  141.278834][ T3949]  ? ptrace_stop+0x74d/0x970
[  141.283414][ T3949]  ? do_sys_open+0x220/0x220
[  141.287986][ T3949]  ? lockdep_hardirqs_on+0x8d/0x130
[  141.293169][ T3949]  ? _raw_spin_unlock_irq+0x2a/0x40
[  141.298722][ T3949]  ? ptrace_notify+0x245/0x340
[  141.303472][ T3949]  __x64_sys_openat+0x243/0x290
[  141.308309][ T3949]  ? __ia32_sys_open+0x270/0x270
[  141.313230][ T3949]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  141.319203][ T3949]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  141.325170][ T3949]  do_syscall_64+0x3d/0xb0
[  141.329570][ T3949]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  141.335448][ T3949] RIP: 0033:0x7fc8868064d9
[  141.339853][ T3949] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  141.359451][ T3949] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  141.367875][ T3949] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  141.375835][ T3949] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3949] <... openat resumed>)       = ?
[pid  3949] +++ exited with 0 +++
[pid  3950] <... openat resumed>)       = ?
[pid  3950] +++ exited with 0 +++
[pid  3948] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3948, si_uid=0, si_status=0, si_utime=2, si_stime=39} ---
umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./103/binderfs")                = 0
[  141.383808][ T3949] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  141.391765][ T3949] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  141.399742][ T3949] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  141.407730][ T3949]  </TASK>
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./103/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./103")                          = 0
mkdir("./104", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3951
./strace-static-x86_64: Process 3951 attached
[pid  3951] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3951] chdir("./104")              = 0
[pid  3951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3951] setpgid(0, 0)               = 0
[pid  3951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3951] write(3, "1000", 4)         = 4
[pid  3951] close(3)                    = 0
[pid  3951] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3951] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3951] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3951] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3952 attached
, parent_tid=[3952], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3952
[pid  3952] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3951] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3952] <... set_robust_list resumed>) = 0
[pid  3951] <... futex resumed>)        = 0
[pid  3951] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3952] memfd_create("syzkaller", 0) = 3
[pid  3952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3952] munmap(0x7fc87e392000, 16777216) = 0
[pid  3952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3952] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3952] close(3)                    = 0
[pid  3952] mkdir("./file0", 0777)      = 0
[  141.713863][ T3952] loop0: detected capacity change from 0 to 32768
[  141.725601][ T3952] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  141.734129][ T3952] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  141.744035][ T3952] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  141.753061][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  141.759899][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3952] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3952] chdir("./file0")            = 0
[pid  3952] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3952] close(4)                    = 0
[pid  3952] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3951] <... futex resumed>)        = 0
[pid  3951] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3951] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3952] <... futex resumed>)        = 1
[pid  3952] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3952] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3951] <... futex resumed>)        = 0
[pid  3951] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3951] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3952] <... futex resumed>)        = 1
[  141.799447][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  141.808355][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  141.813693][ T3952] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3952] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3951] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3951] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[  141.839887][ T3952] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  141.848983][ T3952] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  141.848983][ T3952]   inode = 12 2341
[  141.848983][ T3952]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  141.868351][ T3952] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  141.877757][ T3952] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3952 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3951] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3951] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3953], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3953
[pid  3951] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3953 attached
[pid  3953] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3953] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3953] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  141.888374][ T3952] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  141.896898][ T3952] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  141.904142][ T3952] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  141.912986][ T3952] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  141.921085][ T3952] gfs2: fsid=syz:syz.0: File system withdrawn
[  141.927168][ T3952] CPU: 0 PID: 3952 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  141.937573][ T3952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  141.947636][ T3952] Call Trace:
[  141.950911][ T3952]  <TASK>
[  141.953831][ T3952]  dump_stack_lvl+0x1b1/0x28e
[  141.958501][ T3952]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  141.963949][ T3952]  ? panic+0x710/0x710
[  141.968013][ T3952]  ? kobject_uevent_env+0x46b/0x8e0
[  141.973287][ T3952]  ? do_raw_spin_unlock+0x134/0x8a0
[  141.978502][ T3952]  gfs2_withdraw+0xf33/0x1540
[  141.983206][ T3952]  ? gfs2_lm+0x220/0x220
[pid  3953] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3951] exit_group(0 <unfinished ...>
[pid  3953] <... futex resumed>)        = ?
[pid  3951] <... exit_group resumed>)   = ?
[pid  3953] +++ exited with 0 +++
[  141.987444][ T3952]  ? gfs2_dirent_scan+0xb6/0x650
[  141.992392][ T3952]  ? panic+0x710/0x710
[  141.996449][ T3952]  ? gfs2_permission+0x2ff/0x430
[  142.001378][ T3952]  ? gfs2_consist_inode_i+0xf3/0x110
[  142.006666][ T3952]  gfs2_dirent_scan+0x535/0x650
[  142.011530][ T3952]  ? gfs2_dirent_search+0xb10/0xb10
[  142.016735][ T3952]  gfs2_dirent_search+0x2ea/0xb10
[  142.021774][ T3952]  ? gfs2_dirent_search+0xb10/0xb10
[  142.026978][ T3952]  ? gfs2_dir_search+0x2a0/0x2a0
[  142.031930][ T3952]  ? gfs2_permission+0x3bf/0x430
[  142.036868][ T3952]  gfs2_dir_search+0x8c/0x2a0
[  142.041542][ T3952]  ? do_filldir_main+0x530/0x530
[  142.046469][ T3952]  ? inode_go_held+0xe4/0x1f0
[  142.051139][ T3952]  ? gfs2_glock_wait+0x213/0x2a0
[  142.056068][ T3952]  gfs2_lookupi+0x465/0x650
[  142.060565][ T3952]  ? gfs2_lookup_simple+0x170/0x170
[  142.065754][ T3952]  ? __gfs2_lookup+0x8c/0x260
[  142.070424][ T3952]  __gfs2_lookup+0x8c/0x260
[  142.074951][ T3952]  ? gfs2_atomic_open+0x230/0x230
[  142.080090][ T3952]  ? __d_lookup+0x6a4/0x770
[  142.084607][ T3952]  ? d_hash_and_lookup+0x1c0/0x1c0
[  142.089727][ T3952]  gfs2_atomic_open+0xa4/0x230
[  142.094491][ T3952]  path_openat+0xf39/0x2df0
[  142.098988][ T3952]  ? gfs2_rename2+0x3000/0x3000
[  142.103855][ T3952]  ? do_filp_open+0x4f0/0x4f0
[  142.108550][ T3952]  do_filp_open+0x264/0x4f0
[  142.113043][ T3952]  ? vfs_tmpfile+0x490/0x490
[  142.117642][ T3952]  ? do_raw_spin_unlock+0x134/0x8a0
[  142.122851][ T3952]  ? _raw_spin_unlock+0x24/0x40
[  142.127696][ T3952]  ? alloc_fd+0x5a7/0x640
[  142.132022][ T3952]  do_sys_openat2+0x124/0x4e0
[  142.136690][ T3952]  ? print_irqtrace_events+0x220/0x220
[  142.142136][ T3952]  ? ptrace_stop+0x74d/0x970
[  142.146730][ T3952]  ? do_sys_open+0x220/0x220
[  142.151322][ T3952]  ? lockdep_hardirqs_on+0x8d/0x130
[  142.156508][ T3952]  ? _raw_spin_unlock_irq+0x2a/0x40
[  142.161718][ T3952]  ? ptrace_notify+0x245/0x340
[  142.166501][ T3952]  __x64_sys_openat+0x243/0x290
[  142.172492][ T3952]  ? __ia32_sys_open+0x270/0x270
[  142.177440][ T3952]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  142.183419][ T3952]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  142.189409][ T3952]  do_syscall_64+0x3d/0xb0
[  142.193818][ T3952]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  142.199704][ T3952] RIP: 0033:0x7fc8868064d9
[  142.204112][ T3952] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  142.224074][ T3952] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  142.232566][ T3952] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3952] <... openat resumed>)       = ?
[pid  3952] +++ exited with 0 +++
[pid  3951] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3951, si_uid=0, si_status=0, si_utime=2, si_stime=27} ---
umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./104/binderfs")                = 0
[  142.240529][ T3952] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  142.248493][ T3952] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  142.256466][ T3952] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  142.264442][ T3952] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  142.272432][ T3952]  </TASK>
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./104/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./104")                          = 0
mkdir("./105", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3954
./strace-static-x86_64: Process 3954 attached
[pid  3954] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3954] chdir("./105")              = 0
[pid  3954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3954] setpgid(0, 0)               = 0
[pid  3954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3954] write(3, "1000", 4)         = 4
[pid  3954] close(3)                    = 0
[pid  3954] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3954] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3954] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3954] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3955], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3955
[pid  3954] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3954] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3955 attached
 <unfinished ...>
[pid  3955] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3955] memfd_create("syzkaller", 0) = 3
[pid  3955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3955] munmap(0x7fc87e392000, 16777216) = 0
[pid  3955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3955] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3955] close(3)                    = 0
[pid  3955] mkdir("./file0", 0777)      = 0
[  142.555360][ T3955] loop0: detected capacity change from 0 to 32768
[  142.566356][ T3955] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  142.574583][ T3955] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  142.584304][ T3955] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  142.592982][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  142.599751][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3955] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3955] chdir("./file0")            = 0
[pid  3955] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3955] close(4)                    = 0
[pid  3955] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3954] <... futex resumed>)        = 0
[pid  3954] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3954] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3955] <... futex resumed>)        = 1
[pid  3955] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3955] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3954] <... futex resumed>)        = 0
[pid  3954] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3954] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3955] <... futex resumed>)        = 1
[  142.633886][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  142.642178][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  142.647449][ T3955] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  142.664889][ T3955] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  142.673738][ T3955] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3955] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3954] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  142.673738][ T3955]   inode = 12 2341
[  142.673738][ T3955]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  142.692434][ T3955] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  142.701542][ T3955] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3955 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  142.713442][ T3955] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  142.721994][ T3955] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3954] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3954] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3954] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3956], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3956
[pid  3954] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3956 attached
[pid  3956] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3956] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3956] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  142.729586][ T3955] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  142.738643][ T3955] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  142.746663][ T3955] gfs2: fsid=syz:syz.0: File system withdrawn
[  142.753060][ T3955] CPU: 1 PID: 3955 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  142.763502][ T3955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  142.773619][ T3955] Call Trace:
[  142.776915][ T3955]  <TASK>
[  142.779860][ T3955]  dump_stack_lvl+0x1b1/0x28e
[  142.784548][ T3955]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  142.790012][ T3955]  ? panic+0x710/0x710
[  142.794089][ T3955]  ? kobject_uevent_env+0x46b/0x8e0
[  142.799296][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  142.804492][ T3955]  gfs2_withdraw+0xf33/0x1540
[  142.809180][ T3955]  ? gfs2_lm+0x220/0x220
[  142.813432][ T3955]  ? gfs2_dirent_scan+0xb6/0x650
[  142.818384][ T3955]  ? panic+0x710/0x710
[  142.822489][ T3955]  ? gfs2_permission+0x2ff/0x430
[  142.827455][ T3955]  ? gfs2_consist_inode_i+0xf3/0x110
[  142.832749][ T3955]  gfs2_dirent_scan+0x535/0x650
[  142.837620][ T3955]  ? gfs2_dirent_search+0xb10/0xb10
[  142.842842][ T3955]  gfs2_dirent_search+0x2ea/0xb10
[  142.847870][ T3955]  ? gfs2_dirent_search+0xb10/0xb10
[  142.853073][ T3955]  ? gfs2_dir_search+0x2a0/0x2a0
[  142.858009][ T3955]  ? gfs2_permission+0x3bf/0x430
[  142.862973][ T3955]  gfs2_dir_search+0x8c/0x2a0
[  142.867681][ T3955]  ? do_filldir_main+0x530/0x530
[  142.872644][ T3955]  ? inode_go_held+0xe4/0x1f0
[  142.877344][ T3955]  ? gfs2_glock_wait+0x213/0x2a0
[  142.883255][ T3955]  gfs2_lookupi+0x465/0x650
[  142.887776][ T3955]  ? gfs2_lookup_simple+0x170/0x170
[  142.892976][ T3955]  ? __gfs2_lookup+0x8c/0x260
[  142.897656][ T3955]  __gfs2_lookup+0x8c/0x260
[  142.902156][ T3955]  ? gfs2_atomic_open+0x230/0x230
[  142.907194][ T3955]  ? __d_lookup+0x6a4/0x770
[  142.911703][ T3955]  ? d_hash_and_lookup+0x1c0/0x1c0
[  142.916808][ T3955]  gfs2_atomic_open+0xa4/0x230
[  142.921571][ T3955]  path_openat+0xf39/0x2df0
[  142.926075][ T3955]  ? gfs2_rename2+0x3000/0x3000
[  142.930929][ T3955]  ? do_filp_open+0x4f0/0x4f0
[  142.935609][ T3955]  do_filp_open+0x264/0x4f0
[  142.940106][ T3955]  ? vfs_tmpfile+0x490/0x490
[  142.944698][ T3955]  ? do_raw_spin_unlock+0x134/0x8a0
[  142.949896][ T3955]  ? _raw_spin_unlock+0x24/0x40
[  142.954743][ T3955]  ? alloc_fd+0x5a7/0x640
[  142.959074][ T3955]  do_sys_openat2+0x124/0x4e0
[  142.963749][ T3955]  ? print_irqtrace_events+0x220/0x220
[  142.969199][ T3955]  ? ptrace_stop+0x74d/0x970
[  142.973787][ T3955]  ? do_sys_open+0x220/0x220
[  142.978369][ T3955]  ? lockdep_hardirqs_on+0x8d/0x130
[  142.983560][ T3955]  ? _raw_spin_unlock_irq+0x2a/0x40
[  142.988755][ T3955]  ? ptrace_notify+0x245/0x340
[  142.993510][ T3955]  __x64_sys_openat+0x243/0x290
[  142.998358][ T3955]  ? __ia32_sys_open+0x270/0x270
[  143.003295][ T3955]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  143.009268][ T3955]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  143.015250][ T3955]  do_syscall_64+0x3d/0xb0
[  143.019661][ T3955]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  143.025550][ T3955] RIP: 0033:0x7fc8868064d9
[  143.029959][ T3955] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  143.049560][ T3955] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  143.057970][ T3955] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  143.065935][ T3955] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  143.073898][ T3955] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3956] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3955] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3955] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3955] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3954] exit_group(0 <unfinished ...>
[pid  3956] <... futex resumed>)        = ?
[pid  3955] <... futex resumed>)        = ?
[pid  3954] <... exit_group resumed>)   = ?
[pid  3955] +++ exited with 0 +++
[pid  3956] +++ exited with 0 +++
[pid  3954] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3954, si_uid=0, si_status=0, si_utime=3, si_stime=28} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./105/binderfs")                = 0
[  143.081857][ T3955] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  143.089842][ T3955] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  143.097817][ T3955]  </TASK>
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./105/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./105")                          = 0
mkdir("./106", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3957
./strace-static-x86_64: Process 3957 attached
[pid  3957] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3957] chdir("./106")              = 0
[pid  3957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3957] setpgid(0, 0)               = 0
[pid  3957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3957] write(3, "1000", 4)         = 4
[pid  3957] close(3)                    = 0
[pid  3957] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3957] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3957] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3957] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3958 attached
, parent_tid=[3958], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3958
[pid  3958] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3957] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3958] <... set_robust_list resumed>) = 0
[pid  3957] <... futex resumed>)        = 0
[pid  3957] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3958] memfd_create("syzkaller", 0) = 3
[pid  3958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3958] munmap(0x7fc87e392000, 16777216) = 0
[pid  3958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3958] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3958] close(3)                    = 0
[pid  3958] mkdir("./file0", 0777)      = 0
[  143.388078][ T3958] loop0: detected capacity change from 0 to 32768
[  143.397852][ T3958] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  143.406084][ T3958] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  143.416078][ T3958] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  143.424877][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  143.432005][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3958] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3958] chdir("./file0")            = 0
[pid  3958] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3958] close(4)                    = 0
[pid  3958] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3957] <... futex resumed>)        = 0
[pid  3957] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3957] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3958] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3958] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3957] <... futex resumed>)        = 0
[pid  3957] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3958] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3957] <... futex resumed>)        = 0
[  143.468321][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  143.477129][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  143.482446][ T3958] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  143.508590][ T3958] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  143.517097][ T3958] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  143.517097][ T3958]   inode = 12 2341
[  143.517097][ T3958]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  143.536018][ T3958] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  143.545369][ T3958] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3958 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3957] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3957] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3957] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3957] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3959], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3959
[pid  3957] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3959 attached
[pid  3959] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3959] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3959] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  143.555678][ T3958] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  143.564529][ T3958] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  143.571901][ T3958] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  143.580907][ T3958] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  143.588759][ T3958] gfs2: fsid=syz:syz.0: File system withdrawn
[  143.594996][ T3958] CPU: 0 PID: 3958 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  143.605415][ T3958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  143.615474][ T3958] Call Trace:
[  143.618768][ T3958]  <TASK>
[  143.621697][ T3958]  dump_stack_lvl+0x1b1/0x28e
[  143.626373][ T3958]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  143.631824][ T3958]  ? panic+0x710/0x710
[  143.635882][ T3958]  ? kobject_uevent_env+0x46b/0x8e0
[  143.641082][ T3958]  ? do_raw_spin_unlock+0x134/0x8a0
[  143.646285][ T3958]  gfs2_withdraw+0xf33/0x1540
[  143.650975][ T3958]  ? gfs2_lm+0x220/0x220
[pid  3959] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3957] exit_group(0 <unfinished ...>
[pid  3959] <... futex resumed>)        = ?
[pid  3957] <... exit_group resumed>)   = ?
[pid  3959] +++ exited with 0 +++
[  143.655205][ T3958]  ? gfs2_dirent_scan+0xb6/0x650
[  143.660131][ T3958]  ? panic+0x710/0x710
[  143.664183][ T3958]  ? gfs2_permission+0x2ff/0x430
[  143.669177][ T3958]  ? gfs2_consist_inode_i+0xf3/0x110
[  143.674468][ T3958]  gfs2_dirent_scan+0x535/0x650
[  143.679333][ T3958]  ? gfs2_dirent_search+0xb10/0xb10
[  143.684548][ T3958]  gfs2_dirent_search+0x2ea/0xb10
[  143.689569][ T3958]  ? gfs2_dirent_search+0xb10/0xb10
[  143.694761][ T3958]  ? gfs2_dir_search+0x2a0/0x2a0
[  143.699696][ T3958]  ? gfs2_permission+0x3bf/0x430
[  143.704665][ T3958]  gfs2_dir_search+0x8c/0x2a0
[  143.709371][ T3958]  ? do_filldir_main+0x530/0x530
[  143.714324][ T3958]  ? inode_go_held+0xe4/0x1f0
[  143.719007][ T3958]  ? gfs2_glock_wait+0x213/0x2a0
[  143.723951][ T3958]  gfs2_lookupi+0x465/0x650
[  143.728464][ T3958]  ? gfs2_lookup_simple+0x170/0x170
[  143.733669][ T3958]  ? __gfs2_lookup+0x8c/0x260
[  143.738354][ T3958]  __gfs2_lookup+0x8c/0x260
[  143.742857][ T3958]  ? gfs2_atomic_open+0x230/0x230
[  143.747890][ T3958]  ? __d_lookup+0x6a4/0x770
[  143.752395][ T3958]  ? d_hash_and_lookup+0x1c0/0x1c0
[  143.757506][ T3958]  gfs2_atomic_open+0xa4/0x230
[  143.762279][ T3958]  path_openat+0xf39/0x2df0
[  143.766777][ T3958]  ? gfs2_rename2+0x3000/0x3000
[  143.771626][ T3958]  ? do_filp_open+0x4f0/0x4f0
[  143.776318][ T3958]  do_filp_open+0x264/0x4f0
[  143.780824][ T3958]  ? vfs_tmpfile+0x490/0x490
[  143.785423][ T3958]  ? do_raw_spin_unlock+0x134/0x8a0
[  143.790623][ T3958]  ? _raw_spin_unlock+0x24/0x40
[  143.795466][ T3958]  ? alloc_fd+0x5a7/0x640
[  143.799789][ T3958]  do_sys_openat2+0x124/0x4e0
[  143.804545][ T3958]  ? print_irqtrace_events+0x220/0x220
[  143.809992][ T3958]  ? ptrace_stop+0x74d/0x970
[  143.814576][ T3958]  ? do_sys_open+0x220/0x220
[  143.819155][ T3958]  ? lockdep_hardirqs_on+0x8d/0x130
[  143.824341][ T3958]  ? _raw_spin_unlock_irq+0x2a/0x40
[  143.829529][ T3958]  ? ptrace_notify+0x245/0x340
[  143.834282][ T3958]  __x64_sys_openat+0x243/0x290
[  143.839123][ T3958]  ? __ia32_sys_open+0x270/0x270
[  143.844071][ T3958]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  143.850063][ T3958]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  143.856094][ T3958]  do_syscall_64+0x3d/0xb0
[  143.860505][ T3958]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  143.866395][ T3958] RIP: 0033:0x7fc8868064d9
[  143.870802][ T3958] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  143.890410][ T3958] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  143.898843][ T3958] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3958] <... openat resumed>)       = ?
[pid  3958] +++ exited with 0 +++
[pid  3957] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3957, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./106/binderfs")                = 0
[  143.906818][ T3958] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  143.914797][ T3958] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  143.922756][ T3958] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  143.930717][ T3958] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  143.938707][ T3958]  </TASK>
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./106/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./106")                          = 0
mkdir("./107", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3960
./strace-static-x86_64: Process 3960 attached
[pid  3960] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3960] chdir("./107")              = 0
[pid  3960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3960] setpgid(0, 0)               = 0
[pid  3960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3960] write(3, "1000", 4)         = 4
[pid  3960] close(3)                    = 0
[pid  3960] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3960] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3960] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3960] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3961], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3961
[pid  3960] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3960] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3961 attached
 <unfinished ...>
[pid  3961] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3961] memfd_create("syzkaller", 0) = 3
[pid  3961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3961] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3961] munmap(0x7fc87e392000, 16777216) = 0
[pid  3961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3961] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3961] close(3)                    = 0
[pid  3961] mkdir("./file0", 0777)      = 0
[  144.227408][ T3961] loop0: detected capacity change from 0 to 32768
[  144.238622][ T3961] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  144.248989][ T3961] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  144.258936][ T3961] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  144.267792][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  144.274776][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3961] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3961] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3961] chdir("./file0")            = 0
[pid  3961] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3961] close(4)                    = 0
[pid  3961] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3960] <... futex resumed>)        = 0
[pid  3960] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3960] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3961] <... futex resumed>)        = 1
[pid  3961] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3961] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3960] <... futex resumed>)        = 0
[pid  3960] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3960] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3961] <... futex resumed>)        = 1
[  144.308096][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  144.317450][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  144.322889][ T3961] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  3961] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3960] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3960] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  3960] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  144.351182][ T3961] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  144.359940][ T3961] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  144.359940][ T3961]   inode = 12 2341
[  144.359940][ T3961]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  144.379298][ T3961] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  144.388743][ T3961] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3961 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3960] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3960] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3962], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3962
[pid  3960] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3962 attached
[pid  3962] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3962] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3962] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  144.399650][ T3961] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  144.408377][ T3961] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  144.416226][ T3961] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  144.425057][ T3961] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  144.432714][ T3961] gfs2: fsid=syz:syz.0: File system withdrawn
[  144.439126][ T3961] CPU: 0 PID: 3961 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  144.449532][ T3961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  144.459641][ T3961] Call Trace:
[  144.462908][ T3961]  <TASK>
[  144.465823][ T3961]  dump_stack_lvl+0x1b1/0x28e
[  144.470490][ T3961]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  144.475930][ T3961]  ? panic+0x710/0x710
[  144.479985][ T3961]  ? kobject_uevent_env+0x46b/0x8e0
[  144.485170][ T3961]  ? do_raw_spin_unlock+0x134/0x8a0
[  144.490359][ T3961]  gfs2_withdraw+0xf33/0x1540
[  144.495030][ T3961]  ? gfs2_lm+0x220/0x220
[  144.499251][ T3961]  ? gfs2_dirent_scan+0xb6/0x650
[  144.504180][ T3961]  ? panic+0x710/0x710
[  144.508228][ T3961]  ? gfs2_permission+0x2ff/0x430
[  144.513155][ T3961]  ? gfs2_consist_inode_i+0xf3/0x110
[  144.518433][ T3961]  gfs2_dirent_scan+0x535/0x650
[  144.523271][ T3961]  ? gfs2_dirent_search+0xb10/0xb10
[  144.528456][ T3961]  gfs2_dirent_search+0x2ea/0xb10
[  144.533470][ T3961]  ? gfs2_dirent_search+0xb10/0xb10
[  144.538654][ T3961]  ? gfs2_dir_search+0x2a0/0x2a0
[  144.543575][ T3961]  ? gfs2_permission+0x3bf/0x430
[  144.548499][ T3961]  gfs2_dir_search+0x8c/0x2a0
[  144.553170][ T3961]  ? do_filldir_main+0x530/0x530
[  144.558182][ T3961]  ? inode_go_held+0xe4/0x1f0
[  144.562845][ T3961]  ? gfs2_glock_wait+0x213/0x2a0
[  144.567766][ T3961]  gfs2_lookupi+0x465/0x650
[  144.572260][ T3961]  ? gfs2_lookup_simple+0x170/0x170
[  144.577444][ T3961]  ? __gfs2_lookup+0x8c/0x260
[  144.582112][ T3961]  __gfs2_lookup+0x8c/0x260
[  144.586616][ T3961]  ? gfs2_atomic_open+0x230/0x230
[  144.591628][ T3961]  ? __d_lookup+0x6a4/0x770
[  144.596116][ T3961]  ? d_hash_and_lookup+0x1c0/0x1c0
[  144.601222][ T3961]  gfs2_atomic_open+0xa4/0x230
[  144.605998][ T3961]  path_openat+0xf39/0x2df0
[  144.610501][ T3961]  ? gfs2_rename2+0x3000/0x3000
[  144.615361][ T3961]  ? do_filp_open+0x4f0/0x4f0
[  144.620045][ T3961]  do_filp_open+0x264/0x4f0
[  144.624545][ T3961]  ? vfs_tmpfile+0x490/0x490
[  144.629128][ T3961]  ? do_raw_spin_unlock+0x134/0x8a0
[  144.634315][ T3961]  ? _raw_spin_unlock+0x24/0x40
[  144.639152][ T3961]  ? alloc_fd+0x5a7/0x640
[  144.643473][ T3961]  do_sys_openat2+0x124/0x4e0
[  144.648140][ T3961]  ? print_irqtrace_events+0x220/0x220
[  144.653587][ T3961]  ? ptrace_stop+0x74d/0x970
[  144.658512][ T3961]  ? do_sys_open+0x220/0x220
[  144.663086][ T3961]  ? lockdep_hardirqs_on+0x8d/0x130
[  144.668274][ T3961]  ? _raw_spin_unlock_irq+0x2a/0x40
[  144.673482][ T3961]  ? ptrace_notify+0x245/0x340
[  144.678232][ T3961]  __x64_sys_openat+0x243/0x290
[  144.683081][ T3961]  ? __ia32_sys_open+0x270/0x270
[  144.688008][ T3961]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  144.693978][ T3961]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  144.699947][ T3961]  do_syscall_64+0x3d/0xb0
[  144.704348][ T3961]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  144.710225][ T3961] RIP: 0033:0x7fc8868064d9
[  144.714627][ T3961] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  144.734244][ T3961] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  144.742653][ T3961] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3962] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3961] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3961] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3961] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3960] exit_group(0 <unfinished ...>
[pid  3962] <... futex resumed>)        = ?
[pid  3960] <... exit_group resumed>)   = ?
[pid  3962] +++ exited with 0 +++
[pid  3961] <... futex resumed>)        = ?
[pid  3961] +++ exited with 0 +++
[pid  3960] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3960, si_uid=0, si_status=0, si_utime=2, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./107/binderfs")                = 0
[  144.750619][ T3961] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  144.758601][ T3961] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  144.766580][ T3961] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  144.774539][ T3961] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  144.782512][ T3961]  </TASK>
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./107/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./107")                          = 0
mkdir("./108", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3963
./strace-static-x86_64: Process 3963 attached
[pid  3963] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3963] chdir("./108")              = 0
[pid  3963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3963] setpgid(0, 0)               = 0
[pid  3963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3963] write(3, "1000", 4)         = 4
[pid  3963] close(3)                    = 0
[pid  3963] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3963] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3963] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3963] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3964 attached
 <unfinished ...>
[pid  3964] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3964] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3963] <... clone resumed>, parent_tid=[3964], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3964
[pid  3963] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3964] <... futex resumed>)        = 0
[pid  3963] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3964] memfd_create("syzkaller", 0) = 3
[pid  3964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3964] munmap(0x7fc87e392000, 16777216) = 0
[pid  3964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3964] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3964] close(3)                    = 0
[pid  3964] mkdir("./file0", 0777)      = 0
[  145.100451][ T3964] loop0: detected capacity change from 0 to 32768
[  145.109887][ T3964] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  145.118230][ T3964] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  145.127727][ T3964] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  145.138106][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  145.145303][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3964] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3964] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3964] chdir("./file0")            = 0
[pid  3964] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3964] close(4)                    = 0
[pid  3964] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3963] <... futex resumed>)        = 0
[pid  3963] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3963] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3964] <... futex resumed>)        = 1
[pid  3964] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3964] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3963] <... futex resumed>)        = 0
[pid  3963] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3963] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3964] <... futex resumed>)        = 1
[  145.182464][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  145.190682][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  145.195956][ T3964] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  145.218204][ T3964] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3964] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3963] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3963] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3963] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3963] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3965], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3965
[pid  3963] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3965 attached
[pid  3965] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3965] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3965] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  145.227109][ T3964] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  145.227109][ T3964]   inode = 12 2341
[  145.227109][ T3964]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  145.246098][ T3964] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  145.255625][ T3964] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3964 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  145.265732][ T3964] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  145.274242][ T3964] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  145.281517][ T3964] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  145.290384][ T3964] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  145.298322][ T3964] gfs2: fsid=syz:syz.0: File system withdrawn
[  145.304547][ T3964] CPU: 0 PID: 3964 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  145.314977][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  145.325040][ T3964] Call Trace:
[  145.328307][ T3964]  <TASK>
[  145.331227][ T3964]  dump_stack_lvl+0x1b1/0x28e
[  145.335908][ T3964]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  145.341408][ T3964]  ? panic+0x710/0x710
[  145.345489][ T3964]  ? kobject_uevent_env+0x46b/0x8e0
[  145.350709][ T3964]  ? do_raw_spin_unlock+0x134/0x8a0
[  145.355902][ T3964]  gfs2_withdraw+0xf33/0x1540
[  145.360579][ T3964]  ? gfs2_lm+0x220/0x220
[  145.364813][ T3964]  ? gfs2_dirent_scan+0xb6/0x650
[  145.369753][ T3964]  ? panic+0x710/0x710
[  145.373829][ T3964]  ? gfs2_permission+0x2ff/0x430
[pid  3965] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3963] exit_group(0 <unfinished ...>
[pid  3965] <... futex resumed>)        = ?
[pid  3963] <... exit_group resumed>)   = ?
[pid  3965] +++ exited with 0 +++
[  145.378777][ T3964]  ? gfs2_consist_inode_i+0xf3/0x110
[  145.384056][ T3964]  gfs2_dirent_scan+0x535/0x650
[  145.388915][ T3964]  ? gfs2_dirent_search+0xb10/0xb10
[  145.394106][ T3964]  gfs2_dirent_search+0x2ea/0xb10
[  145.399136][ T3964]  ? gfs2_dirent_search+0xb10/0xb10
[  145.404366][ T3964]  ? gfs2_dir_search+0x2a0/0x2a0
[  145.409332][ T3964]  ? gfs2_permission+0x3bf/0x430
[  145.414284][ T3964]  gfs2_dir_search+0x8c/0x2a0
[  145.418965][ T3964]  ? do_filldir_main+0x530/0x530
[  145.423912][ T3964]  ? inode_go_held+0xe4/0x1f0
[  145.428602][ T3964]  ? gfs2_glock_wait+0x213/0x2a0
[  145.433543][ T3964]  gfs2_lookupi+0x465/0x650
[  145.438055][ T3964]  ? gfs2_lookup_simple+0x170/0x170
[  145.443260][ T3964]  ? __gfs2_lookup+0x8c/0x260
[  145.447943][ T3964]  __gfs2_lookup+0x8c/0x260
[  145.452443][ T3964]  ? gfs2_atomic_open+0x230/0x230
[  145.457473][ T3964]  ? __d_lookup+0x6a4/0x770
[  145.461978][ T3964]  ? d_hash_and_lookup+0x1c0/0x1c0
[  145.467093][ T3964]  gfs2_atomic_open+0xa4/0x230
[  145.471870][ T3964]  path_openat+0xf39/0x2df0
[  145.476371][ T3964]  ? gfs2_rename2+0x3000/0x3000
[  145.481223][ T3964]  ? do_filp_open+0x4f0/0x4f0
[  145.485899][ T3964]  do_filp_open+0x264/0x4f0
[  145.490402][ T3964]  ? vfs_tmpfile+0x490/0x490
[  145.495000][ T3964]  ? do_raw_spin_unlock+0x134/0x8a0
[  145.500204][ T3964]  ? _raw_spin_unlock+0x24/0x40
[  145.505063][ T3964]  ? alloc_fd+0x5a7/0x640
[  145.509388][ T3964]  do_sys_openat2+0x124/0x4e0
[  145.514055][ T3964]  ? print_irqtrace_events+0x220/0x220
[  145.519500][ T3964]  ? ptrace_stop+0x74d/0x970
[  145.524084][ T3964]  ? do_sys_open+0x220/0x220
[  145.528663][ T3964]  ? lockdep_hardirqs_on+0x8d/0x130
[  145.533855][ T3964]  ? _raw_spin_unlock_irq+0x2a/0x40
[  145.539043][ T3964]  ? ptrace_notify+0x245/0x340
[  145.543797][ T3964]  __x64_sys_openat+0x243/0x290
[  145.548658][ T3964]  ? __ia32_sys_open+0x270/0x270
[  145.553598][ T3964]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  145.559590][ T3964]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  145.565570][ T3964]  do_syscall_64+0x3d/0xb0
[  145.569984][ T3964]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  145.575879][ T3964] RIP: 0033:0x7fc8868064d9
[  145.580300][ T3964] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  145.599902][ T3964] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  145.608308][ T3964] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  145.616276][ T3964] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  145.624257][ T3964] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3964] <... openat resumed>)       = ?
[pid  3964] +++ exited with 0 +++
[pid  3963] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3963, si_uid=0, si_status=0, si_utime=1, si_stime=31} ---
umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./108/binderfs")                = 0
[  145.632243][ T3964] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  145.640218][ T3964] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  145.648190][ T3964]  </TASK>
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./108/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./108")                          = 0
mkdir("./109", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3966
./strace-static-x86_64: Process 3966 attached
[pid  3966] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3966] chdir("./109")              = 0
[pid  3966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3966] setpgid(0, 0)               = 0
[pid  3966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3966] write(3, "1000", 4)         = 4
[pid  3966] close(3)                    = 0
[pid  3966] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3966] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3966] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3966] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3967], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3967
[pid  3966] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3966] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3967 attached
 <unfinished ...>
[pid  3967] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3967] memfd_create("syzkaller", 0) = 3
[pid  3967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3967] munmap(0x7fc87e392000, 16777216) = 0
[pid  3967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3967] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3967] close(3)                    = 0
[pid  3967] mkdir("./file0", 0777)      = 0
[  145.944663][ T3967] loop0: detected capacity change from 0 to 32768
[  145.954442][ T3967] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  145.962904][ T3967] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  145.972917][ T3967] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  145.981886][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  145.988663][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3967] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3967] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3967] chdir("./file0")            = 0
[pid  3967] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3967] close(4)                    = 0
[pid  3967] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3966] <... futex resumed>)        = 0
[pid  3966] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3966] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3967] <... futex resumed>)        = 1
[pid  3967] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3967] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3966] <... futex resumed>)        = 0
[pid  3966] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3966] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3967] <... futex resumed>)        = 1
[  146.023500][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  146.031046][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  146.036299][ T3967] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  146.061122][ T3967] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3967] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3966] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3966] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3966] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3966] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3968], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3968
[pid  3966] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3968 attached
[  146.070293][ T3967] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  146.070293][ T3967]   inode = 12 2341
[  146.070293][ T3967]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  146.089138][ T3967] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  146.098938][ T3967] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3967 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  146.109021][ T3967] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3968] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3968] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3968] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  146.117824][ T3967] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  146.125164][ T3967] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  146.134048][ T3967] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  146.142247][ T3967] gfs2: fsid=syz:syz.0: File system withdrawn
[  146.148581][ T3967] CPU: 1 PID: 3967 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  146.159015][ T3967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  146.169087][ T3967] Call Trace:
[  146.172372][ T3967]  <TASK>
[  146.175295][ T3967]  dump_stack_lvl+0x1b1/0x28e
[  146.179967][ T3967]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  146.185425][ T3967]  ? panic+0x710/0x710
[  146.189484][ T3967]  ? kobject_uevent_env+0x46b/0x8e0
[  146.194942][ T3967]  ? do_raw_spin_unlock+0x134/0x8a0
[  146.200160][ T3967]  gfs2_withdraw+0xf33/0x1540
[  146.204856][ T3967]  ? gfs2_lm+0x220/0x220
[  146.209114][ T3967]  ? gfs2_dirent_scan+0xb6/0x650
[  146.214062][ T3967]  ? panic+0x710/0x710
[  146.218136][ T3967]  ? gfs2_permission+0x2ff/0x430
[pid  3968] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3966] exit_group(0 <unfinished ...>
[pid  3968] <... futex resumed>)        = ?
[pid  3966] <... exit_group resumed>)   = ?
[pid  3968] +++ exited with 0 +++
[  146.223069][ T3967]  ? gfs2_consist_inode_i+0xf3/0x110
[  146.228356][ T3967]  gfs2_dirent_scan+0x535/0x650
[  146.233224][ T3967]  ? gfs2_dirent_search+0xb10/0xb10
[  146.238426][ T3967]  gfs2_dirent_search+0x2ea/0xb10
[  146.243466][ T3967]  ? gfs2_dirent_search+0xb10/0xb10
[  146.248674][ T3967]  ? gfs2_dir_search+0x2a0/0x2a0
[  146.253699][ T3967]  ? gfs2_permission+0x3bf/0x430
[  146.258649][ T3967]  gfs2_dir_search+0x8c/0x2a0
[  146.263334][ T3967]  ? do_filldir_main+0x530/0x530
[  146.268290][ T3967]  ? inode_go_held+0xe4/0x1f0
[  146.272964][ T3967]  ? gfs2_glock_wait+0x213/0x2a0
[  146.277920][ T3967]  gfs2_lookupi+0x465/0x650
[  146.282440][ T3967]  ? gfs2_lookup_simple+0x170/0x170
[  146.287645][ T3967]  ? __gfs2_lookup+0x8c/0x260
[  146.292338][ T3967]  __gfs2_lookup+0x8c/0x260
[  146.296836][ T3967]  ? gfs2_atomic_open+0x230/0x230
[  146.301859][ T3967]  ? __d_lookup+0x6a4/0x770
[  146.306350][ T3967]  ? d_hash_and_lookup+0x1c0/0x1c0
[  146.311453][ T3967]  gfs2_atomic_open+0xa4/0x230
[  146.316213][ T3967]  path_openat+0xf39/0x2df0
[  146.320729][ T3967]  ? gfs2_rename2+0x3000/0x3000
[  146.325597][ T3967]  ? do_filp_open+0x4f0/0x4f0
[  146.330294][ T3967]  do_filp_open+0x264/0x4f0
[  146.334802][ T3967]  ? vfs_tmpfile+0x490/0x490
[  146.339409][ T3967]  ? do_raw_spin_unlock+0x134/0x8a0
[  146.344611][ T3967]  ? _raw_spin_unlock+0x24/0x40
[  146.349465][ T3967]  ? alloc_fd+0x5a7/0x640
[  146.353823][ T3967]  do_sys_openat2+0x124/0x4e0
[  146.358520][ T3967]  ? print_irqtrace_events+0x220/0x220
[  146.363967][ T3967]  ? ptrace_stop+0x74d/0x970
[  146.368550][ T3967]  ? do_sys_open+0x220/0x220
[  146.373147][ T3967]  ? lockdep_hardirqs_on+0x8d/0x130
[  146.378356][ T3967]  ? _raw_spin_unlock_irq+0x2a/0x40
[  146.383557][ T3967]  ? ptrace_notify+0x245/0x340
[  146.388321][ T3967]  __x64_sys_openat+0x243/0x290
[  146.393185][ T3967]  ? __ia32_sys_open+0x270/0x270
[  146.398117][ T3967]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  146.404097][ T3967]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  146.410085][ T3967]  do_syscall_64+0x3d/0xb0
[  146.414553][ T3967]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  146.420460][ T3967] RIP: 0033:0x7fc8868064d9
[  146.424869][ T3967] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  146.444472][ T3967] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  146.452891][ T3967] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  146.460864][ T3967] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3967] <... openat resumed>)       = ?
[pid  3967] +++ exited with 0 +++
[pid  3966] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3966, si_uid=0, si_status=0, si_utime=4, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./109/binderfs")                = 0
[  146.468828][ T3967] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  146.476793][ T3967] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  146.484769][ T3967] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  146.492757][ T3967]  </TASK>
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./109/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./109")                          = 0
mkdir("./110", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3969 attached
, child_tidptr=0x55555635f5d0) = 3969
[pid  3969] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3969] chdir("./110")              = 0
[pid  3969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3969] setpgid(0, 0)               = 0
[pid  3969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3969] write(3, "1000", 4)         = 4
[pid  3969] close(3)                    = 0
[pid  3969] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3969] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3969] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3969] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3970], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3970
[pid  3969] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3970 attached
[pid  3969] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3970] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3970] memfd_create("syzkaller", 0) = 3
[pid  3970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3970] munmap(0x7fc87e392000, 16777216) = 0
[pid  3970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3970] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3970] close(3)                    = 0
[pid  3970] mkdir("./file0", 0777)      = 0
[  146.791523][ T3970] loop0: detected capacity change from 0 to 32768
[  146.802553][ T3970] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  146.810799][ T3970] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  146.819731][ T3970] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  146.828422][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  146.835332][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3970] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3970] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3970] chdir("./file0")            = 0
[pid  3970] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3970] close(4)                    = 0
[pid  3970] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3969] <... futex resumed>)        = 0
[pid  3969] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3969] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3970] <... futex resumed>)        = 1
[pid  3970] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3970] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3969] <... futex resumed>)        = 0
[pid  3969] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3969] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3970] <... futex resumed>)        = 1
[  146.868786][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  146.877569][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  146.883089][ T3970] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  146.898177][ T3970] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  146.906697][ T3970] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  146.906697][ T3970]   inode = 12 2341
[pid  3970] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3969] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  146.906697][ T3970]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  146.925447][ T3970] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  146.934660][ T3970] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3970 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  146.944798][ T3970] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  146.953346][ T3970] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  146.960655][ T3970] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3969] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  146.969471][ T3970] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  146.976162][ T3970] gfs2: fsid=syz:syz.0: File system withdrawn
[  146.982392][ T3970] CPU: 0 PID: 3970 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  146.992816][ T3970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  147.002862][ T3970] Call Trace:
[  147.006131][ T3970]  <TASK>
[  147.009054][ T3970]  dump_stack_lvl+0x1b1/0x28e
[  147.013731][ T3970]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  147.019179][ T3970]  ? panic+0x710/0x710
[  147.023248][ T3970]  ? kobject_uevent_env+0x46b/0x8e0
[  147.028439][ T3970]  ? do_raw_spin_unlock+0x134/0x8a0
[  147.033637][ T3970]  gfs2_withdraw+0xf33/0x1540
[  147.038318][ T3970]  ? gfs2_lm+0x220/0x220
[  147.042550][ T3970]  ? gfs2_dirent_scan+0xb6/0x650
[  147.047483][ T3970]  ? panic+0x710/0x710
[  147.051543][ T3970]  ? gfs2_permission+0x2ff/0x430
[  147.056479][ T3970]  ? gfs2_consist_inode_i+0xf3/0x110
[  147.061759][ T3970]  gfs2_dirent_scan+0x535/0x650
[  147.066605][ T3970]  ? gfs2_dirent_search+0xb10/0xb10
[  147.071798][ T3970]  gfs2_dirent_search+0x2ea/0xb10
[  147.076822][ T3970]  ? gfs2_dirent_search+0xb10/0xb10
[  147.082019][ T3970]  ? gfs2_dir_search+0x2a0/0x2a0
[  147.086952][ T3970]  ? gfs2_permission+0x3bf/0x430
[  147.091890][ T3970]  gfs2_dir_search+0x8c/0x2a0
[  147.096564][ T3970]  ? do_filldir_main+0x530/0x530
[  147.101493][ T3970]  ? inode_go_held+0xe4/0x1f0
[  147.106168][ T3970]  ? gfs2_glock_wait+0x213/0x2a0
[  147.111099][ T3970]  gfs2_lookupi+0x465/0x650
[  147.115601][ T3970]  ? gfs2_lookup_simple+0x170/0x170
[  147.120794][ T3970]  ? __gfs2_lookup+0x8c/0x260
[  147.125471][ T3970]  __gfs2_lookup+0x8c/0x260
[  147.129971][ T3970]  ? gfs2_atomic_open+0x230/0x230
[  147.134989][ T3970]  ? __d_lookup+0x6a4/0x770
[  147.139483][ T3970]  ? d_hash_and_lookup+0x1c0/0x1c0
[  147.144585][ T3970]  gfs2_atomic_open+0xa4/0x230
[  147.149345][ T3970]  path_openat+0xf39/0x2df0
[  147.153845][ T3970]  ? gfs2_rename2+0x3000/0x3000
[  147.158701][ T3970]  ? do_filp_open+0x4f0/0x4f0
[  147.163379][ T3970]  do_filp_open+0x264/0x4f0
[  147.167877][ T3970]  ? vfs_tmpfile+0x490/0x490
[  147.172468][ T3970]  ? do_raw_spin_unlock+0x134/0x8a0
[  147.177665][ T3970]  ? _raw_spin_unlock+0x24/0x40
[  147.182514][ T3970]  ? alloc_fd+0x5a7/0x640
[  147.186855][ T3970]  do_sys_openat2+0x124/0x4e0
[  147.191530][ T3970]  ? print_irqtrace_events+0x220/0x220
[  147.196981][ T3970]  ? ptrace_stop+0x74d/0x970
[  147.201565][ T3970]  ? do_sys_open+0x220/0x220
[  147.206149][ T3970]  ? lockdep_hardirqs_on+0x8d/0x130
[  147.211343][ T3970]  ? _raw_spin_unlock_irq+0x2a/0x40
[  147.216539][ T3970]  ? ptrace_notify+0x245/0x340
[  147.221296][ T3970]  __x64_sys_openat+0x243/0x290
[  147.226144][ T3970]  ? __ia32_sys_open+0x270/0x270
[  147.231081][ T3970]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  147.237055][ T3970]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  147.243032][ T3970]  do_syscall_64+0x3d/0xb0
[  147.247441][ T3970]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  147.253326][ T3970] RIP: 0033:0x7fc8868064d9
[  147.257732][ T3970] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  147.277330][ T3970] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  147.285735][ T3970] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  147.293712][ T3970] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  147.301673][ T3970] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  147.309638][ T3970] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3969] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3969] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3971], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3971
[pid  3969] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3971 attached
[pid  3970] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3971] set_robust_list(0x7fc87f3919e0, 24 <unfinished ...>
[pid  3970] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3971] <... set_robust_list resumed>) = 0
[pid  3971] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  3970] <... futex resumed>)        = 0
[pid  3971] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3970] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3971] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3969] exit_group(0)               = ?
[pid  3971] <... futex resumed>)        = ?
[pid  3970] <... futex resumed>)        = ?
[pid  3971] +++ exited with 0 +++
[pid  3970] +++ exited with 0 +++
[pid  3969] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3969, si_uid=0, si_status=0, si_utime=0, si_stime=33} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./110/binderfs")                = 0
[  147.317689][ T3970] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  147.325664][ T3970]  </TASK>
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./110/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./110")                          = 0
mkdir("./111", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3972
./strace-static-x86_64: Process 3972 attached
[pid  3972] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3972] chdir("./111")              = 0
[pid  3972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3972] setpgid(0, 0)               = 0
[pid  3972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3972] write(3, "1000", 4)         = 4
[pid  3972] close(3)                    = 0
[pid  3972] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3972] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3972] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3972] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3973 attached
, parent_tid=[3973], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3973
[pid  3972] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3972] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3973] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3973] memfd_create("syzkaller", 0) = 3
[pid  3973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3973] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3973] munmap(0x7fc87e392000, 16777216) = 0
[pid  3973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3973] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3973] close(3)                    = 0
[pid  3973] mkdir("./file0", 0777)      = 0
[  147.626845][ T3973] loop0: detected capacity change from 0 to 32768
[  147.637616][ T3973] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  147.645853][ T3973] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  147.655538][ T3973] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  147.664228][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  147.671078][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3973] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3973] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3973] chdir("./file0")            = 0
[pid  3973] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3973] close(4)                    = 0
[pid  3973] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3972] <... futex resumed>)        = 0
[pid  3973] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3972] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3973] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3972] <... futex resumed>)        = 0
[pid  3973] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3972] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3973] <... futex resumed>)        = 0
[pid  3972] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3973] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3972] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3973] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3972] <... futex resumed>)        = 0
[pid  3973] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  147.709432][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  147.717161][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  147.722582][ T3973] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  147.741723][ T3973] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  147.750381][ T3973] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  3972] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[  147.750381][ T3973]   inode = 12 2341
[  147.750381][ T3973]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  147.769406][ T3973] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  147.778905][ T3973] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3973 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  147.789065][ T3973] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  147.797889][ T3973] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3972] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3972] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3972] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3974], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3974
[pid  3972] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3974 attached
[pid  3974] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3974] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3974] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  147.805556][ T3973] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  147.815104][ T3973] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  147.822405][ T3973] gfs2: fsid=syz:syz.0: File system withdrawn
[  147.828970][ T3973] CPU: 1 PID: 3973 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  147.839430][ T3973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  147.849492][ T3973] Call Trace:
[  147.852775][ T3973]  <TASK>
[  147.855700][ T3973]  dump_stack_lvl+0x1b1/0x28e
[  147.860374][ T3973]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  147.865838][ T3973]  ? panic+0x710/0x710
[  147.869916][ T3973]  ? kobject_uevent_env+0x46b/0x8e0
[  147.875118][ T3973]  ? do_raw_spin_unlock+0x134/0x8a0
[  147.880349][ T3973]  gfs2_withdraw+0xf33/0x1540
[  147.885061][ T3973]  ? gfs2_lm+0x220/0x220
[  147.889295][ T3973]  ? gfs2_dirent_scan+0xb6/0x650
[  147.894225][ T3973]  ? panic+0x710/0x710
[  147.898284][ T3973]  ? gfs2_permission+0x2ff/0x430
[  147.903228][ T3973]  ? gfs2_consist_inode_i+0xf3/0x110
[  147.908531][ T3973]  gfs2_dirent_scan+0x535/0x650
[  147.913406][ T3973]  ? gfs2_dirent_search+0xb10/0xb10
[  147.918615][ T3973]  gfs2_dirent_search+0x2ea/0xb10
[  147.923652][ T3973]  ? gfs2_dirent_search+0xb10/0xb10
[  147.928863][ T3973]  ? gfs2_dir_search+0x2a0/0x2a0
[  147.933910][ T3973]  ? gfs2_permission+0x3bf/0x430
[  147.939028][ T3973]  gfs2_dir_search+0x8c/0x2a0
[  147.943705][ T3973]  ? do_filldir_main+0x530/0x530
[  147.948639][ T3973]  ? inode_go_held+0xe4/0x1f0
[  147.953316][ T3973]  ? gfs2_glock_wait+0x213/0x2a0
[  147.958335][ T3973]  gfs2_lookupi+0x465/0x650
[  147.962838][ T3973]  ? gfs2_lookup_simple+0x170/0x170
[  147.968029][ T3973]  ? __gfs2_lookup+0x8c/0x260
[  147.972705][ T3973]  __gfs2_lookup+0x8c/0x260
[  147.977228][ T3973]  ? gfs2_atomic_open+0x230/0x230
[  147.982251][ T3973]  ? __d_lookup+0x6a4/0x770
[  147.986744][ T3973]  ? d_hash_and_lookup+0x1c0/0x1c0
[  147.991854][ T3973]  gfs2_atomic_open+0xa4/0x230
[  147.996618][ T3973]  path_openat+0xf39/0x2df0
[  148.001121][ T3973]  ? gfs2_rename2+0x3000/0x3000
[  148.006039][ T3973]  ? do_filp_open+0x4f0/0x4f0
[  148.010719][ T3973]  do_filp_open+0x264/0x4f0
[  148.015218][ T3973]  ? vfs_tmpfile+0x490/0x490
[  148.019810][ T3973]  ? do_raw_spin_unlock+0x134/0x8a0
[  148.025008][ T3973]  ? _raw_spin_unlock+0x24/0x40
[  148.029857][ T3973]  ? alloc_fd+0x5a7/0x640
[  148.034196][ T3973]  do_sys_openat2+0x124/0x4e0
[  148.038892][ T3973]  ? print_irqtrace_events+0x220/0x220
[  148.044345][ T3973]  ? ptrace_stop+0x74d/0x970
[  148.048935][ T3973]  ? do_sys_open+0x220/0x220
[  148.053524][ T3973]  ? lockdep_hardirqs_on+0x8d/0x130
[  148.058731][ T3973]  ? _raw_spin_unlock_irq+0x2a/0x40
[  148.063929][ T3973]  ? ptrace_notify+0x245/0x340
[  148.068689][ T3973]  __x64_sys_openat+0x243/0x290
[  148.073537][ T3973]  ? __ia32_sys_open+0x270/0x270
[  148.078473][ T3973]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  148.084447][ T3973]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  148.090428][ T3973]  do_syscall_64+0x3d/0xb0
[  148.094839][ T3973]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  148.100726][ T3973] RIP: 0033:0x7fc8868064d9
[  148.105132][ T3973] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  148.124732][ T3973] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  148.133136][ T3973] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  148.141096][ T3973] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  148.149057][ T3973] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3974] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3973] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3973] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3972] exit_group(0 <unfinished ...>
[pid  3973] ????( <unfinished ...>
[pid  3974] <... futex resumed>)        = ?
[pid  3973] <... ???? resumed>)         = ?
[pid  3972] <... exit_group resumed>)   = ?
[pid  3974] +++ exited with 0 +++
[pid  3973] +++ exited with 0 +++
[pid  3972] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3972, si_uid=0, si_status=0, si_utime=0, si_stime=32} ---
umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./111/binderfs")                = 0
[  148.157020][ T3973] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  148.164980][ T3973] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  148.172955][ T3973]  </TASK>
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./111/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./111")                          = 0
mkdir("./112", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3975 attached
, child_tidptr=0x55555635f5d0) = 3975
[pid  3975] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3975] chdir("./112")              = 0
[pid  3975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3975] setpgid(0, 0)               = 0
[pid  3975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3975] write(3, "1000", 4)         = 4
[pid  3975] close(3)                    = 0
[pid  3975] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3975] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3975] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3975] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3976], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3976
[pid  3975] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3975] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3976 attached
 <unfinished ...>
[pid  3976] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3976] memfd_create("syzkaller", 0) = 3
[pid  3976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3976] munmap(0x7fc87e392000, 16777216) = 0
[pid  3976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3976] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3976] close(3)                    = 0
[pid  3976] mkdir("./file0", 0777)      = 0
[  148.477798][ T3976] loop0: detected capacity change from 0 to 32768
[  148.488394][ T3976] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  148.496796][ T3976] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  148.506297][ T3976] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  148.514832][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  148.522060][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3976] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3976] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3976] chdir("./file0")            = 0
[pid  3976] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3976] close(4)                    = 0
[pid  3976] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3975] <... futex resumed>)        = 0
[pid  3976] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3975] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3976] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3975] <... futex resumed>)        = 0
[pid  3976] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3975] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3976] <... futex resumed>)        = 0
[pid  3975] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3976] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3975] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  148.560955][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  148.568543][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  148.573919][ T3976] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  148.586797][ T3976] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  148.595588][ T3976] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  148.595588][ T3976]   inode = 12 2341
[pid  3975] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3975] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3975] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3975] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3977], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3977
[  148.595588][ T3976]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  148.614470][ T3976] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  148.623570][ T3976] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3976 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  148.633770][ T3976] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  148.642521][ T3976] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  148.649800][ T3976] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[pid  3975] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3977 attached
[pid  3977] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3977] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3977] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  148.658730][ T3976] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  148.665391][ T3976] gfs2: fsid=syz:syz.0: File system withdrawn
[  148.671849][ T3976] CPU: 0 PID: 3976 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  148.682291][ T3976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  148.692360][ T3976] Call Trace:
[  148.695642][ T3976]  <TASK>
[  148.698564][ T3976]  dump_stack_lvl+0x1b1/0x28e
[  148.703253][ T3976]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  148.708703][ T3976]  ? panic+0x710/0x710
[  148.713199][ T3976]  ? kobject_uevent_env+0x46b/0x8e0
[  148.718397][ T3976]  ? do_raw_spin_unlock+0x134/0x8a0
[  148.723612][ T3976]  gfs2_withdraw+0xf33/0x1540
[  148.728308][ T3976]  ? gfs2_lm+0x220/0x220
[  148.732557][ T3976]  ? gfs2_dirent_scan+0xb6/0x650
[  148.737503][ T3976]  ? panic+0x710/0x710
[  148.741561][ T3976]  ? gfs2_permission+0x2ff/0x430
[  148.746505][ T3976]  ? gfs2_consist_inode_i+0xf3/0x110
[  148.751802][ T3976]  gfs2_dirent_scan+0x535/0x650
[  148.756663][ T3976]  ? gfs2_dirent_search+0xb10/0xb10
[  148.761876][ T3976]  gfs2_dirent_search+0x2ea/0xb10
[  148.766933][ T3976]  ? gfs2_dirent_search+0xb10/0xb10
[  148.772150][ T3976]  ? gfs2_dir_search+0x2a0/0x2a0
[  148.777080][ T3976]  ? gfs2_permission+0x3bf/0x430
[  148.782028][ T3976]  gfs2_dir_search+0x8c/0x2a0
[  148.786711][ T3976]  ? do_filldir_main+0x530/0x530
[  148.791649][ T3976]  ? inode_go_held+0xe4/0x1f0
[  148.796325][ T3976]  ? gfs2_glock_wait+0x213/0x2a0
[  148.801265][ T3976]  gfs2_lookupi+0x465/0x650
[  148.805769][ T3976]  ? gfs2_lookup_simple+0x170/0x170
[  148.810959][ T3976]  ? __gfs2_lookup+0x8c/0x260
[  148.815637][ T3976]  __gfs2_lookup+0x8c/0x260
[  148.820140][ T3976]  ? gfs2_atomic_open+0x230/0x230
[  148.825165][ T3976]  ? __d_lookup+0x6a4/0x770
[  148.829660][ T3976]  ? d_hash_and_lookup+0x1c0/0x1c0
[  148.834763][ T3976]  gfs2_atomic_open+0xa4/0x230
[  148.839524][ T3976]  path_openat+0xf39/0x2df0
[  148.844033][ T3976]  ? gfs2_rename2+0x3000/0x3000
[  148.848891][ T3976]  ? do_filp_open+0x4f0/0x4f0
[  148.853574][ T3976]  do_filp_open+0x264/0x4f0
[  148.858071][ T3976]  ? vfs_tmpfile+0x490/0x490
[  148.862662][ T3976]  ? do_raw_spin_unlock+0x134/0x8a0
[  148.867863][ T3976]  ? _raw_spin_unlock+0x24/0x40
[  148.872713][ T3976]  ? alloc_fd+0x5a7/0x640
[  148.877058][ T3976]  do_sys_openat2+0x124/0x4e0
[  148.881733][ T3976]  ? print_irqtrace_events+0x220/0x220
[  148.887186][ T3976]  ? ptrace_stop+0x74d/0x970
[  148.891770][ T3976]  ? do_sys_open+0x220/0x220
[  148.896353][ T3976]  ? lockdep_hardirqs_on+0x8d/0x130
[  148.901548][ T3976]  ? _raw_spin_unlock_irq+0x2a/0x40
[  148.906741][ T3976]  ? ptrace_notify+0x245/0x340
[  148.911495][ T3976]  __x64_sys_openat+0x243/0x290
[  148.916372][ T3976]  ? __ia32_sys_open+0x270/0x270
[  148.921312][ T3976]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  148.927287][ T3976]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  148.933262][ T3976]  do_syscall_64+0x3d/0xb0
[  148.937669][ T3976]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  148.943551][ T3976] RIP: 0033:0x7fc8868064d9
[  148.947956][ T3976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  148.967554][ T3976] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  148.975959][ T3976] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  148.983922][ T3976] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  148.991884][ T3976] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  148.999880][ T3976] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3977] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3976] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3976] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3975] exit_group(0 <unfinished ...>
[pid  3977] <... futex resumed>)        = ?
[pid  3975] <... exit_group resumed>)   = ?
[pid  3977] +++ exited with 0 +++
[pid  3976] +++ exited with 0 +++
[pid  3975] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3975, si_uid=0, si_status=0, si_utime=3, si_stime=29} ---
umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./112/binderfs")                = 0
[  149.007851][ T3976] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  149.015829][ T3976]  </TASK>
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./112/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./112")                          = 0
mkdir("./113", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3978
./strace-static-x86_64: Process 3978 attached
[pid  3978] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3978] chdir("./113")              = 0
[pid  3978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3978] setpgid(0, 0)               = 0
[pid  3978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3978] write(3, "1000", 4)         = 4
[pid  3978] close(3)                    = 0
[pid  3978] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3978] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3978] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3978] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3979 attached
, parent_tid=[3979], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3979
[pid  3979] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3979] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3978] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3978] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3979] <... futex resumed>)        = 0
[pid  3979] memfd_create("syzkaller", 0) = 3
[pid  3979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3979] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3979] munmap(0x7fc87e392000, 16777216) = 0
[pid  3979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3979] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3979] close(3)                    = 0
[pid  3979] mkdir("./file0", 0777)      = 0
[  149.338007][ T3979] loop0: detected capacity change from 0 to 32768
[  149.349728][ T3979] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  149.358697][ T3979] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  149.368151][ T3979] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  149.377072][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  149.384005][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3979] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3979] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3979] chdir("./file0")            = 0
[pid  3979] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3979] close(4)                    = 0
[pid  3979] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3978] <... futex resumed>)        = 0
[pid  3979] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3978] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3979] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3978] <... futex resumed>)        = 0
[pid  3979] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3978] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3979] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3979] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3978] <... futex resumed>)        = 0
[pid  3979] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3978] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3979] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3979] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3978] <... futex resumed>)        = 0
[  149.423007][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  149.431202][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  149.436469][ T3979] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  149.461441][ T3979] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  149.471169][ T3979] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  149.471169][ T3979]   inode = 12 2341
[  149.471169][ T3979]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  149.490479][ T3979] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  149.499548][ T3979] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3979 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  149.510500][ T3979] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3978] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3978] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3978] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3978] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3980], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3980
[pid  3978] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3980 attached
[pid  3980] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3980] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3980] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  149.518932][ T3979] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  149.526529][ T3979] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  149.535426][ T3979] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  149.543749][ T3979] gfs2: fsid=syz:syz.0: File system withdrawn
[  149.549837][ T3979] CPU: 0 PID: 3979 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  149.560264][ T3979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  149.570323][ T3979] Call Trace:
[  149.573603][ T3979]  <TASK>
[  149.576542][ T3979]  dump_stack_lvl+0x1b1/0x28e
[  149.581254][ T3979]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  149.587403][ T3979]  ? panic+0x710/0x710
[  149.591490][ T3979]  ? kobject_uevent_env+0x46b/0x8e0
[  149.596691][ T3979]  ? do_raw_spin_unlock+0x134/0x8a0
[  149.601906][ T3979]  gfs2_withdraw+0xf33/0x1540
[  149.606601][ T3979]  ? gfs2_lm+0x220/0x220
[  149.610836][ T3979]  ? gfs2_dirent_scan+0xb6/0x650
[  149.615767][ T3979]  ? panic+0x710/0x710
[  149.619832][ T3979]  ? gfs2_permission+0x2ff/0x430
[  149.624766][ T3979]  ? gfs2_consist_inode_i+0xf3/0x110
[  149.630056][ T3979]  gfs2_dirent_scan+0x535/0x650
[  149.634915][ T3979]  ? gfs2_dirent_search+0xb10/0xb10
[  149.640133][ T3979]  gfs2_dirent_search+0x2ea/0xb10
[  149.645151][ T3979]  ? gfs2_dirent_search+0xb10/0xb10
[  149.650347][ T3979]  ? gfs2_dir_search+0x2a0/0x2a0
[  149.655282][ T3979]  ? gfs2_permission+0x3bf/0x430
[  149.660254][ T3979]  gfs2_dir_search+0x8c/0x2a0
[  149.664938][ T3979]  ? do_filldir_main+0x530/0x530
[pid  3980] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3978] exit_group(0 <unfinished ...>
[pid  3980] <... futex resumed>)        = ?
[pid  3978] <... exit_group resumed>)   = ?
[pid  3980] +++ exited with 0 +++
[  149.669891][ T3979]  ? inode_go_held+0xe4/0x1f0
[  149.674578][ T3979]  ? gfs2_glock_wait+0x213/0x2a0
[  149.679516][ T3979]  gfs2_lookupi+0x465/0x650
[  149.684020][ T3979]  ? gfs2_lookup_simple+0x170/0x170
[  149.689215][ T3979]  ? __gfs2_lookup+0x8c/0x260
[  149.693907][ T3979]  __gfs2_lookup+0x8c/0x260
[  149.698508][ T3979]  ? gfs2_atomic_open+0x230/0x230
[  149.703537][ T3979]  ? __d_lookup+0x6a4/0x770
[  149.708042][ T3979]  ? d_hash_and_lookup+0x1c0/0x1c0
[  149.713158][ T3979]  gfs2_atomic_open+0xa4/0x230
[  149.717934][ T3979]  path_openat+0xf39/0x2df0
[  149.722434][ T3979]  ? gfs2_rename2+0x3000/0x3000
[  149.727285][ T3979]  ? do_filp_open+0x4f0/0x4f0
[  149.731959][ T3979]  do_filp_open+0x264/0x4f0
[  149.736460][ T3979]  ? vfs_tmpfile+0x490/0x490
[  149.741062][ T3979]  ? do_raw_spin_unlock+0x134/0x8a0
[  149.746267][ T3979]  ? _raw_spin_unlock+0x24/0x40
[  149.751127][ T3979]  ? alloc_fd+0x5a7/0x640
[  149.755457][ T3979]  do_sys_openat2+0x124/0x4e0
[  149.760134][ T3979]  ? print_irqtrace_events+0x220/0x220
[  149.765599][ T3979]  ? ptrace_stop+0x74d/0x970
[  149.770197][ T3979]  ? do_sys_open+0x220/0x220
[  149.774777][ T3979]  ? lockdep_hardirqs_on+0x8d/0x130
[  149.779968][ T3979]  ? _raw_spin_unlock_irq+0x2a/0x40
[  149.785257][ T3979]  ? ptrace_notify+0x245/0x340
[  149.790024][ T3979]  __x64_sys_openat+0x243/0x290
[  149.794880][ T3979]  ? __ia32_sys_open+0x270/0x270
[  149.799818][ T3979]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  149.805806][ T3979]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  149.811977][ T3979]  do_syscall_64+0x3d/0xb0
[  149.816384][ T3979]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  149.822278][ T3979] RIP: 0033:0x7fc8868064d9
[  149.826694][ T3979] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  149.846293][ T3979] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  149.854703][ T3979] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  149.862669][ T3979] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3979] <... openat resumed>)       = ?
[pid  3979] +++ exited with 0 +++
[pid  3978] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3978, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./113/binderfs")                = 0
[  149.870644][ T3979] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  149.878619][ T3979] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  149.886681][ T3979] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  149.894741][ T3979]  </TASK>
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./113/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./113")                          = 0
mkdir("./114", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3981
./strace-static-x86_64: Process 3981 attached
[pid  3981] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3981] chdir("./114")              = 0
[pid  3981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3981] setpgid(0, 0)               = 0
[pid  3981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3981] write(3, "1000", 4)         = 4
[pid  3981] close(3)                    = 0
[pid  3981] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3981] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3981] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3981] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3982], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3982
[pid  3981] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3981] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3982 attached
 <unfinished ...>
[pid  3982] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3982] memfd_create("syzkaller", 0) = 3
[pid  3982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3982] munmap(0x7fc87e392000, 16777216) = 0
[pid  3982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3982] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3982] close(3)                    = 0
[pid  3982] mkdir("./file0", 0777)      = 0
[  150.197258][ T3982] loop0: detected capacity change from 0 to 32768
[  150.208958][ T3982] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  150.217345][ T3982] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  150.226216][ T3982] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  150.234894][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  150.241987][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3982] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3982] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3982] chdir("./file0")            = 0
[pid  3982] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3982] close(4)                    = 0
[pid  3982] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3982] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3981] <... futex resumed>)        = 0
[pid  3981] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3982] <... futex resumed>)        = 0
[pid  3981] <... futex resumed>)        = 1
[pid  3982] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3981] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3982] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3982] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3981] <... futex resumed>)        = 0
[pid  3982] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3981] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3982] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3981] <... futex resumed>)        = 0
[pid  3982] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  150.282252][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[  150.289783][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  150.295118][ T3982] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  150.316703][ T3982] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3981] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3981] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3981] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[  150.325993][ T3982] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  150.325993][ T3982]   inode = 12 2341
[  150.325993][ T3982]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  150.344730][ T3982] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  150.353953][ T3982] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3982 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  150.364795][ T3982] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  150.373346][ T3982] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  3981] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3983], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3983
[pid  3981] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3983 attached
[pid  3983] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3983] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3983] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  150.381245][ T3982] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  150.390901][ T3982] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  150.397448][ T3982] gfs2: fsid=syz:syz.0: File system withdrawn
[  150.403631][ T3982] CPU: 1 PID: 3982 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  150.414061][ T3982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  150.424146][ T3982] Call Trace:
[  150.427429][ T3982]  <TASK>
[  150.430367][ T3982]  dump_stack_lvl+0x1b1/0x28e
[  150.435064][ T3982]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  150.440541][ T3982]  ? panic+0x710/0x710
[  150.444607][ T3982]  ? kobject_uevent_env+0x46b/0x8e0
[  150.449805][ T3982]  ? do_raw_spin_unlock+0x134/0x8a0
[  150.455021][ T3982]  gfs2_withdraw+0xf33/0x1540
[  150.459726][ T3982]  ? gfs2_lm+0x220/0x220
[  150.463964][ T3982]  ? gfs2_dirent_scan+0xb6/0x650
[  150.468910][ T3982]  ? panic+0x710/0x710
[  150.472999][ T3982]  ? gfs2_permission+0x2ff/0x430
[  150.477953][ T3982]  ? gfs2_consist_inode_i+0xf3/0x110
[  150.483247][ T3982]  gfs2_dirent_scan+0x535/0x650
[  150.488122][ T3982]  ? gfs2_dirent_search+0xb10/0xb10
[  150.493341][ T3982]  gfs2_dirent_search+0x2ea/0xb10
[  150.498398][ T3982]  ? gfs2_dirent_search+0xb10/0xb10
[  150.503625][ T3982]  ? gfs2_dir_search+0x2a0/0x2a0
[  150.508560][ T3982]  ? gfs2_permission+0x3bf/0x430
[  150.514105][ T3982]  gfs2_dir_search+0x8c/0x2a0
[  150.519048][ T3982]  ? do_filldir_main+0x530/0x530
[  150.525111][ T3982]  ? inode_go_held+0xe4/0x1f0
[  150.529784][ T3982]  ? gfs2_glock_wait+0x213/0x2a0
[  150.534714][ T3982]  gfs2_lookupi+0x465/0x650
[  150.539217][ T3982]  ? gfs2_lookup_simple+0x170/0x170
[  150.544412][ T3982]  ? __gfs2_lookup+0x8c/0x260
[  150.549088][ T3982]  __gfs2_lookup+0x8c/0x260
[  150.553590][ T3982]  ? gfs2_atomic_open+0x230/0x230
[  150.558612][ T3982]  ? __d_lookup+0x6a4/0x770
[  150.563104][ T3982]  ? d_hash_and_lookup+0x1c0/0x1c0
[  150.568227][ T3982]  gfs2_atomic_open+0xa4/0x230
[  150.573023][ T3982]  path_openat+0xf39/0x2df0
[  150.577535][ T3982]  ? gfs2_rename2+0x3000/0x3000
[  150.582413][ T3982]  ? do_filp_open+0x4f0/0x4f0
[  150.587117][ T3982]  do_filp_open+0x264/0x4f0
[  150.591622][ T3982]  ? vfs_tmpfile+0x490/0x490
[  150.596217][ T3982]  ? do_raw_spin_unlock+0x134/0x8a0
[  150.601420][ T3982]  ? _raw_spin_unlock+0x24/0x40
[  150.606267][ T3982]  ? alloc_fd+0x5a7/0x640
[  150.610598][ T3982]  do_sys_openat2+0x124/0x4e0
[  150.615297][ T3982]  ? print_irqtrace_events+0x220/0x220
[  150.620917][ T3982]  ? ptrace_stop+0x74d/0x970
[  150.625532][ T3982]  ? do_sys_open+0x220/0x220
[  150.630134][ T3982]  ? lockdep_hardirqs_on+0x8d/0x130
[  150.635330][ T3982]  ? _raw_spin_unlock_irq+0x2a/0x40
[  150.640528][ T3982]  ? ptrace_notify+0x245/0x340
[  150.645282][ T3982]  __x64_sys_openat+0x243/0x290
[  150.650131][ T3982]  ? __ia32_sys_open+0x270/0x270
[  150.655063][ T3982]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  150.661040][ T3982]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  150.667016][ T3982]  do_syscall_64+0x3d/0xb0
[  150.671427][ T3982]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  150.677311][ T3982] RIP: 0033:0x7fc8868064d9
[  150.681717][ T3982] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  150.701321][ T3982] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  150.709729][ T3982] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  150.717784][ T3982] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  150.725758][ T3982] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3983] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3982] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3982] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3982] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3981] exit_group(0)               = ?
[pid  3982] <... futex resumed>)        = ?
[pid  3983] <... futex resumed>)        = ?
[pid  3982] +++ exited with 0 +++
[pid  3983] +++ exited with 0 +++
[pid  3981] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3981, si_uid=0, si_status=0, si_utime=3, si_stime=27} ---
umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./114/binderfs")                = 0
[  150.733722][ T3982] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  150.741689][ T3982] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  150.749664][ T3982]  </TASK>
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./114/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./114")                          = 0
mkdir("./115", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3984
./strace-static-x86_64: Process 3984 attached
[pid  3984] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3984] chdir("./115")              = 0
[pid  3984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3984] setpgid(0, 0)               = 0
[pid  3984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3984] write(3, "1000", 4)         = 4
[pid  3984] close(3)                    = 0
[pid  3984] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3984] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3984] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3984] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3985 attached
, parent_tid=[3985], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3985
[pid  3984] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3985] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3984] <... futex resumed>)        = 0
[pid  3985] <... set_robust_list resumed>) = 0
[pid  3984] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3985] memfd_create("syzkaller", 0) = 3
[pid  3985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3985] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3985] munmap(0x7fc87e392000, 16777216) = 0
[pid  3985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3985] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3985] close(3)                    = 0
[pid  3985] mkdir("./file0", 0777)      = 0
[  151.045257][ T3985] loop0: detected capacity change from 0 to 32768
[  151.056620][ T3985] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  151.065360][ T3985] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  151.074903][ T3985] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  151.083995][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  151.090831][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3985] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3985] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3985] chdir("./file0")            = 0
[pid  3985] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3985] close(4)                    = 0
[pid  3985] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3984] <... futex resumed>)        = 0
[pid  3984] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3984] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3985] <... futex resumed>)        = 1
[pid  3985] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3985] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3984] <... futex resumed>)        = 0
[pid  3984] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3984] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3985] <... futex resumed>)        = 1
[  151.125994][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  151.133526][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  151.138775][ T3985] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  151.160638][ T3985] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3985] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3984] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3984] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3984] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3984] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3986], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3986
[pid  3984] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3986 attached
[pid  3986] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3986] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3986] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  151.169437][ T3985] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  151.169437][ T3985]   inode = 12 2341
[  151.169437][ T3985]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  151.188646][ T3985] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  151.198019][ T3985] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3985 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  151.208609][ T3985] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  151.217622][ T3985] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  151.225600][ T3985] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  151.234407][ T3985] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  151.242339][ T3985] gfs2: fsid=syz:syz.0: File system withdrawn
[  151.248420][ T3985] CPU: 0 PID: 3985 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  151.258825][ T3985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  151.268885][ T3985] Call Trace:
[  151.272156][ T3985]  <TASK>
[  151.275077][ T3985]  dump_stack_lvl+0x1b1/0x28e
[  151.279746][ T3985]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  151.285236][ T3985]  ? panic+0x710/0x710
[  151.289305][ T3985]  ? kobject_uevent_env+0x46b/0x8e0
[  151.294504][ T3985]  ? do_raw_spin_unlock+0x134/0x8a0
[  151.299726][ T3985]  gfs2_withdraw+0xf33/0x1540
[  151.304423][ T3985]  ? gfs2_lm+0x220/0x220
[  151.308666][ T3985]  ? gfs2_dirent_scan+0xb6/0x650
[  151.313621][ T3985]  ? panic+0x710/0x710
[  151.317703][ T3985]  ? gfs2_permission+0x2ff/0x430
[pid  3986] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3984] exit_group(0 <unfinished ...>
[pid  3986] <... futex resumed>)        = ?
[pid  3984] <... exit_group resumed>)   = ?
[pid  3986] +++ exited with 0 +++
[  151.322680][ T3985]  ? gfs2_consist_inode_i+0xf3/0x110
[  151.328007][ T3985]  gfs2_dirent_scan+0x535/0x650
[  151.332856][ T3985]  ? gfs2_dirent_search+0xb10/0xb10
[  151.338067][ T3985]  gfs2_dirent_search+0x2ea/0xb10
[  151.343102][ T3985]  ? gfs2_dirent_search+0xb10/0xb10
[  151.348317][ T3985]  ? gfs2_dir_search+0x2a0/0x2a0
[  151.353253][ T3985]  ? gfs2_permission+0x3bf/0x430
[  151.358227][ T3985]  gfs2_dir_search+0x8c/0x2a0
[  151.362920][ T3985]  ? do_filldir_main+0x530/0x530
[  151.367872][ T3985]  ? inode_go_held+0xe4/0x1f0
[  151.372561][ T3985]  ? gfs2_glock_wait+0x213/0x2a0
[  151.377499][ T3985]  gfs2_lookupi+0x465/0x650
[  151.382018][ T3985]  ? gfs2_lookup_simple+0x170/0x170
[  151.387222][ T3985]  ? __gfs2_lookup+0x8c/0x260
[  151.391910][ T3985]  __gfs2_lookup+0x8c/0x260
[  151.396407][ T3985]  ? gfs2_atomic_open+0x230/0x230
[  151.401424][ T3985]  ? __d_lookup+0x6a4/0x770
[  151.405915][ T3985]  ? d_hash_and_lookup+0x1c0/0x1c0
[  151.411017][ T3985]  gfs2_atomic_open+0xa4/0x230
[  151.415774][ T3985]  path_openat+0xf39/0x2df0
[  151.421227][ T3985]  ? gfs2_rename2+0x3000/0x3000
[  151.426077][ T3985]  ? do_filp_open+0x4f0/0x4f0
[  151.430750][ T3985]  do_filp_open+0x264/0x4f0
[  151.435250][ T3985]  ? vfs_tmpfile+0x490/0x490
[  151.439854][ T3985]  ? do_raw_spin_unlock+0x134/0x8a0
[  151.445057][ T3985]  ? _raw_spin_unlock+0x24/0x40
[  151.449917][ T3985]  ? alloc_fd+0x5a7/0x640
[  151.454244][ T3985]  do_sys_openat2+0x124/0x4e0
[  151.458911][ T3985]  ? print_irqtrace_events+0x220/0x220
[  151.464365][ T3985]  ? ptrace_stop+0x74d/0x970
[  151.468961][ T3985]  ? do_sys_open+0x220/0x220
[  151.473545][ T3985]  ? lockdep_hardirqs_on+0x8d/0x130
[  151.478732][ T3985]  ? _raw_spin_unlock_irq+0x2a/0x40
[  151.483937][ T3985]  ? ptrace_notify+0x245/0x340
[  151.488689][ T3985]  __x64_sys_openat+0x243/0x290
[  151.493530][ T3985]  ? __ia32_sys_open+0x270/0x270
[  151.498470][ T3985]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  151.504458][ T3985]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  151.510428][ T3985]  do_syscall_64+0x3d/0xb0
[  151.514831][ T3985]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  151.520721][ T3985] RIP: 0033:0x7fc8868064d9
[  151.525138][ T3985] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  151.544733][ T3985] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  151.553138][ T3985] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  151.561098][ T3985] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  151.569059][ T3985] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  3985] <... openat resumed>)       = ?
[pid  3985] +++ exited with 0 +++
[pid  3984] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3984, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./115/binderfs")                = 0
[  151.577029][ T3985] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  151.585011][ T3985] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  151.592999][ T3985]  </TASK>
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./115/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./115")                          = 0
mkdir("./116", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3987
./strace-static-x86_64: Process 3987 attached
[pid  3987] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3987] chdir("./116")              = 0
[pid  3987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3987] setpgid(0, 0)               = 0
[pid  3987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3987] write(3, "1000", 4)         = 4
[pid  3987] close(3)                    = 0
[pid  3987] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3987] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3987] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3987] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3988], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3988
[pid  3987] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3987] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3988 attached
 <unfinished ...>
[pid  3988] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3988] memfd_create("syzkaller", 0) = 3
[pid  3988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3988] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3988] munmap(0x7fc87e392000, 16777216) = 0
[pid  3988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3988] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3988] close(3)                    = 0
[pid  3988] mkdir("./file0", 0777)      = 0
[  151.898615][ T3988] loop0: detected capacity change from 0 to 32768
[  151.908233][ T3988] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  151.916836][ T3988] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  151.926469][ T3988] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  151.935006][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  151.941931][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3988] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3988] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3988] chdir("./file0")            = 0
[pid  3988] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3988] close(4)                    = 0
[pid  3988] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3987] <... futex resumed>)        = 0
[pid  3987] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3987] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3988] <... futex resumed>)        = 1
[pid  3988] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3988] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3987] <... futex resumed>)        = 0
[pid  3987] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3987] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3988] <... futex resumed>)        = 1
[  151.982678][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[  151.990260][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  151.995506][ T3988] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  152.019640][ T3988] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  3988] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3987] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3987] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3987] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3987] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3989], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3989
[pid  3987] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3989 attached
[pid  3989] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3989] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3989] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  152.028501][ T3988] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  152.028501][ T3988]   inode = 12 2341
[  152.028501][ T3988]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  152.048097][ T3988] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  152.057441][ T3988] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3988 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  152.068365][ T3988] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  152.077084][ T3988] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  152.084342][ T3988] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  152.093172][ T3988] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  152.101247][ T3988] gfs2: fsid=syz:syz.0: File system withdrawn
[  152.107316][ T3988] CPU: 0 PID: 3988 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  152.117731][ T3988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  152.127789][ T3988] Call Trace:
[  152.131060][ T3988]  <TASK>
[  152.133979][ T3988]  dump_stack_lvl+0x1b1/0x28e
[  152.138745][ T3988]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  152.145253][ T3988]  ? panic+0x710/0x710
[  152.149312][ T3988]  ? kobject_uevent_env+0x46b/0x8e0
[  152.154512][ T3988]  ? do_raw_spin_unlock+0x134/0x8a0
[  152.159718][ T3988]  gfs2_withdraw+0xf33/0x1540
[  152.164413][ T3988]  ? gfs2_lm+0x220/0x220
[  152.168641][ T3988]  ? gfs2_dirent_scan+0xb6/0x650
[  152.173675][ T3988]  ? panic+0x710/0x710
[  152.177747][ T3988]  ? gfs2_permission+0x2ff/0x430
[pid  3989] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3987] exit_group(0 <unfinished ...>
[pid  3989] <... futex resumed>)        = ?
[pid  3987] <... exit_group resumed>)   = ?
[pid  3989] +++ exited with 0 +++
[  152.182677][ T3988]  ? gfs2_consist_inode_i+0xf3/0x110
[  152.187966][ T3988]  gfs2_dirent_scan+0x535/0x650
[  152.192826][ T3988]  ? gfs2_dirent_search+0xb10/0xb10
[  152.198020][ T3988]  gfs2_dirent_search+0x2ea/0xb10
[  152.203051][ T3988]  ? gfs2_dirent_search+0xb10/0xb10
[  152.208262][ T3988]  ? gfs2_dir_search+0x2a0/0x2a0
[  152.213192][ T3988]  ? gfs2_permission+0x3bf/0x430
[  152.218146][ T3988]  gfs2_dir_search+0x8c/0x2a0
[  152.222825][ T3988]  ? do_filldir_main+0x530/0x530
[  152.227756][ T3988]  ? inode_go_held+0xe4/0x1f0
[  152.232426][ T3988]  ? gfs2_glock_wait+0x213/0x2a0
[  152.237380][ T3988]  gfs2_lookupi+0x465/0x650
[  152.241896][ T3988]  ? gfs2_lookup_simple+0x170/0x170
[  152.247132][ T3988]  ? __gfs2_lookup+0x8c/0x260
[  152.251816][ T3988]  __gfs2_lookup+0x8c/0x260
[  152.256312][ T3988]  ? gfs2_atomic_open+0x230/0x230
[  152.261332][ T3988]  ? __d_lookup+0x6a4/0x770
[  152.265822][ T3988]  ? d_hash_and_lookup+0x1c0/0x1c0
[  152.270933][ T3988]  gfs2_atomic_open+0xa4/0x230
[  152.275695][ T3988]  path_openat+0xf39/0x2df0
[  152.280204][ T3988]  ? gfs2_rename2+0x3000/0x3000
[  152.285081][ T3988]  ? do_filp_open+0x4f0/0x4f0
[  152.289760][ T3988]  do_filp_open+0x264/0x4f0
[  152.294266][ T3988]  ? vfs_tmpfile+0x490/0x490
[  152.298868][ T3988]  ? do_raw_spin_unlock+0x134/0x8a0
[  152.304061][ T3988]  ? _raw_spin_unlock+0x24/0x40
[  152.308904][ T3988]  ? alloc_fd+0x5a7/0x640
[  152.313252][ T3988]  do_sys_openat2+0x124/0x4e0
[  152.317943][ T3988]  ? print_irqtrace_events+0x220/0x220
[  152.323393][ T3988]  ? ptrace_stop+0x74d/0x970
[  152.327977][ T3988]  ? do_sys_open+0x220/0x220
[  152.332567][ T3988]  ? lockdep_hardirqs_on+0x8d/0x130
[  152.337774][ T3988]  ? _raw_spin_unlock_irq+0x2a/0x40
[  152.343001][ T3988]  ? ptrace_notify+0x245/0x340
[  152.347771][ T3988]  __x64_sys_openat+0x243/0x290
[  152.352632][ T3988]  ? __ia32_sys_open+0x270/0x270
[  152.357579][ T3988]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  152.363572][ T3988]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  152.369562][ T3988]  do_syscall_64+0x3d/0xb0
[  152.373983][ T3988]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  152.379886][ T3988] RIP: 0033:0x7fc8868064d9
[  152.384290][ T3988] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  152.403893][ T3988] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  152.412305][ T3988] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  152.420357][ T3988] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3988] <... openat resumed>)       = ?
[pid  3988] +++ exited with 0 +++
[pid  3987] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3987, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./116/binderfs")                = 0
[  152.428318][ T3988] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  152.436281][ T3988] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  152.444254][ T3988] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  152.452253][ T3988]  </TASK>
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./116/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./116")                          = 0
mkdir("./117", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3990
./strace-static-x86_64: Process 3990 attached
[pid  3990] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3990] chdir("./117")              = 0
[pid  3990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3990] setpgid(0, 0)               = 0
[pid  3990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3990] write(3, "1000", 4)         = 4
[pid  3990] close(3)                    = 0
[pid  3990] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3990] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3990] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3990] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 3991 attached
 <unfinished ...>
[pid  3991] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  3990] <... clone resumed>, parent_tid=[3991], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3991
[pid  3990] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3990] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  3991] <... set_robust_list resumed>) = 0
[pid  3991] memfd_create("syzkaller", 0) = 3
[pid  3991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3991] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3991] munmap(0x7fc87e392000, 16777216) = 0
[pid  3991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3991] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3991] close(3)                    = 0
[pid  3991] mkdir("./file0", 0777)      = 0
[  152.755403][ T3991] loop0: detected capacity change from 0 to 32768
[  152.767124][ T3991] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  152.775379][ T3991] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  152.784531][ T3991] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  152.793899][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  152.800748][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3991] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3991] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3991] chdir("./file0")            = 0
[pid  3991] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3991] close(4)                    = 0
[pid  3991] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3991] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3990] <... futex resumed>)        = 0
[pid  3990] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3991] <... futex resumed>)        = 0
[pid  3990] <... futex resumed>)        = 1
[pid  3991] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3990] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3991] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3991] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3990] <... futex resumed>)        = 0
[pid  3991] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3990] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  152.840108][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  152.848941][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  152.854354][ T3991] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  152.879453][ T3991] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  152.888820][ T3991] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  152.888820][ T3991]   inode = 12 2341
[  152.888820][ T3991]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  152.907962][ T3991] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  152.917786][ T3991] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3991 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  152.928115][ T3991] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[pid  3990] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  3990] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3990] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3990] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3992], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3992
[pid  3990] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3992 attached
[pid  3992] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3992] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3992] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  152.936790][ T3991] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  152.944793][ T3991] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  152.954149][ T3991] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  152.960991][ T3991] gfs2: fsid=syz:syz.0: File system withdrawn
[  152.967089][ T3991] CPU: 1 PID: 3991 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  152.977513][ T3991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  152.987561][ T3991] Call Trace:
[  152.990842][ T3991]  <TASK>
[  152.993887][ T3991]  dump_stack_lvl+0x1b1/0x28e
[  152.998575][ T3991]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  153.004037][ T3991]  ? panic+0x710/0x710
[  153.008185][ T3991]  ? kobject_uevent_env+0x46b/0x8e0
[  153.013384][ T3991]  ? do_raw_spin_unlock+0x134/0x8a0
[  153.018594][ T3991]  gfs2_withdraw+0xf33/0x1540
[  153.023290][ T3991]  ? gfs2_lm+0x220/0x220
[  153.027553][ T3991]  ? gfs2_dirent_scan+0xb6/0x650
[  153.032519][ T3991]  ? panic+0x710/0x710
[pid  3992] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3990] exit_group(0 <unfinished ...>
[pid  3992] <... futex resumed>)        = ?
[pid  3990] <... exit_group resumed>)   = ?
[pid  3992] +++ exited with 0 +++
[  153.036578][ T3991]  ? gfs2_permission+0x2ff/0x430
[  153.041533][ T3991]  ? gfs2_consist_inode_i+0xf3/0x110
[  153.046830][ T3991]  gfs2_dirent_scan+0x535/0x650
[  153.051691][ T3991]  ? gfs2_dirent_search+0xb10/0xb10
[  153.056887][ T3991]  gfs2_dirent_search+0x2ea/0xb10
[  153.061915][ T3991]  ? gfs2_dirent_search+0xb10/0xb10
[  153.067130][ T3991]  ? gfs2_dir_search+0x2a0/0x2a0
[  153.072078][ T3991]  ? gfs2_permission+0x3bf/0x430
[  153.077030][ T3991]  gfs2_dir_search+0x8c/0x2a0
[  153.081728][ T3991]  ? do_filldir_main+0x530/0x530
[  153.086669][ T3991]  ? inode_go_held+0xe4/0x1f0
[  153.091357][ T3991]  ? gfs2_glock_wait+0x213/0x2a0
[  153.096307][ T3991]  gfs2_lookupi+0x465/0x650
[  153.100821][ T3991]  ? gfs2_lookup_simple+0x170/0x170
[  153.106015][ T3991]  ? __gfs2_lookup+0x8c/0x260
[  153.110690][ T3991]  __gfs2_lookup+0x8c/0x260
[  153.115185][ T3991]  ? gfs2_atomic_open+0x230/0x230
[  153.120213][ T3991]  ? __d_lookup+0x6a4/0x770
[  153.124718][ T3991]  ? d_hash_and_lookup+0x1c0/0x1c0
[  153.129822][ T3991]  gfs2_atomic_open+0xa4/0x230
[  153.134679][ T3991]  path_openat+0xf39/0x2df0
[  153.139191][ T3991]  ? gfs2_rename2+0x3000/0x3000
[  153.144041][ T3991]  ? do_filp_open+0x4f0/0x4f0
[  153.148727][ T3991]  do_filp_open+0x264/0x4f0
[  153.153325][ T3991]  ? vfs_tmpfile+0x490/0x490
[  153.157908][ T3991]  ? do_raw_spin_unlock+0x134/0x8a0
[  153.163099][ T3991]  ? _raw_spin_unlock+0x24/0x40
[  153.167949][ T3991]  ? alloc_fd+0x5a7/0x640
[  153.172278][ T3991]  do_sys_openat2+0x124/0x4e0
[  153.176948][ T3991]  ? print_irqtrace_events+0x220/0x220
[  153.182395][ T3991]  ? ptrace_stop+0x74d/0x970
[  153.186987][ T3991]  ? do_sys_open+0x220/0x220
[  153.191619][ T3991]  ? lockdep_hardirqs_on+0x8d/0x130
[  153.196901][ T3991]  ? _raw_spin_unlock_irq+0x2a/0x40
[  153.202103][ T3991]  ? ptrace_notify+0x245/0x340
[  153.206873][ T3991]  __x64_sys_openat+0x243/0x290
[  153.211727][ T3991]  ? __ia32_sys_open+0x270/0x270
[  153.216680][ T3991]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  153.222655][ T3991]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  153.228648][ T3991]  do_syscall_64+0x3d/0xb0
[  153.233057][ T3991]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  153.238941][ T3991] RIP: 0033:0x7fc8868064d9
[  153.243442][ T3991] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  153.263064][ T3991] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  153.271469][ T3991] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  153.281167][ T3991] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  3991] <... openat resumed>)       = ?
[pid  3991] +++ exited with 0 +++
[pid  3990] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3990, si_uid=0, si_status=0, si_utime=0, si_stime=32} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./117/binderfs")                = 0
[  153.289130][ T3991] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  153.297099][ T3991] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  153.305079][ T3991] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  153.313066][ T3991]  </TASK>
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./117/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./117")                          = 0
mkdir("./118", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3993
./strace-static-x86_64: Process 3993 attached
[pid  3993] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3993] chdir("./118")              = 0
[pid  3993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3993] setpgid(0, 0)               = 0
[pid  3993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3993] write(3, "1000", 4)         = 4
[pid  3993] close(3)                    = 0
[pid  3993] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3993] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3993] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3993] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3994], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3994
[pid  3993] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3993] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3994 attached
 <unfinished ...>
[pid  3994] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3994] memfd_create("syzkaller", 0) = 3
[pid  3994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3994] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3994] munmap(0x7fc87e392000, 16777216) = 0
[pid  3994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3994] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3994] close(3)                    = 0
[pid  3994] mkdir("./file0", 0777)      = 0
[  153.607926][ T3994] loop0: detected capacity change from 0 to 32768
[  153.620704][ T3994] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  153.628972][ T3994] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  153.638105][ T3994] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  153.646732][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  153.653669][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3994] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3994] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3994] chdir("./file0")            = 0
[pid  3994] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3994] close(4)                    = 0
[pid  3994] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3993] <... futex resumed>)        = 0
[pid  3994] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3993] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3994] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3993] <... futex resumed>)        = 0
[pid  3994] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  3993] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3994] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3994] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  3993] <... futex resumed>)        = 0
[pid  3994] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3993] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3994] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  3993] <... futex resumed>)        = 0
[pid  3993] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  153.691072][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  153.699766][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  153.705278][ T3994] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  153.738773][ T3994] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  153.747365][ T3994] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  153.747365][ T3994]   inode = 12 2341
[  153.747365][ T3994]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  153.766494][ T3994] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  153.776052][ T3994] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3994 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  3994] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3993] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3993] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3993] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3993] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3995], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3995
[pid  3993] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3995 attached
[pid  3995] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3995] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3995] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  153.786129][ T3994] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  153.794646][ T3994] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  153.801931][ T3994] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  153.810747][ T3994] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  153.818598][ T3994] gfs2: fsid=syz:syz.0: File system withdrawn
[  153.824777][ T3994] CPU: 0 PID: 3994 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  153.835205][ T3994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  153.845264][ T3994] Call Trace:
[  153.848533][ T3994]  <TASK>
[  153.851455][ T3994]  dump_stack_lvl+0x1b1/0x28e
[  153.856137][ T3994]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  153.861611][ T3994]  ? panic+0x710/0x710
[  153.865684][ T3994]  ? kobject_uevent_env+0x46b/0x8e0
[  153.870874][ T3994]  ? do_raw_spin_unlock+0x134/0x8a0
[  153.876075][ T3994]  gfs2_withdraw+0xf33/0x1540
[  153.880755][ T3994]  ? gfs2_lm+0x220/0x220
[  153.884988][ T3994]  ? gfs2_dirent_scan+0xb6/0x650
[  153.889926][ T3994]  ? panic+0x710/0x710
[  153.893996][ T3994]  ? gfs2_permission+0x2ff/0x430
[  153.898939][ T3994]  ? gfs2_consist_inode_i+0xf3/0x110
[  153.904230][ T3994]  gfs2_dirent_scan+0x535/0x650
[  153.909095][ T3994]  ? gfs2_dirent_search+0xb10/0xb10
[  153.914311][ T3994]  gfs2_dirent_search+0x2ea/0xb10
[  153.919344][ T3994]  ? gfs2_dirent_search+0xb10/0xb10
[  153.925519][ T3994]  ? gfs2_dir_search+0x2a0/0x2a0
[  153.930888][ T3994]  ? gfs2_permission+0x3bf/0x430
[  153.935836][ T3994]  gfs2_dir_search+0x8c/0x2a0
[  153.940514][ T3994]  ? do_filldir_main+0x530/0x530
[  153.945447][ T3994]  ? inode_go_held+0xe4/0x1f0
[  153.950132][ T3994]  ? gfs2_glock_wait+0x213/0x2a0
[  153.955060][ T3994]  gfs2_lookupi+0x465/0x650
[  153.959560][ T3994]  ? gfs2_lookup_simple+0x170/0x170
[  153.964752][ T3994]  ? __gfs2_lookup+0x8c/0x260
[  153.969441][ T3994]  __gfs2_lookup+0x8c/0x260
[  153.973941][ T3994]  ? gfs2_atomic_open+0x230/0x230
[  153.978961][ T3994]  ? __d_lookup+0x6a4/0x770
[  153.983460][ T3994]  ? d_hash_and_lookup+0x1c0/0x1c0
[  153.988565][ T3994]  gfs2_atomic_open+0xa4/0x230
[  153.993328][ T3994]  path_openat+0xf39/0x2df0
[  153.997833][ T3994]  ? gfs2_rename2+0x3000/0x3000
[  154.002686][ T3994]  ? do_filp_open+0x4f0/0x4f0
[  154.007368][ T3994]  do_filp_open+0x264/0x4f0
[  154.011864][ T3994]  ? vfs_tmpfile+0x490/0x490
[  154.016455][ T3994]  ? do_raw_spin_unlock+0x134/0x8a0
[  154.021650][ T3994]  ? _raw_spin_unlock+0x24/0x40
[  154.026513][ T3994]  ? alloc_fd+0x5a7/0x640
[  154.030845][ T3994]  do_sys_openat2+0x124/0x4e0
[  154.035516][ T3994]  ? print_irqtrace_events+0x220/0x220
[  154.040963][ T3994]  ? ptrace_stop+0x74d/0x970
[  154.045548][ T3994]  ? do_sys_open+0x220/0x220
[  154.050131][ T3994]  ? lockdep_hardirqs_on+0x8d/0x130
[  154.055326][ T3994]  ? _raw_spin_unlock_irq+0x2a/0x40
[  154.060519][ T3994]  ? ptrace_notify+0x245/0x340
[  154.065274][ T3994]  __x64_sys_openat+0x243/0x290
[  154.070120][ T3994]  ? __ia32_sys_open+0x270/0x270
[  154.075052][ T3994]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  154.081034][ T3994]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  154.087017][ T3994]  do_syscall_64+0x3d/0xb0
[  154.091424][ T3994]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  154.097308][ T3994] RIP: 0033:0x7fc8868064d9
[  154.101714][ T3994] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  154.121318][ T3994] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  154.129725][ T3994] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  3995] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3994] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  3994] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3994] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3993] exit_group(0 <unfinished ...>
[pid  3995] <... futex resumed>)        = ?
[pid  3994] <... futex resumed>)        = ?
[pid  3994] +++ exited with 0 +++
[pid  3993] <... exit_group resumed>)   = ?
[pid  3995] +++ exited with 0 +++
[pid  3993] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3993, si_uid=0, si_status=0, si_utime=2, si_stime=27} ---
umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./118/binderfs")                = 0
[  154.137689][ T3994] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  154.145652][ T3994] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  154.153633][ T3994] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  154.161598][ T3994] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  154.169577][ T3994]  </TASK>
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./118/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./118")                          = 0
mkdir("./119", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 3996 attached
, child_tidptr=0x55555635f5d0) = 3996
[pid  3996] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3996] chdir("./119")              = 0
[pid  3996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3996] setpgid(0, 0)               = 0
[pid  3996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3996] write(3, "1000", 4)         = 4
[pid  3996] close(3)                    = 0
[pid  3996] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3996] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3996] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3996] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3997], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 3997
[pid  3996] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3996] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 3997 attached
 <unfinished ...>
[pid  3997] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3997] memfd_create("syzkaller", 0) = 3
[pid  3997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  3997] munmap(0x7fc87e392000, 16777216) = 0
[pid  3997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  3997] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  3997] close(3)                    = 0
[pid  3997] mkdir("./file0", 0777)      = 0
[  154.484131][ T3997] loop0: detected capacity change from 0 to 32768
[  154.494947][ T3997] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  154.503723][ T3997] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  154.513276][ T3997] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  154.522116][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  154.528885][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  3997] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  3997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  3997] chdir("./file0")            = 0
[pid  3997] ioctl(4, LOOP_CLR_FD)       = 0
[pid  3997] close(4)                    = 0
[pid  3997] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3996] <... futex resumed>)        = 0
[pid  3996] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3996] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3997] <... futex resumed>)        = 1
[pid  3997] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  3997] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3996] <... futex resumed>)        = 0
[pid  3996] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3996] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  3997] <... futex resumed>)        = 1
[  154.566530][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  154.574129][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  154.579386][ T3997] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  154.594186][ T3997] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  154.602736][ T3997] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  154.602736][ T3997]   inode = 12 2341
[pid  3997] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3996] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3996] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3996] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3996] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[3998], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 3998
[pid  3996] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 3998 attached
[pid  3998] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  3998] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  3998] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  154.602736][ T3997]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  154.622048][ T3997] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  154.632178][ T3997] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:3997 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  154.642496][ T3997] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  154.651356][ T3997] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  154.658676][ T3997] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  154.667720][ T3997] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  154.674583][ T3997] gfs2: fsid=syz:syz.0: File system withdrawn
[  154.681112][ T3997] CPU: 0 PID: 3997 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  154.691524][ T3997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  154.701580][ T3997] Call Trace:
[  154.704861][ T3997]  <TASK>
[  154.707781][ T3997]  dump_stack_lvl+0x1b1/0x28e
[  154.712455][ T3997]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  154.717906][ T3997]  ? panic+0x710/0x710
[  154.721980][ T3997]  ? kobject_uevent_env+0x46b/0x8e0
[  154.727179][ T3997]  ? do_raw_spin_unlock+0x134/0x8a0
[  154.732393][ T3997]  gfs2_withdraw+0xf33/0x1540
[  154.737106][ T3997]  ? gfs2_lm+0x220/0x220
[  154.741350][ T3997]  ? gfs2_dirent_scan+0xb6/0x650
[  154.746286][ T3997]  ? panic+0x710/0x710
[  154.750343][ T3997]  ? gfs2_permission+0x2ff/0x430
[  154.755366][ T3997]  ? gfs2_consist_inode_i+0xf3/0x110
[  154.760657][ T3997]  gfs2_dirent_scan+0x535/0x650
[pid  3998] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3996] exit_group(0 <unfinished ...>
[pid  3998] <... futex resumed>)        = ?
[pid  3996] <... exit_group resumed>)   = ?
[pid  3998] +++ exited with 0 +++
[  154.765529][ T3997]  ? gfs2_dirent_search+0xb10/0xb10
[  154.770724][ T3997]  gfs2_dirent_search+0x2ea/0xb10
[  154.775761][ T3997]  ? gfs2_dirent_search+0xb10/0xb10
[  154.780968][ T3997]  ? gfs2_dir_search+0x2a0/0x2a0
[  154.785914][ T3997]  ? gfs2_permission+0x3bf/0x430
[  154.790965][ T3997]  gfs2_dir_search+0x8c/0x2a0
[  154.795659][ T3997]  ? do_filldir_main+0x530/0x530
[  154.800591][ T3997]  ? inode_go_held+0xe4/0x1f0
[  154.805267][ T3997]  ? gfs2_glock_wait+0x213/0x2a0
[  154.810200][ T3997]  gfs2_lookupi+0x465/0x650
[  154.814701][ T3997]  ? gfs2_lookup_simple+0x170/0x170
[  154.819892][ T3997]  ? __gfs2_lookup+0x8c/0x260
[  154.824562][ T3997]  __gfs2_lookup+0x8c/0x260
[  154.829843][ T3997]  ? gfs2_atomic_open+0x230/0x230
[  154.834860][ T3997]  ? __d_lookup+0x6a4/0x770
[  154.839379][ T3997]  ? d_hash_and_lookup+0x1c0/0x1c0
[  154.844499][ T3997]  gfs2_atomic_open+0xa4/0x230
[  154.849256][ T3997]  path_openat+0xf39/0x2df0
[  154.853779][ T3997]  ? gfs2_rename2+0x3000/0x3000
[  154.858651][ T3997]  ? do_filp_open+0x4f0/0x4f0
[  154.863327][ T3997]  do_filp_open+0x264/0x4f0
[  154.867843][ T3997]  ? vfs_tmpfile+0x490/0x490
[  154.872435][ T3997]  ? do_raw_spin_unlock+0x134/0x8a0
[  154.877627][ T3997]  ? _raw_spin_unlock+0x24/0x40
[  154.882469][ T3997]  ? alloc_fd+0x5a7/0x640
[  154.886806][ T3997]  do_sys_openat2+0x124/0x4e0
[  154.891490][ T3997]  ? print_irqtrace_events+0x220/0x220
[  154.896935][ T3997]  ? ptrace_stop+0x74d/0x970
[  154.901535][ T3997]  ? do_sys_open+0x220/0x220
[  154.906123][ T3997]  ? lockdep_hardirqs_on+0x8d/0x130
[  154.911323][ T3997]  ? _raw_spin_unlock_irq+0x2a/0x40
[  154.916516][ T3997]  ? ptrace_notify+0x245/0x340
[  154.921274][ T3997]  __x64_sys_openat+0x243/0x290
[  154.926126][ T3997]  ? __ia32_sys_open+0x270/0x270
[  154.931056][ T3997]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  154.937042][ T3997]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  154.943023][ T3997]  do_syscall_64+0x3d/0xb0
[  154.947435][ T3997]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  154.953685][ T3997] RIP: 0033:0x7fc8868064d9
[  154.958095][ T3997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  154.977701][ T3997] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  154.986642][ T3997] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  154.994620][ T3997] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  155.002593][ T3997] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  155.010553][ T3997] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  3997] <... openat resumed>)       = ?
[pid  3997] +++ exited with 0 +++
[pid  3996] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3996, si_uid=0, si_status=0, si_utime=3, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./119/binderfs")                = 0
[  155.018539][ T3997] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  155.026553][ T3997]  </TASK>
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./119/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./119")                          = 0
mkdir("./120", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 3999
./strace-static-x86_64: Process 3999 attached
[pid  3999] set_robust_list(0x55555635f5e0, 24) = 0
[pid  3999] chdir("./120")              = 0
[pid  3999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  3999] setpgid(0, 0)               = 0
[pid  3999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  3999] write(3, "1000", 4)         = 4
[pid  3999] close(3)                    = 0
[pid  3999] symlink("/dev/binderfs", "./binderfs") = 0
[pid  3999] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  3999] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3999] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4000], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4000
[pid  3999] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 4000 attached
 <unfinished ...>
[pid  4000] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  3999] <... futex resumed>)        = 0
[pid  4000] memfd_create("syzkaller", 0) = 3
[pid  4000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  3999] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4000] munmap(0x7fc87e392000, 16777216) = 0
[pid  4000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4000] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4000] close(3)                    = 0
[pid  4000] mkdir("./file0", 0777)      = 0
[  155.318692][ T4000] loop0: detected capacity change from 0 to 32768
[  155.329303][ T4000] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  155.337595][ T4000] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  155.347314][ T4000] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  155.356123][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  155.363242][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4000] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4000] chdir("./file0")            = 0
[pid  4000] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4000] close(4)                    = 0
[pid  4000] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3999] <... futex resumed>)        = 0
[pid  3999] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3999] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4000] <... futex resumed>)        = 1
[pid  4000] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4000] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  3999] <... futex resumed>)        = 0
[pid  3999] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3999] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4000] <... futex resumed>)        = 1
[  155.399381][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  155.407142][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  155.412465][ T4000] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  155.425732][ T4000] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  155.434261][ T4000] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  155.434261][ T4000]   inode = 12 2341
[pid  4000] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  3999] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  3999] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  3999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  3999] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  3999] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4001], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4001
[pid  3999] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4001 attached
[pid  4001] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4001] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4001] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  155.434261][ T4000]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  155.453034][ T4000] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  155.462205][ T4000] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4000 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  155.472325][ T4000] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  155.480990][ T4000] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  155.488211][ T4000] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  155.497116][ T4000] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  155.503707][ T4000] gfs2: fsid=syz:syz.0: File system withdrawn
[  155.509786][ T4000] CPU: 0 PID: 4000 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  155.520209][ T4000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  155.530268][ T4000] Call Trace:
[  155.533535][ T4000]  <TASK>
[  155.536454][ T4000]  dump_stack_lvl+0x1b1/0x28e
[  155.541145][ T4000]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  155.546620][ T4000]  ? panic+0x710/0x710
[  155.550704][ T4000]  ? kobject_uevent_env+0x46b/0x8e0
[  155.555910][ T4000]  ? do_raw_spin_unlock+0x134/0x8a0
[  155.561117][ T4000]  gfs2_withdraw+0xf33/0x1540
[  155.565795][ T4000]  ? gfs2_lm+0x220/0x220
[  155.570026][ T4000]  ? gfs2_dirent_scan+0xb6/0x650
[  155.574971][ T4000]  ? panic+0x710/0x710
[  155.579060][ T4000]  ? gfs2_permission+0x2ff/0x430
[  155.584036][ T4000]  ? gfs2_consist_inode_i+0xf3/0x110
[  155.589324][ T4000]  gfs2_dirent_scan+0x535/0x650
[  155.594256][ T4000]  ? gfs2_dirent_search+0xb10/0xb10
[  155.599452][ T4000]  gfs2_dirent_search+0x2ea/0xb10
[  155.604485][ T4000]  ? gfs2_dirent_search+0xb10/0xb10
[  155.609712][ T4000]  ? gfs2_dir_search+0x2a0/0x2a0
[  155.614660][ T4000]  ? gfs2_permission+0x3bf/0x430
[  155.619614][ T4000]  gfs2_dir_search+0x8c/0x2a0
[  155.624297][ T4000]  ? do_filldir_main+0x530/0x530
[  155.629236][ T4000]  ? inode_go_held+0xe4/0x1f0
[  155.634606][ T4000]  ? gfs2_glock_wait+0x213/0x2a0
[  155.639535][ T4000]  gfs2_lookupi+0x465/0x650
[  155.644038][ T4000]  ? gfs2_lookup_simple+0x170/0x170
[  155.649232][ T4000]  ? __gfs2_lookup+0x8c/0x260
[  155.653914][ T4000]  __gfs2_lookup+0x8c/0x260
[  155.658415][ T4000]  ? gfs2_atomic_open+0x230/0x230
[  155.663525][ T4000]  ? __d_lookup+0x6a4/0x770
[  155.668019][ T4000]  ? d_hash_and_lookup+0x1c0/0x1c0
[  155.673125][ T4000]  gfs2_atomic_open+0xa4/0x230
[  155.677885][ T4000]  path_openat+0xf39/0x2df0
[  155.682400][ T4000]  ? gfs2_rename2+0x3000/0x3000
[  155.687259][ T4000]  ? do_filp_open+0x4f0/0x4f0
[  155.691944][ T4000]  do_filp_open+0x264/0x4f0
[  155.696438][ T4000]  ? vfs_tmpfile+0x490/0x490
[  155.701028][ T4000]  ? do_raw_spin_unlock+0x134/0x8a0
[  155.706227][ T4000]  ? _raw_spin_unlock+0x24/0x40
[  155.711075][ T4000]  ? alloc_fd+0x5a7/0x640
[  155.715420][ T4000]  do_sys_openat2+0x124/0x4e0
[  155.720092][ T4000]  ? print_irqtrace_events+0x220/0x220
[  155.725543][ T4000]  ? ptrace_stop+0x74d/0x970
[  155.730125][ T4000]  ? do_sys_open+0x220/0x220
[  155.734709][ T4000]  ? lockdep_hardirqs_on+0x8d/0x130
[  155.739898][ T4000]  ? _raw_spin_unlock_irq+0x2a/0x40
[  155.745093][ T4000]  ? ptrace_notify+0x245/0x340
[  155.749846][ T4000]  __x64_sys_openat+0x243/0x290
[  155.754689][ T4000]  ? __ia32_sys_open+0x270/0x270
[  155.759620][ T4000]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  155.765592][ T4000]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  155.771564][ T4000]  do_syscall_64+0x3d/0xb0
[  155.775972][ T4000]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  155.781876][ T4000] RIP: 0033:0x7fc8868064d9
[  155.786294][ T4000] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  155.805904][ T4000] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  155.814321][ T4000] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  155.822286][ T4000] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  155.830250][ T4000] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  155.838214][ T4000] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4001] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4000] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4000] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4000] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  3999] exit_group(0 <unfinished ...>
[pid  4001] <... futex resumed>)        = ?
[pid  4000] <... futex resumed>)        = ?
[pid  4001] +++ exited with 0 +++
[pid  4000] +++ exited with 0 +++
[pid  3999] <... exit_group resumed>)   = ?
[pid  3999] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3999, si_uid=0, si_status=0, si_utime=2, si_stime=32} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./120/binderfs")                = 0
[  155.846175][ T4000] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  155.854151][ T4000]  </TASK>
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./120/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./120")                          = 0
mkdir("./121", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4002
./strace-static-x86_64: Process 4002 attached
[pid  4002] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4002] chdir("./121")              = 0
[pid  4002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4002] setpgid(0, 0)               = 0
[pid  4002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4002] write(3, "1000", 4)         = 4
[pid  4002] close(3)                    = 0
[pid  4002] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4002] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4002] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4002] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4003 attached
, parent_tid=[4003], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4003
[pid  4002] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4002] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4003] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4003] memfd_create("syzkaller", 0) = 3
[pid  4003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4003] munmap(0x7fc87e392000, 16777216) = 0
[pid  4003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4003] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4003] close(3)                    = 0
[pid  4003] mkdir("./file0", 0777)      = 0
[  156.144294][ T4003] loop0: detected capacity change from 0 to 32768
[  156.154442][ T4003] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  156.162937][ T4003] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  156.173242][ T4003] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  156.181863][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  156.188687][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4003] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4003] chdir("./file0")            = 0
[pid  4003] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4003] close(4)                    = 0
[pid  4003] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4003] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4002] <... futex resumed>)        = 0
[pid  4002] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4002] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4003] <... futex resumed>)        = 0
[pid  4003] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4003] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4002] <... futex resumed>)        = 0
[pid  4002] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4002] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4003] <... futex resumed>)        = 1
[  156.221734][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  156.229277][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  156.234659][ T4003] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  156.257655][ T4003] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  156.266397][ T4003] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  156.266397][ T4003]   inode = 12 2341
[  156.266397][ T4003]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  156.285833][ T4003] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  156.295181][ T4003] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4003 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  156.305227][ T4003] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  156.313778][ T4003] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  4003] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4002] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4002] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4002] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4002] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4004], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4004
[pid  4002] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  156.321021][ T4003] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  156.330251][ T4003] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  156.336948][ T4003] gfs2: fsid=syz:syz.0: File system withdrawn
[  156.344202][ T4003] CPU: 0 PID: 4003 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  156.354644][ T4003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  156.364703][ T4003] Call Trace:
[  156.367977][ T4003]  <TASK>
./strace-static-x86_64: Process 4004 attached
[pid  4004] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4004] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4004] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  156.370905][ T4003]  dump_stack_lvl+0x1b1/0x28e
[  156.375582][ T4003]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  156.381030][ T4003]  ? panic+0x710/0x710
[  156.385088][ T4003]  ? kobject_uevent_env+0x46b/0x8e0
[  156.390282][ T4003]  ? do_raw_spin_unlock+0x134/0x8a0
[  156.395498][ T4003]  gfs2_withdraw+0xf33/0x1540
[  156.400178][ T4003]  ? gfs2_lm+0x220/0x220
[  156.404405][ T4003]  ? gfs2_dirent_scan+0xb6/0x650
[  156.409344][ T4003]  ? panic+0x710/0x710
[  156.413404][ T4003]  ? gfs2_permission+0x2ff/0x430
[  156.418344][ T4003]  ? gfs2_consist_inode_i+0xf3/0x110
[  156.423639][ T4003]  gfs2_dirent_scan+0x535/0x650
[  156.428490][ T4003]  ? gfs2_dirent_search+0xb10/0xb10
[  156.433687][ T4003]  gfs2_dirent_search+0x2ea/0xb10
[  156.438706][ T4003]  ? gfs2_dirent_search+0xb10/0xb10
[  156.443902][ T4003]  ? gfs2_dir_search+0x2a0/0x2a0
[  156.448836][ T4003]  ? gfs2_permission+0x3bf/0x430
[  156.453773][ T4003]  gfs2_dir_search+0x8c/0x2a0
[  156.458447][ T4003]  ? do_filldir_main+0x530/0x530
[  156.463377][ T4003]  ? inode_go_held+0xe4/0x1f0
[  156.468073][ T4003]  ? gfs2_glock_wait+0x213/0x2a0
[  156.473005][ T4003]  gfs2_lookupi+0x465/0x650
[  156.477507][ T4003]  ? gfs2_lookup_simple+0x170/0x170
[  156.482701][ T4003]  ? __gfs2_lookup+0x8c/0x260
[  156.487377][ T4003]  __gfs2_lookup+0x8c/0x260
[  156.491878][ T4003]  ? gfs2_atomic_open+0x230/0x230
[  156.496908][ T4003]  ? __d_lookup+0x6a4/0x770
[  156.501402][ T4003]  ? d_hash_and_lookup+0x1c0/0x1c0
[  156.506505][ T4003]  gfs2_atomic_open+0xa4/0x230
[  156.511266][ T4003]  path_openat+0xf39/0x2df0
[  156.515766][ T4003]  ? gfs2_rename2+0x3000/0x3000
[  156.520633][ T4003]  ? do_filp_open+0x4f0/0x4f0
[  156.525316][ T4003]  do_filp_open+0x264/0x4f0
[  156.529831][ T4003]  ? vfs_tmpfile+0x490/0x490
[  156.534422][ T4003]  ? do_raw_spin_unlock+0x134/0x8a0
[  156.539621][ T4003]  ? _raw_spin_unlock+0x24/0x40
[  156.544470][ T4003]  ? alloc_fd+0x5a7/0x640
[  156.548801][ T4003]  do_sys_openat2+0x124/0x4e0
[  156.553471][ T4003]  ? print_irqtrace_events+0x220/0x220
[  156.558923][ T4003]  ? ptrace_stop+0x74d/0x970
[  156.563510][ T4003]  ? do_sys_open+0x220/0x220
[  156.568092][ T4003]  ? lockdep_hardirqs_on+0x8d/0x130
[  156.573287][ T4003]  ? _raw_spin_unlock_irq+0x2a/0x40
[  156.578487][ T4003]  ? ptrace_notify+0x245/0x340
[  156.583253][ T4003]  __x64_sys_openat+0x243/0x290
[  156.588099][ T4003]  ? __ia32_sys_open+0x270/0x270
[  156.593035][ T4003]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  156.599098][ T4003]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  156.605069][ T4003]  do_syscall_64+0x3d/0xb0
[  156.609479][ T4003]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  156.615365][ T4003] RIP: 0033:0x7fc8868064d9
[  156.619860][ T4003] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  156.639579][ T4003] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  156.647997][ T4003] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  156.655971][ T4003] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  156.663950][ T4003] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4004] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4003] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4003] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4002] exit_group(0)               = ?
[pid  4004] <... futex resumed>)        = ?
[pid  4004] +++ exited with 0 +++
[pid  4003] <... futex resumed>)        = ?
[pid  4003] +++ exited with 0 +++
[pid  4002] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4002, si_uid=0, si_status=0, si_utime=2, si_stime=27} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./121/binderfs")                = 0
[  156.671917][ T4003] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  156.679877][ T4003] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  156.687855][ T4003]  </TASK>
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./121/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./121")                          = 0
mkdir("./122", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4005
./strace-static-x86_64: Process 4005 attached
[pid  4005] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4005] chdir("./122")              = 0
[pid  4005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4005] setpgid(0, 0)               = 0
[pid  4005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4005] write(3, "1000", 4)         = 4
[pid  4005] close(3)                    = 0
[pid  4005] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4005] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4005] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4005] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4006], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4006
./strace-static-x86_64: Process 4006 attached
[pid  4005] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4005] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4006] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4006] memfd_create("syzkaller", 0) = 3
[pid  4006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4006] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4006] munmap(0x7fc87e392000, 16777216) = 0
[pid  4006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4006] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4006] close(3)                    = 0
[pid  4006] mkdir("./file0", 0777)      = 0
[  156.986686][ T4006] loop0: detected capacity change from 0 to 32768
[  156.998017][ T4006] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  157.006496][ T4006] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  157.015543][ T4006] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  157.024467][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  157.031410][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4006] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4006] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4006] chdir("./file0")            = 0
[pid  4006] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4006] close(4)                    = 0
[pid  4006] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4005] <... futex resumed>)        = 0
[pid  4005] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4005] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4006] <... futex resumed>)        = 1
[pid  4006] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4006] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4005] <... futex resumed>)        = 0
[pid  4005] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4005] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4006] <... futex resumed>)        = 1
[  157.066309][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  157.075048][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  157.080591][ T4006] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  157.104734][ T4006] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4006] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4005] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4005] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4005] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4005] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4007], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4007
[pid  4005] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4007 attached
[pid  4007] set_robust_list(0x7fc87f3919e0, 24) = 0
[  157.113488][ T4006] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  157.113488][ T4006]   inode = 12 2341
[  157.113488][ T4006]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  157.132555][ T4006] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  157.141845][ T4006] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4006 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  157.151988][ T4006] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  157.157486][ T4007] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  157.161135][ T4006] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  157.169651][ T4007] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  157.176328][ T4006] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  157.185532][ T4007] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4006 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  157.195033][ T4006] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  157.204414][ T4007] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4007 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  157.212538][ T4006] gfs2: fsid=syz:syz.0: File system withdrawn
[  157.220911][ T4007] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  157.227224][ T4006] CPU: 1 PID: 4006 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  157.245419][ T4006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  157.255514][ T4006] Call Trace:
[  157.258792][ T4006]  <TASK>
[  157.261730][ T4006]  dump_stack_lvl+0x1b1/0x28e
[  157.266411][ T4006]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  157.271885][ T4006]  ? panic+0x710/0x710
[  157.275952][ T4006]  ? kobject_uevent_env+0x46b/0x8e0
[  157.281248][ T4006]  ? do_raw_spin_unlock+0x134/0x8a0
[  157.286448][ T4006]  gfs2_withdraw+0xf33/0x1540
[  157.291133][ T4006]  ? gfs2_lm+0x220/0x220
[  157.295365][ T4006]  ? gfs2_dirent_scan+0xb6/0x650
[  157.300302][ T4006]  ? panic+0x710/0x710
[  157.304362][ T4006]  ? gfs2_permission+0x2ff/0x430
[  157.309298][ T4006]  ? gfs2_consist_inode_i+0xf3/0x110
[  157.314579][ T4006]  gfs2_dirent_scan+0x535/0x650
[  157.319429][ T4006]  ? gfs2_dirent_search+0xb10/0xb10
[  157.324649][ T4006]  gfs2_dirent_search+0x2ea/0xb10
[  157.329672][ T4006]  ? gfs2_dirent_search+0xb10/0xb10
[  157.334867][ T4006]  ? gfs2_dir_search+0x2a0/0x2a0
[  157.339798][ T4006]  ? gfs2_permission+0x3bf/0x430
[  157.344737][ T4006]  gfs2_dir_search+0x8c/0x2a0
[  157.349413][ T4006]  ? do_filldir_main+0x530/0x530
[  157.354348][ T4006]  ? inode_go_held+0xe4/0x1f0
[  157.359028][ T4006]  ? gfs2_glock_wait+0x213/0x2a0
[  157.363963][ T4006]  gfs2_lookupi+0x465/0x650
[  157.368471][ T4006]  ? gfs2_lookup_simple+0x170/0x170
[  157.373666][ T4006]  ? __gfs2_lookup+0x8c/0x260
[  157.378344][ T4006]  __gfs2_lookup+0x8c/0x260
[  157.382843][ T4006]  ? gfs2_atomic_open+0x230/0x230
[  157.387866][ T4006]  ? __d_lookup+0x6a4/0x770
[  157.392361][ T4006]  ? d_hash_and_lookup+0x1c0/0x1c0
[  157.397467][ T4006]  gfs2_atomic_open+0xa4/0x230
[  157.402231][ T4006]  path_openat+0xf39/0x2df0
[  157.406736][ T4006]  ? gfs2_rename2+0x3000/0x3000
[  157.411597][ T4006]  ? do_filp_open+0x4f0/0x4f0
[  157.416281][ T4006]  do_filp_open+0x264/0x4f0
[  157.420788][ T4006]  ? vfs_tmpfile+0x490/0x490
[  157.425384][ T4006]  ? do_raw_spin_unlock+0x134/0x8a0
[  157.430592][ T4006]  ? _raw_spin_unlock+0x24/0x40
[  157.435441][ T4006]  ? alloc_fd+0x5a7/0x640
[  157.439775][ T4006]  do_sys_openat2+0x124/0x4e0
[  157.444448][ T4006]  ? print_irqtrace_events+0x220/0x220
[  157.449896][ T4006]  ? ptrace_stop+0x74d/0x970
[  157.454484][ T4006]  ? do_sys_open+0x220/0x220
[  157.459071][ T4006]  ? lockdep_hardirqs_on+0x8d/0x130
[  157.464267][ T4006]  ? _raw_spin_unlock_irq+0x2a/0x40
[  157.469640][ T4006]  ? ptrace_notify+0x245/0x340
[  157.474397][ T4006]  __x64_sys_openat+0x243/0x290
[  157.479243][ T4006]  ? __ia32_sys_open+0x270/0x270
[  157.484191][ T4006]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  157.490168][ T4006]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  157.496144][ T4006]  do_syscall_64+0x3d/0xb0
[  157.500553][ T4006]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  157.506437][ T4006] RIP: 0033:0x7fc8868064d9
[  157.510845][ T4006] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  157.530446][ T4006] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  157.538854][ T4006] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  157.546818][ T4006] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  157.554795][ T4006] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4007] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4006] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4007] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4006] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4007] <... futex resumed>)        = 0
[pid  4006] <... futex resumed>)        = 0
[pid  4007] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4005] exit_group(0 <unfinished ...>
[pid  4007] <... futex resumed>)        = ?
[pid  4005] <... exit_group resumed>)   = ?
[pid  4007] +++ exited with 0 +++
[pid  4006] +++ exited with 0 +++
[pid  4005] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4005, si_uid=0, si_status=0, si_utime=2, si_stime=40} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./122/binderfs")                = 0
[  157.562756][ T4006] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  157.570717][ T4006] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  157.578713][ T4006]  </TASK>
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./122/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./122")                          = 0
mkdir("./123", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4008
./strace-static-x86_64: Process 4008 attached
[pid  4008] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4008] chdir("./123")              = 0
[pid  4008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4008] setpgid(0, 0)               = 0
[pid  4008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4008] write(3, "1000", 4)         = 4
[pid  4008] close(3)                    = 0
[pid  4008] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4008] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4008] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4008] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4009 attached
, parent_tid=[4009], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4009
[pid  4009] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4009] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4008] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4009] <... futex resumed>)        = 0
[pid  4008] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4009] memfd_create("syzkaller", 0) = 3
[pid  4009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4009] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4009] munmap(0x7fc87e392000, 16777216) = 0
[pid  4009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4009] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4009] close(3)                    = 0
[pid  4009] mkdir("./file0", 0777)      = 0
[  157.882118][ T4009] loop0: detected capacity change from 0 to 32768
[  157.892727][ T4009] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  157.900969][ T4009] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  157.911390][ T4009] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  157.920370][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  157.927157][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4009] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4009] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4009] chdir("./file0")            = 0
[pid  4009] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4009] close(4)                    = 0
[pid  4009] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4008] <... futex resumed>)        = 0
[pid  4008] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4008] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4009] <... futex resumed>)        = 1
[pid  4009] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4009] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4008] <... futex resumed>)        = 0
[pid  4008] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4008] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4009] <... futex resumed>)        = 1
[  157.965783][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  157.973389][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  157.978643][ T4009] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  157.995389][ T4009] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  158.007020][ T4009] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  4009] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4008] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4008] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4008] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4008] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4008] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4010], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4010
[pid  4008] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4010 attached
[pid  4010] set_robust_list(0x7fc87f3919e0, 24) = 0
[  158.007020][ T4009]   inode = 12 2341
[  158.007020][ T4009]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  158.025939][ T4009] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  158.035308][ T4009] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4009 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  158.045946][ T4009] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  158.052642][ T4010] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  158.055281][ T4009] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  158.063779][ T4010] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  158.069979][ T4009] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  158.069992][ T4009] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  158.071752][ T4009] gfs2: fsid=syz:syz.0: File system withdrawn
[  158.080039][ T4010] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4009 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  158.087857][ T4009] CPU: 1 PID: 4009 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  158.094756][ T4010] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4010 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  158.100234][ T4009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  158.100247][ T4009] Call Trace:
[  158.100255][ T4009]  <TASK>
[  158.100264][ T4009]  dump_stack_lvl+0x1b1/0x28e
[  158.100287][ T4009]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  158.100305][ T4009]  ? panic+0x710/0x710
[  158.100323][ T4009]  ? kobject_uevent_env+0x46b/0x8e0
[  158.111641][ T4010] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  158.120673][ T4009]  ? do_raw_spin_unlock+0x134/0x8a0
[  158.120710][ T4009]  gfs2_withdraw+0xf33/0x1540
[  158.120746][ T4009]  ? gfs2_lm+0x220/0x220
[  158.120762][ T4009]  ? gfs2_dirent_scan+0xb6/0x650
[  158.193748][ T4009]  ? panic+0x710/0x710
[  158.197818][ T4009]  ? gfs2_permission+0x2ff/0x430
[  158.202757][ T4009]  ? gfs2_consist_inode_i+0xf3/0x110
[  158.208041][ T4009]  gfs2_dirent_scan+0x535/0x650
[  158.212894][ T4009]  ? gfs2_dirent_search+0xb10/0xb10
[  158.218089][ T4009]  gfs2_dirent_search+0x2ea/0xb10
[  158.223112][ T4009]  ? gfs2_dirent_search+0xb10/0xb10
[  158.228311][ T4009]  ? gfs2_dir_search+0x2a0/0x2a0
[  158.233246][ T4009]  ? gfs2_permission+0x3bf/0x430
[  158.238183][ T4009]  gfs2_dir_search+0x8c/0x2a0
[  158.242858][ T4009]  ? do_filldir_main+0x530/0x530
[  158.247793][ T4009]  ? inode_go_held+0xe4/0x1f0
[  158.252470][ T4009]  ? gfs2_glock_wait+0x213/0x2a0
[  158.257400][ T4009]  gfs2_lookupi+0x465/0x650
[  158.261904][ T4009]  ? gfs2_lookup_simple+0x170/0x170
[  158.267881][ T4009]  ? __gfs2_lookup+0x8c/0x260
[  158.272578][ T4009]  __gfs2_lookup+0x8c/0x260
[  158.277079][ T4009]  ? gfs2_atomic_open+0x230/0x230
[  158.282104][ T4009]  ? __d_lookup+0x6a4/0x770
[  158.286597][ T4009]  ? d_hash_and_lookup+0x1c0/0x1c0
[  158.291703][ T4009]  gfs2_atomic_open+0xa4/0x230
[  158.296465][ T4009]  path_openat+0xf39/0x2df0
[  158.300966][ T4009]  ? gfs2_rename2+0x3000/0x3000
[  158.305828][ T4009]  ? do_filp_open+0x4f0/0x4f0
[  158.310511][ T4009]  do_filp_open+0x264/0x4f0
[  158.315007][ T4009]  ? vfs_tmpfile+0x490/0x490
[  158.319601][ T4009]  ? do_raw_spin_unlock+0x134/0x8a0
[  158.326621][ T4009]  ? _raw_spin_unlock+0x24/0x40
[  158.331464][ T4009]  ? alloc_fd+0x5a7/0x640
[  158.335802][ T4009]  do_sys_openat2+0x124/0x4e0
[  158.340471][ T4009]  ? print_irqtrace_events+0x220/0x220
[  158.345922][ T4009]  ? ptrace_stop+0x74d/0x970
[  158.350506][ T4009]  ? do_sys_open+0x220/0x220
[  158.355095][ T4009]  ? lockdep_hardirqs_on+0x8d/0x130
[  158.360289][ T4009]  ? _raw_spin_unlock_irq+0x2a/0x40
[  158.365484][ T4009]  ? ptrace_notify+0x245/0x340
[  158.370238][ T4009]  __x64_sys_openat+0x243/0x290
[  158.375084][ T4009]  ? __ia32_sys_open+0x270/0x270
[  158.380018][ T4009]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  158.386010][ T4009]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  158.391986][ T4009]  do_syscall_64+0x3d/0xb0
[  158.396481][ T4009]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  158.402364][ T4009] RIP: 0033:0x7fc8868064d9
[  158.406770][ T4009] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  158.426374][ T4009] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  158.434785][ T4009] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  158.442748][ T4009] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  158.450712][ T4009] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  158.458674][ T4009] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4010] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4009] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4009] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4009] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4010] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4010] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4008] exit_group(0 <unfinished ...>
[pid  4009] <... futex resumed>)        = ?
[pid  4008] <... exit_group resumed>)   = ?
[pid  4009] +++ exited with 0 +++
[pid  4010] +++ exited with 0 +++
[pid  4008] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4008, si_uid=0, si_status=0, si_utime=3, si_stime=33} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./123/binderfs")                = 0
[  158.466634][ T4009] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  158.474609][ T4009]  </TASK>
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./123/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./123")                          = 0
mkdir("./124", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4011
./strace-static-x86_64: Process 4011 attached
[pid  4011] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4011] chdir("./124")              = 0
[pid  4011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4011] setpgid(0, 0)               = 0
[pid  4011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4011] write(3, "1000", 4)         = 4
[pid  4011] close(3)                    = 0
[pid  4011] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4011] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4011] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4011] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4012 attached
, parent_tid=[4012], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4012
[pid  4012] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4011] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4012] <... set_robust_list resumed>) = 0
[pid  4011] <... futex resumed>)        = 0
[pid  4011] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4012] memfd_create("syzkaller", 0) = 3
[pid  4012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4012] munmap(0x7fc87e392000, 16777216) = 0
[pid  4012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4012] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4012] close(3)                    = 0
[pid  4012] mkdir("./file0", 0777)      = 0
[  158.770988][ T4012] loop0: detected capacity change from 0 to 32768
[  158.783058][ T4012] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  158.791522][ T4012] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  158.801681][ T4012] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  158.810569][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  158.817357][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4012] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4012] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4012] chdir("./file0")            = 0
[pid  4012] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4012] close(4)                    = 0
[pid  4012] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4011] <... futex resumed>)        = 0
[pid  4011] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4011] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4012] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4012] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4011] <... futex resumed>)        = 0
[pid  4011] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4011] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  158.852418][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  158.861340][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  158.866595][ T4012] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  158.887929][ T4012] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4012] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4011] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4011] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4011] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4011] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4011] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4013], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4013
[pid  4011] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4013 attached
[pid  4013] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4013] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4013] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  158.896961][ T4012] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  158.896961][ T4012]   inode = 12 2341
[  158.896961][ T4012]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  158.916282][ T4012] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  158.925972][ T4012] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4012 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  158.936368][ T4012] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  158.944883][ T4012] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  158.952257][ T4012] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  158.961137][ T4012] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  158.967668][ T4012] gfs2: fsid=syz:syz.0: File system withdrawn
[  158.973834][ T4012] CPU: 0 PID: 4012 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  158.984263][ T4012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  158.994321][ T4012] Call Trace:
[  158.997598][ T4012]  <TASK>
[  159.000519][ T4012]  dump_stack_lvl+0x1b1/0x28e
[  159.005206][ T4012]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  159.010678][ T4012]  ? panic+0x710/0x710
[  159.014771][ T4012]  ? kobject_uevent_env+0x46b/0x8e0
[  159.019977][ T4012]  ? do_raw_spin_unlock+0x134/0x8a0
[  159.025172][ T4012]  gfs2_withdraw+0xf33/0x1540
[  159.029851][ T4012]  ? gfs2_lm+0x220/0x220
[  159.034083][ T4012]  ? gfs2_dirent_scan+0xb6/0x650
[  159.039023][ T4012]  ? panic+0x710/0x710
[  159.043086][ T4012]  ? gfs2_permission+0x2ff/0x430
[  159.048024][ T4012]  ? gfs2_consist_inode_i+0xf3/0x110
[  159.053308][ T4012]  gfs2_dirent_scan+0x535/0x650
[  159.058166][ T4012]  ? gfs2_dirent_search+0xb10/0xb10
[  159.063364][ T4012]  gfs2_dirent_search+0x2ea/0xb10
[  159.068385][ T4012]  ? gfs2_dirent_search+0xb10/0xb10
[  159.073580][ T4012]  ? gfs2_dir_search+0x2a0/0x2a0
[  159.078511][ T4012]  ? gfs2_permission+0x3bf/0x430
[  159.083451][ T4012]  gfs2_dir_search+0x8c/0x2a0
[  159.088125][ T4012]  ? do_filldir_main+0x530/0x530
[  159.093055][ T4012]  ? inode_go_held+0xe4/0x1f0
[  159.097734][ T4012]  ? gfs2_glock_wait+0x213/0x2a0
[  159.102665][ T4012]  gfs2_lookupi+0x465/0x650
[  159.107167][ T4012]  ? gfs2_lookup_simple+0x170/0x170
[  159.112363][ T4012]  ? __gfs2_lookup+0x8c/0x260
[  159.117128][ T4012]  __gfs2_lookup+0x8c/0x260
[  159.123451][ T4012]  ? gfs2_atomic_open+0x230/0x230
[  159.128473][ T4012]  ? __d_lookup+0x6a4/0x770
[  159.132968][ T4012]  ? d_hash_and_lookup+0x1c0/0x1c0
[  159.138073][ T4012]  gfs2_atomic_open+0xa4/0x230
[  159.142833][ T4012]  path_openat+0xf39/0x2df0
[  159.148374][ T4012]  ? gfs2_rename2+0x3000/0x3000
[  159.153232][ T4012]  ? do_filp_open+0x4f0/0x4f0
[  159.157912][ T4012]  do_filp_open+0x264/0x4f0
[  159.162421][ T4012]  ? vfs_tmpfile+0x490/0x490
[  159.167010][ T4012]  ? do_raw_spin_unlock+0x134/0x8a0
[  159.172210][ T4012]  ? _raw_spin_unlock+0x24/0x40
[  159.177069][ T4012]  ? alloc_fd+0x5a7/0x640
[  159.181399][ T4012]  do_sys_openat2+0x124/0x4e0
[  159.186080][ T4012]  ? print_irqtrace_events+0x220/0x220
[  159.191529][ T4012]  ? ptrace_stop+0x74d/0x970
[  159.196127][ T4012]  ? do_sys_open+0x220/0x220
[  159.200710][ T4012]  ? lockdep_hardirqs_on+0x8d/0x130
[  159.205905][ T4012]  ? _raw_spin_unlock_irq+0x2a/0x40
[  159.211095][ T4012]  ? ptrace_notify+0x245/0x340
[  159.215851][ T4012]  __x64_sys_openat+0x243/0x290
[  159.220696][ T4012]  ? __ia32_sys_open+0x270/0x270
[  159.225633][ T4012]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  159.231620][ T4012]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  159.237593][ T4012]  do_syscall_64+0x3d/0xb0
[  159.242000][ T4012]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  159.247879][ T4012] RIP: 0033:0x7fc8868064d9
[  159.252285][ T4012] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  159.271879][ T4012] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  159.280281][ T4012] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  159.288240][ T4012] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  159.296200][ T4012] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4013] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4012] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4012] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4012] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4011] exit_group(0 <unfinished ...>
[pid  4013] <... futex resumed>)        = ?
[pid  4012] <... futex resumed>)        = ?
[pid  4011] <... exit_group resumed>)   = ?
[pid  4012] +++ exited with 0 +++
[pid  4013] +++ exited with 0 +++
[pid  4011] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4011, si_uid=0, si_status=0, si_utime=2, si_stime=25} ---
umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./124/binderfs")                = 0
[  159.304159][ T4012] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  159.312116][ T4012] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  159.320093][ T4012]  </TASK>
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./124/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./124")                          = 0
mkdir("./125", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4014
./strace-static-x86_64: Process 4014 attached
[pid  4014] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4014] chdir("./125")              = 0
[pid  4014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4014] setpgid(0, 0)               = 0
[pid  4014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4014] write(3, "1000", 4)         = 4
[pid  4014] close(3)                    = 0
[pid  4014] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4014] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4014] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4014] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4015], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4015
[pid  4014] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4014] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4015 attached
 <unfinished ...>
[pid  4015] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4015] memfd_create("syzkaller", 0) = 3
[pid  4015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4015] munmap(0x7fc87e392000, 16777216) = 0
[pid  4015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4015] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4015] close(3)                    = 0
[pid  4015] mkdir("./file0", 0777)      = 0
[  159.641750][ T4015] loop0: detected capacity change from 0 to 32768
[  159.653188][ T4015] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  159.661405][ T4015] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  159.671166][ T4015] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  159.679747][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  159.687162][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4015] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4015] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4015] chdir("./file0")            = 0
[pid  4015] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4015] close(4)                    = 0
[pid  4015] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4014] <... futex resumed>)        = 0
[pid  4014] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4014] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4015] <... futex resumed>)        = 1
[pid  4015] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4015] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4014] <... futex resumed>)        = 0
[pid  4014] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4014] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4015] <... futex resumed>)        = 1
[  159.725794][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  159.734006][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  159.739369][ T4015] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  159.753917][ T4015] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  159.762438][ T4015] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  159.762438][ T4015]   inode = 12 2341
[pid  4015] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4014] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4014] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4014] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4014] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4016], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4016
[pid  4014] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4016 attached
[pid  4016] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4016] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4016] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  159.762438][ T4015]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  159.781959][ T4015] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  159.791573][ T4015] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4015 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  159.802000][ T4015] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  159.810673][ T4015] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  159.818017][ T4015] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  159.827008][ T4015] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  159.833719][ T4015] gfs2: fsid=syz:syz.0: File system withdrawn
[  159.840186][ T4015] CPU: 1 PID: 4015 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  159.850613][ T4015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  159.860678][ T4015] Call Trace:
[  159.863988][ T4015]  <TASK>
[  159.866913][ T4015]  dump_stack_lvl+0x1b1/0x28e
[  159.871596][ T4015]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  159.877064][ T4015]  ? panic+0x710/0x710
[  159.881141][ T4015]  ? kobject_uevent_env+0x46b/0x8e0
[  159.886330][ T4015]  ? do_raw_spin_unlock+0x134/0x8a0
[  159.891541][ T4015]  gfs2_withdraw+0xf33/0x1540
[  159.896359][ T4015]  ? gfs2_lm+0x220/0x220
[  159.900609][ T4015]  ? gfs2_dirent_scan+0xb6/0x650
[  159.905546][ T4015]  ? panic+0x710/0x710
[  159.909609][ T4015]  ? gfs2_permission+0x2ff/0x430
[  159.914556][ T4015]  ? gfs2_consist_inode_i+0xf3/0x110
[  159.919863][ T4015]  gfs2_dirent_scan+0x535/0x650
[pid  4016] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4014] exit_group(0 <unfinished ...>
[pid  4016] <... futex resumed>)        = ?
[pid  4014] <... exit_group resumed>)   = ?
[pid  4016] +++ exited with 0 +++
[  159.924731][ T4015]  ? gfs2_dirent_search+0xb10/0xb10
[  159.929937][ T4015]  gfs2_dirent_search+0x2ea/0xb10
[  159.934975][ T4015]  ? gfs2_dirent_search+0xb10/0xb10
[  159.940180][ T4015]  ? gfs2_dir_search+0x2a0/0x2a0
[  159.945222][ T4015]  ? gfs2_permission+0x3bf/0x430
[  159.950162][ T4015]  gfs2_dir_search+0x8c/0x2a0
[  159.954880][ T4015]  ? do_filldir_main+0x530/0x530
[  159.959821][ T4015]  ? inode_go_held+0xe4/0x1f0
[  159.964512][ T4015]  ? gfs2_glock_wait+0x213/0x2a0
[  159.969452][ T4015]  gfs2_lookupi+0x465/0x650
[  159.973952][ T4015]  ? gfs2_lookup_simple+0x170/0x170
[  159.979146][ T4015]  ? __gfs2_lookup+0x8c/0x260
[  159.983824][ T4015]  __gfs2_lookup+0x8c/0x260
[  159.988341][ T4015]  ? gfs2_atomic_open+0x230/0x230
[  159.993362][ T4015]  ? __d_lookup+0x6a4/0x770
[  159.997952][ T4015]  ? d_hash_and_lookup+0x1c0/0x1c0
[  160.003066][ T4015]  gfs2_atomic_open+0xa4/0x230
[  160.007829][ T4015]  path_openat+0xf39/0x2df0
[  160.012419][ T4015]  ? gfs2_rename2+0x3000/0x3000
[  160.017290][ T4015]  ? do_filp_open+0x4f0/0x4f0
[  160.021971][ T4015]  do_filp_open+0x264/0x4f0
[  160.026463][ T4015]  ? vfs_tmpfile+0x490/0x490
[  160.031067][ T4015]  ? do_raw_spin_unlock+0x134/0x8a0
[  160.036281][ T4015]  ? _raw_spin_unlock+0x24/0x40
[  160.041142][ T4015]  ? alloc_fd+0x5a7/0x640
[  160.045471][ T4015]  do_sys_openat2+0x124/0x4e0
[  160.050147][ T4015]  ? print_irqtrace_events+0x220/0x220
[  160.055620][ T4015]  ? ptrace_stop+0x74d/0x970
[  160.060217][ T4015]  ? do_sys_open+0x220/0x220
[  160.064797][ T4015]  ? lockdep_hardirqs_on+0x8d/0x130
[  160.069987][ T4015]  ? _raw_spin_unlock_irq+0x2a/0x40
[  160.075178][ T4015]  ? ptrace_notify+0x245/0x340
[  160.079930][ T4015]  __x64_sys_openat+0x243/0x290
[  160.084777][ T4015]  ? __ia32_sys_open+0x270/0x270
[  160.089709][ T4015]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  160.095693][ T4015]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  160.101686][ T4015]  do_syscall_64+0x3d/0xb0
[  160.106099][ T4015]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  160.112011][ T4015] RIP: 0033:0x7fc8868064d9
[  160.116450][ T4015] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  160.136059][ T4015] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  160.144472][ T4015] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  160.152437][ T4015] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  160.160406][ T4015] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  160.168382][ T4015] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4015] <... openat resumed>)       = ?
[pid  4015] +++ exited with 0 +++
[pid  4014] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4014, si_uid=0, si_status=0, si_utime=0, si_stime=32} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./125/binderfs")                = 0
[  160.176354][ T4015] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  160.184329][ T4015]  </TASK>
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./125/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./125")                          = 0
mkdir("./126", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4017
./strace-static-x86_64: Process 4017 attached
[pid  4017] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4017] chdir("./126")              = 0
[pid  4017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4017] setpgid(0, 0)               = 0
[pid  4017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4017] write(3, "1000", 4)         = 4
[pid  4017] close(3)                    = 0
[pid  4017] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4017] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4017] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4017] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4018], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4018
[pid  4017] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4017] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4018 attached
 <unfinished ...>
[pid  4018] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4018] memfd_create("syzkaller", 0) = 3
[pid  4018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4018] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4018] munmap(0x7fc87e392000, 16777216) = 0
[pid  4018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4018] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4018] close(3)                    = 0
[pid  4018] mkdir("./file0", 0777)      = 0
[  160.480250][ T4018] loop0: detected capacity change from 0 to 32768
[  160.492108][ T4018] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  160.500455][ T4018] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  160.510204][ T4018] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  160.518973][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  160.526175][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4018] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4018] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4018] chdir("./file0")            = 0
[pid  4018] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4018] close(4)                    = 0
[pid  4018] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4017] <... futex resumed>)        = 0
[pid  4018] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  4017] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4018] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4017] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4018] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4017] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  4018] <... futex resumed>)        = 0
[pid  4017] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4018] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4017] <... futex resumed>)        = 0
[  160.559702][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  160.567852][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  160.573153][ T4018] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  160.604032][ T4018] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  160.612694][ T4018] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  160.612694][ T4018]   inode = 12 2341
[  160.612694][ T4018]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  160.631626][ T4018] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  160.641019][ T4018] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4018 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4017] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4017] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4017] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4017] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4019], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4019
[pid  4017] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4019 attached
[pid  4019] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4019] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4019] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  160.651388][ T4018] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  160.659909][ T4018] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  160.667771][ T4018] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  160.676964][ T4018] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  160.685990][ T4018] gfs2: fsid=syz:syz.0: File system withdrawn
[  160.692412][ T4018] CPU: 1 PID: 4018 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  160.702943][ T4018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  160.713018][ T4018] Call Trace:
[  160.716310][ T4018]  <TASK>
[  160.719243][ T4018]  dump_stack_lvl+0x1b1/0x28e
[  160.723934][ T4018]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  160.729422][ T4018]  ? panic+0x710/0x710
[  160.733501][ T4018]  ? kobject_uevent_env+0x46b/0x8e0
[  160.738703][ T4018]  ? do_raw_spin_unlock+0x134/0x8a0
[  160.743916][ T4018]  gfs2_withdraw+0xf33/0x1540
[  160.748618][ T4018]  ? gfs2_lm+0x220/0x220
[pid  4019] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4017] exit_group(0 <unfinished ...>
[pid  4019] <... futex resumed>)        = ?
[pid  4017] <... exit_group resumed>)   = ?
[pid  4019] +++ exited with 0 +++
[  160.752876][ T4018]  ? gfs2_dirent_scan+0xb6/0x650
[  160.758289][ T4018]  ? panic+0x710/0x710
[  160.762364][ T4018]  ? gfs2_permission+0x2ff/0x430
[  160.767296][ T4018]  ? gfs2_consist_inode_i+0xf3/0x110
[  160.772589][ T4018]  gfs2_dirent_scan+0x535/0x650
[  160.777475][ T4018]  ? gfs2_dirent_search+0xb10/0xb10
[  160.782753][ T4018]  gfs2_dirent_search+0x2ea/0xb10
[  160.787788][ T4018]  ? gfs2_dirent_search+0xb10/0xb10
[  160.793013][ T4018]  ? gfs2_dir_search+0x2a0/0x2a0
[  160.797958][ T4018]  ? gfs2_permission+0x3bf/0x430
[  160.802917][ T4018]  gfs2_dir_search+0x8c/0x2a0
[  160.807598][ T4018]  ? do_filldir_main+0x530/0x530
[  160.812529][ T4018]  ? inode_go_held+0xe4/0x1f0
[  160.817208][ T4018]  ? gfs2_glock_wait+0x213/0x2a0
[  160.822140][ T4018]  gfs2_lookupi+0x465/0x650
[  160.826641][ T4018]  ? gfs2_lookup_simple+0x170/0x170
[  160.831834][ T4018]  ? __gfs2_lookup+0x8c/0x260
[  160.836505][ T4018]  __gfs2_lookup+0x8c/0x260
[  160.841014][ T4018]  ? gfs2_atomic_open+0x230/0x230
[  160.846073][ T4018]  ? __d_lookup+0x6a4/0x770
[  160.850583][ T4018]  ? d_hash_and_lookup+0x1c0/0x1c0
[  160.855705][ T4018]  gfs2_atomic_open+0xa4/0x230
[  160.860489][ T4018]  path_openat+0xf39/0x2df0
[  160.865007][ T4018]  ? gfs2_rename2+0x3000/0x3000
[  160.869862][ T4018]  ? do_filp_open+0x4f0/0x4f0
[  160.874555][ T4018]  do_filp_open+0x264/0x4f0
[  160.879143][ T4018]  ? vfs_tmpfile+0x490/0x490
[  160.883735][ T4018]  ? do_raw_spin_unlock+0x134/0x8a0
[  160.888935][ T4018]  ? _raw_spin_unlock+0x24/0x40
[  160.893782][ T4018]  ? alloc_fd+0x5a7/0x640
[  160.898109][ T4018]  do_sys_openat2+0x124/0x4e0
[  160.902777][ T4018]  ? print_irqtrace_events+0x220/0x220
[  160.908226][ T4018]  ? ptrace_stop+0x74d/0x970
[  160.912826][ T4018]  ? do_sys_open+0x220/0x220
[  160.917506][ T4018]  ? lockdep_hardirqs_on+0x8d/0x130
[  160.922704][ T4018]  ? _raw_spin_unlock_irq+0x2a/0x40
[  160.927911][ T4018]  ? ptrace_notify+0x245/0x340
[  160.932667][ T4018]  __x64_sys_openat+0x243/0x290
[  160.937524][ T4018]  ? __ia32_sys_open+0x270/0x270
[  160.942457][ T4018]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  160.948441][ T4018]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  160.954418][ T4018]  do_syscall_64+0x3d/0xb0
[  160.958827][ T4018]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  160.964723][ T4018] RIP: 0033:0x7fc8868064d9
[  160.969145][ T4018] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  160.990573][ T4018] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  4018] <... openat resumed>)       = ?
[pid  4018] +++ exited with 0 +++
[pid  4017] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4017, si_uid=0, si_status=0, si_utime=2, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./126/binderfs")                = 0
[  160.998983][ T4018] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  161.006954][ T4018] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  161.014921][ T4018] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  161.022887][ T4018] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  161.030862][ T4018] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  161.038854][ T4018]  </TASK>
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./126/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./126")                          = 0
mkdir("./127", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4020
./strace-static-x86_64: Process 4020 attached
[pid  4020] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4020] chdir("./127")              = 0
[pid  4020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4020] setpgid(0, 0)               = 0
[pid  4020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4020] write(3, "1000", 4)         = 4
[pid  4020] close(3)                    = 0
[pid  4020] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4020] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4020] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4020] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4021], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4021
./strace-static-x86_64: Process 4021 attached
[pid  4020] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4020] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4021] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4021] memfd_create("syzkaller", 0) = 3
[pid  4021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4021] munmap(0x7fc87e392000, 16777216) = 0
[pid  4021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4021] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4021] close(3)                    = 0
[pid  4021] mkdir("./file0", 0777)      = 0
[  161.344305][ T4021] loop0: detected capacity change from 0 to 32768
[  161.354939][ T4021] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  161.363166][ T4021] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  161.373082][ T4021] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  161.381835][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  161.390027][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4021] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4021] chdir("./file0")            = 0
[pid  4021] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4021] close(4)                    = 0
[pid  4021] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4020] <... futex resumed>)        = 0
[pid  4020] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4020] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4021] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4021] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4020] <... futex resumed>)        = 0
[pid  4020] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4020] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  161.423499][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  161.432360][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  161.437611][ T4021] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  161.458476][ T4021] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4021] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4020] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4020] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  161.467895][ T4021] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  161.467895][ T4021]   inode = 12 2341
[  161.467895][ T4021]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  161.487158][ T4021] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  161.496506][ T4021] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4021 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  161.507145][ T4021] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  161.516037][ T4021] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  4020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4020] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4020] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4022], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4022
[pid  4020] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4022 attached
[pid  4022] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4022] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4022] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  161.523661][ T4021] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  161.533011][ T4021] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  161.541713][ T4021] gfs2: fsid=syz:syz.0: File system withdrawn
[  161.548003][ T4021] CPU: 1 PID: 4021 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  161.558445][ T4021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  161.568585][ T4021] Call Trace:
[  161.571877][ T4021]  <TASK>
[  161.574809][ T4021]  dump_stack_lvl+0x1b1/0x28e
[  161.579510][ T4021]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  161.584990][ T4021]  ? panic+0x710/0x710
[  161.589067][ T4021]  ? kobject_uevent_env+0x46b/0x8e0
[  161.594283][ T4021]  ? do_raw_spin_unlock+0x134/0x8a0
[  161.599494][ T4021]  gfs2_withdraw+0xf33/0x1540
[  161.604211][ T4021]  ? gfs2_lm+0x220/0x220
[  161.608463][ T4021]  ? gfs2_dirent_scan+0xb6/0x650
[  161.613418][ T4021]  ? panic+0x710/0x710
[  161.617489][ T4021]  ? gfs2_permission+0x2ff/0x430
[pid  4022] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4020] exit_group(0 <unfinished ...>
[pid  4022] <... futex resumed>)        = ?
[pid  4020] <... exit_group resumed>)   = ?
[pid  4022] +++ exited with 0 +++
[  161.622460][ T4021]  ? gfs2_consist_inode_i+0xf3/0x110
[  161.627770][ T4021]  gfs2_dirent_scan+0x535/0x650
[  161.632631][ T4021]  ? gfs2_dirent_search+0xb10/0xb10
[  161.637827][ T4021]  gfs2_dirent_search+0x2ea/0xb10
[  161.642850][ T4021]  ? gfs2_dirent_search+0xb10/0xb10
[  161.648057][ T4021]  ? gfs2_dir_search+0x2a0/0x2a0
[  161.653006][ T4021]  ? gfs2_permission+0x3bf/0x430
[  161.657957][ T4021]  gfs2_dir_search+0x8c/0x2a0
[  161.662646][ T4021]  ? do_filldir_main+0x530/0x530
[  161.667584][ T4021]  ? inode_go_held+0xe4/0x1f0
[  161.672292][ T4021]  ? gfs2_glock_wait+0x213/0x2a0
[  161.677245][ T4021]  gfs2_lookupi+0x465/0x650
[  161.681746][ T4021]  ? gfs2_lookup_simple+0x170/0x170
[  161.686950][ T4021]  ? __gfs2_lookup+0x8c/0x260
[  161.691642][ T4021]  __gfs2_lookup+0x8c/0x260
[  161.696153][ T4021]  ? gfs2_atomic_open+0x230/0x230
[  161.701184][ T4021]  ? __d_lookup+0x6a4/0x770
[  161.705689][ T4021]  ? d_hash_and_lookup+0x1c0/0x1c0
[  161.710802][ T4021]  gfs2_atomic_open+0xa4/0x230
[  161.715579][ T4021]  path_openat+0xf39/0x2df0
[  161.720094][ T4021]  ? gfs2_rename2+0x3000/0x3000
[  161.724961][ T4021]  ? do_filp_open+0x4f0/0x4f0
[  161.729641][ T4021]  do_filp_open+0x264/0x4f0
[  161.734140][ T4021]  ? vfs_tmpfile+0x490/0x490
[  161.738730][ T4021]  ? do_raw_spin_unlock+0x134/0x8a0
[  161.743943][ T4021]  ? _raw_spin_unlock+0x24/0x40
[  161.748805][ T4021]  ? alloc_fd+0x5a7/0x640
[  161.753141][ T4021]  do_sys_openat2+0x124/0x4e0
[  161.757823][ T4021]  ? print_irqtrace_events+0x220/0x220
[  161.763296][ T4021]  ? ptrace_stop+0x74d/0x970
[  161.767901][ T4021]  ? do_sys_open+0x220/0x220
[  161.772487][ T4021]  ? lockdep_hardirqs_on+0x8d/0x130
[  161.777678][ T4021]  ? _raw_spin_unlock_irq+0x2a/0x40
[  161.782877][ T4021]  ? ptrace_notify+0x245/0x340
[  161.787643][ T4021]  __x64_sys_openat+0x243/0x290
[  161.792501][ T4021]  ? __ia32_sys_open+0x270/0x270
[  161.797444][ T4021]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  161.803428][ T4021]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  161.809430][ T4021]  do_syscall_64+0x3d/0xb0
[  161.813837][ T4021]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  161.819719][ T4021] RIP: 0033:0x7fc8868064d9
[  161.824223][ T4021] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  161.843867][ T4021] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  161.852278][ T4021] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  161.860243][ T4021] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  4021] <... openat resumed>)       = ?
[pid  4021] +++ exited with 0 +++
[pid  4020] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4020, si_uid=0, si_status=0, si_utime=0, si_stime=29} ---
umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./127/binderfs")                = 0
[  161.868213][ T4021] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  161.876191][ T4021] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  161.884189][ T4021] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  161.892173][ T4021]  </TASK>
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./127/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./127")                          = 0
mkdir("./128", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4023
./strace-static-x86_64: Process 4023 attached
[pid  4023] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4023] chdir("./128")              = 0
[pid  4023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4023] setpgid(0, 0)               = 0
[pid  4023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4023] write(3, "1000", 4)         = 4
[pid  4023] close(3)                    = 0
[pid  4023] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4023] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4023] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4023] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4024 attached
, parent_tid=[4024], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4024
[pid  4024] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4023] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4023] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4024] <... set_robust_list resumed>) = 0
[pid  4024] memfd_create("syzkaller", 0) = 3
[pid  4024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4024] munmap(0x7fc87e392000, 16777216) = 0
[pid  4024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4024] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4024] close(3)                    = 0
[pid  4024] mkdir("./file0", 0777)      = 0
[  162.196785][ T4024] loop0: detected capacity change from 0 to 32768
[  162.208598][ T4024] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  162.217085][ T4024] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  162.226762][ T4024] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  162.235729][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  162.242799][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4024] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4024] chdir("./file0")            = 0
[pid  4024] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4024] close(4)                    = 0
[pid  4024] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4023] <... futex resumed>)        = 0
[pid  4023] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4023] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4024] <... futex resumed>)        = 1
[pid  4024] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4024] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4023] <... futex resumed>)        = 0
[pid  4023] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4023] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4024] <... futex resumed>)        = 1
[  162.275734][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  162.283280][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  162.288533][ T4024] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  162.316839][ T4024] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  162.325742][ T4024] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  162.325742][ T4024]   inode = 12 2341
[  162.325742][ T4024]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  162.345168][ T4024] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  162.354563][ T4024] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4024 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4024] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4023] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4023] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4023] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4023] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4025], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4025
[pid  4023] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4025 attached
[pid  4025] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4025] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4025] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  162.364817][ T4024] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  162.373854][ T4024] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  162.381228][ T4024] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  162.390016][ T4024] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  162.397969][ T4024] gfs2: fsid=syz:syz.0: File system withdrawn
[  162.404234][ T4024] CPU: 0 PID: 4024 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  162.414642][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  162.424698][ T4024] Call Trace:
[  162.427978][ T4024]  <TASK>
[  162.430915][ T4024]  dump_stack_lvl+0x1b1/0x28e
[  162.435590][ T4024]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  162.441044][ T4024]  ? panic+0x710/0x710
[  162.445107][ T4024]  ? kobject_uevent_env+0x46b/0x8e0
[  162.450310][ T4024]  ? do_raw_spin_unlock+0x134/0x8a0
[  162.455521][ T4024]  gfs2_withdraw+0xf33/0x1540
[  162.460221][ T4024]  ? gfs2_lm+0x220/0x220
[pid  4025] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4023] exit_group(0 <unfinished ...>
[pid  4025] <... futex resumed>)        = ?
[pid  4023] <... exit_group resumed>)   = ?
[pid  4025] +++ exited with 0 +++
[  162.464479][ T4024]  ? gfs2_dirent_scan+0xb6/0x650
[  162.469429][ T4024]  ? panic+0x710/0x710
[  162.473486][ T4024]  ? gfs2_permission+0x2ff/0x430
[  162.478432][ T4024]  ? gfs2_consist_inode_i+0xf3/0x110
[  162.483729][ T4024]  gfs2_dirent_scan+0x535/0x650
[  162.488588][ T4024]  ? gfs2_dirent_search+0xb10/0xb10
[  162.493799][ T4024]  gfs2_dirent_search+0x2ea/0xb10
[  162.498834][ T4024]  ? gfs2_dirent_search+0xb10/0xb10
[  162.504049][ T4024]  ? gfs2_dir_search+0x2a0/0x2a0
[  162.509008][ T4024]  ? gfs2_permission+0x3bf/0x430
[  162.513980][ T4024]  gfs2_dir_search+0x8c/0x2a0
[  162.518669][ T4024]  ? do_filldir_main+0x530/0x530
[  162.523622][ T4024]  ? inode_go_held+0xe4/0x1f0
[  162.528301][ T4024]  ? gfs2_glock_wait+0x213/0x2a0
[  162.533250][ T4024]  gfs2_lookupi+0x465/0x650
[  162.537752][ T4024]  ? gfs2_lookup_simple+0x170/0x170
[  162.542943][ T4024]  ? __gfs2_lookup+0x8c/0x260
[  162.547643][ T4024]  __gfs2_lookup+0x8c/0x260
[  162.552159][ T4024]  ? gfs2_atomic_open+0x230/0x230
[  162.557190][ T4024]  ? __d_lookup+0x6a4/0x770
[  162.561704][ T4024]  ? d_hash_and_lookup+0x1c0/0x1c0
[  162.566808][ T4024]  gfs2_atomic_open+0xa4/0x230
[  162.571571][ T4024]  path_openat+0xf39/0x2df0
[  162.576068][ T4024]  ? gfs2_rename2+0x3000/0x3000
[  162.580935][ T4024]  ? do_filp_open+0x4f0/0x4f0
[  162.585616][ T4024]  do_filp_open+0x264/0x4f0
[  162.590112][ T4024]  ? vfs_tmpfile+0x490/0x490
[  162.594704][ T4024]  ? do_raw_spin_unlock+0x134/0x8a0
[  162.599909][ T4024]  ? _raw_spin_unlock+0x24/0x40
[  162.604772][ T4024]  ? alloc_fd+0x5a7/0x640
[  162.609098][ T4024]  do_sys_openat2+0x124/0x4e0
[  162.613775][ T4024]  ? print_irqtrace_events+0x220/0x220
[  162.619247][ T4024]  ? ptrace_stop+0x74d/0x970
[  162.623846][ T4024]  ? do_sys_open+0x220/0x220
[  162.628426][ T4024]  ? lockdep_hardirqs_on+0x8d/0x130
[  162.633614][ T4024]  ? _raw_spin_unlock_irq+0x2a/0x40
[  162.638811][ T4024]  ? ptrace_notify+0x245/0x340
[  162.643566][ T4024]  __x64_sys_openat+0x243/0x290
[  162.648409][ T4024]  ? __ia32_sys_open+0x270/0x270
[  162.653337][ T4024]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  162.659311][ T4024]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  162.665281][ T4024]  do_syscall_64+0x3d/0xb0
[  162.669684][ T4024]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  162.675575][ T4024] RIP: 0033:0x7fc8868064d9
[  162.679989][ T4024] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  162.699587][ T4024] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  162.707989][ T4024] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  4024] <... openat resumed>)       = ?
[pid  4024] +++ exited with 0 +++
[pid  4023] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4023, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./128/binderfs")                = 0
[  162.715958][ T4024] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  162.723919][ T4024] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  162.732401][ T4024] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  162.740360][ T4024] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  162.748352][ T4024]  </TASK>
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./128/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./128")                          = 0
mkdir("./129", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4026
./strace-static-x86_64: Process 4026 attached
[pid  4026] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4026] chdir("./129")              = 0
[pid  4026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4026] setpgid(0, 0)               = 0
[pid  4026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4026] write(3, "1000", 4)         = 4
[pid  4026] close(3)                    = 0
[pid  4026] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4026] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4026] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4026] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4027 attached
, parent_tid=[4027], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4027
[pid  4027] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4026] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4027] <... set_robust_list resumed>) = 0
[pid  4026] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4027] memfd_create("syzkaller", 0) = 3
[pid  4027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4027] munmap(0x7fc87e392000, 16777216) = 0
[pid  4027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4027] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4027] close(3)                    = 0
[pid  4027] mkdir("./file0", 0777)      = 0
[  163.049779][ T4027] loop0: detected capacity change from 0 to 32768
[  163.060235][ T4027] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  163.068738][ T4027] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  163.078002][ T4027] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  163.087009][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  163.094023][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4027] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4027] chdir("./file0")            = 0
[pid  4027] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4027] close(4)                    = 0
[pid  4027] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4027] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4026] <... futex resumed>)        = 0
[pid  4026] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4026] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4027] <... futex resumed>)        = 0
[pid  4027] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4027] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4026] <... futex resumed>)        = 0
[pid  4026] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4026] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4027] <... futex resumed>)        = 1
[  163.130462][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  163.139205][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  163.144976][ T4027] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  163.167125][ T4027] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4027] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4026] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4026] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4026] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4026] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4028], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4028
[pid  4026] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4028 attached
[pid  4028] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4028] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4028] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  163.175816][ T4027] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  163.175816][ T4027]   inode = 12 2341
[  163.175816][ T4027]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  163.194941][ T4027] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  163.204503][ T4027] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4027 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  163.214577][ T4027] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  163.223083][ T4027] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  163.231301][ T4027] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  163.240515][ T4027] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  163.247056][ T4027] gfs2: fsid=syz:syz.0: File system withdrawn
[  163.253188][ T4027] CPU: 1 PID: 4027 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  163.263617][ T4027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  163.273676][ T4027] Call Trace:
[  163.276945][ T4027]  <TASK>
[  163.279875][ T4027]  dump_stack_lvl+0x1b1/0x28e
[  163.284566][ T4027]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  163.290041][ T4027]  ? panic+0x710/0x710
[  163.294114][ T4027]  ? kobject_uevent_env+0x46b/0x8e0
[  163.299300][ T4027]  ? do_raw_spin_unlock+0x134/0x8a0
[  163.304509][ T4027]  gfs2_withdraw+0xf33/0x1540
[  163.309220][ T4027]  ? gfs2_lm+0x220/0x220
[  163.313464][ T4027]  ? gfs2_dirent_scan+0xb6/0x650
[  163.318406][ T4027]  ? panic+0x710/0x710
[  163.322484][ T4027]  ? gfs2_permission+0x2ff/0x430
[pid  4028] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4026] exit_group(0 <unfinished ...>
[pid  4028] <... futex resumed>)        = ?
[pid  4026] <... exit_group resumed>)   = ?
[pid  4028] +++ exited with 0 +++
[  163.327430][ T4027]  ? gfs2_consist_inode_i+0xf3/0x110
[  163.332715][ T4027]  gfs2_dirent_scan+0x535/0x650
[  163.337577][ T4027]  ? gfs2_dirent_search+0xb10/0xb10
[  163.342768][ T4027]  gfs2_dirent_search+0x2ea/0xb10
[  163.347793][ T4027]  ? gfs2_dirent_search+0xb10/0xb10
[  163.352993][ T4027]  ? gfs2_dir_search+0x2a0/0x2a0
[  163.358090][ T4027]  ? gfs2_permission+0x3bf/0x430
[  163.363040][ T4027]  gfs2_dir_search+0x8c/0x2a0
[  163.367715][ T4027]  ? do_filldir_main+0x530/0x530
[  163.372645][ T4027]  ? inode_go_held+0xe4/0x1f0
[  163.377405][ T4027]  ? gfs2_glock_wait+0x213/0x2a0
[  163.382351][ T4027]  gfs2_lookupi+0x465/0x650
[  163.386850][ T4027]  ? gfs2_lookup_simple+0x170/0x170
[  163.392649][ T4027]  ? __gfs2_lookup+0x8c/0x260
[  163.397336][ T4027]  __gfs2_lookup+0x8c/0x260
[  163.401846][ T4027]  ? gfs2_atomic_open+0x230/0x230
[  163.406874][ T4027]  ? __d_lookup+0x6a4/0x770
[  163.411378][ T4027]  ? d_hash_and_lookup+0x1c0/0x1c0
[  163.416494][ T4027]  gfs2_atomic_open+0xa4/0x230
[  163.421297][ T4027]  path_openat+0xf39/0x2df0
[  163.425799][ T4027]  ? gfs2_rename2+0x3000/0x3000
[  163.430650][ T4027]  ? do_filp_open+0x4f0/0x4f0
[  163.435325][ T4027]  do_filp_open+0x264/0x4f0
[  163.439830][ T4027]  ? vfs_tmpfile+0x490/0x490
[  163.444430][ T4027]  ? do_raw_spin_unlock+0x134/0x8a0
[  163.449644][ T4027]  ? _raw_spin_unlock+0x24/0x40
[  163.454503][ T4027]  ? alloc_fd+0x5a7/0x640
[  163.458828][ T4027]  do_sys_openat2+0x124/0x4e0
[  163.463502][ T4027]  ? print_irqtrace_events+0x220/0x220
[  163.468980][ T4027]  ? ptrace_stop+0x74d/0x970
[  163.473575][ T4027]  ? do_sys_open+0x220/0x220
[  163.478185][ T4027]  ? lockdep_hardirqs_on+0x8d/0x130
[  163.483375][ T4027]  ? _raw_spin_unlock_irq+0x2a/0x40
[  163.488569][ T4027]  ? ptrace_notify+0x245/0x340
[  163.493326][ T4027]  __x64_sys_openat+0x243/0x290
[  163.498243][ T4027]  ? __ia32_sys_open+0x270/0x270
[  163.503188][ T4027]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  163.509172][ T4027]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  163.515150][ T4027]  do_syscall_64+0x3d/0xb0
[  163.519558][ T4027]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  163.525449][ T4027] RIP: 0033:0x7fc8868064d9
[  163.529865][ T4027] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  163.549481][ T4027] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  163.557885][ T4027] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  163.565846][ T4027] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  163.573817][ T4027] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4027] <... openat resumed>)       = ?
[pid  4027] +++ exited with 0 +++
[pid  4026] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4026, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./129/binderfs")                = 0
[  163.581796][ T4027] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  163.589758][ T4027] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  163.597754][ T4027]  </TASK>
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./129/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./129")                          = 0
mkdir("./130", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4029
./strace-static-x86_64: Process 4029 attached
[pid  4029] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4029] chdir("./130")              = 0
[pid  4029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4029] setpgid(0, 0)               = 0
[pid  4029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4029] write(3, "1000", 4)         = 4
[pid  4029] close(3)                    = 0
[pid  4029] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4029] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4029] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4029] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4030], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4030
[pid  4029] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4029] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4030 attached
 <unfinished ...>
[pid  4030] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4030] memfd_create("syzkaller", 0) = 3
[pid  4030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4030] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4030] munmap(0x7fc87e392000, 16777216) = 0
[pid  4030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4030] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4030] close(3)                    = 0
[pid  4030] mkdir("./file0", 0777)      = 0
[  163.886842][ T4030] loop0: detected capacity change from 0 to 32768
[  163.899015][ T4030] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  163.907328][ T4030] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  163.916387][ T4030] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  163.925143][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  163.932119][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4030] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4030] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4030] chdir("./file0")            = 0
[pid  4030] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4030] close(4)                    = 0
[pid  4030] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4029] <... futex resumed>)        = 0
[pid  4029] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4029] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4030] <... futex resumed>)        = 1
[pid  4030] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4030] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4029] <... futex resumed>)        = 0
[pid  4030] <... futex resumed>)        = 1
[pid  4029] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4030] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4029] <... futex resumed>)        = 0
[  163.971020][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 38ms
[  163.979775][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  163.985238][ T4030] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  164.000727][ T4030] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  164.009636][ T4030] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  164.009636][ T4030]   inode = 12 2341
[pid  4029] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4029] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4029] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4029] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4031], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4031
[pid  4029] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4031 attached
[pid  4031] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4031] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4031] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  164.009636][ T4030]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  164.028680][ T4030] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  164.038224][ T4030] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4030 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  164.048593][ T4030] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  164.057685][ T4030] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  164.066111][ T4030] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  164.075317][ T4030] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  164.083313][ T4030] gfs2: fsid=syz:syz.0: File system withdrawn
[  164.091603][ T4030] CPU: 0 PID: 4030 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  164.102016][ T4030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  164.112437][ T4030] Call Trace:
[  164.115709][ T4030]  <TASK>
[  164.118633][ T4030]  dump_stack_lvl+0x1b1/0x28e
[  164.123330][ T4030]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  164.128804][ T4030]  ? panic+0x710/0x710
[  164.132890][ T4030]  ? kobject_uevent_env+0x46b/0x8e0
[  164.138101][ T4030]  ? do_raw_spin_unlock+0x134/0x8a0
[  164.143293][ T4030]  gfs2_withdraw+0xf33/0x1540
[  164.147991][ T4030]  ? gfs2_lm+0x220/0x220
[  164.152234][ T4030]  ? gfs2_dirent_scan+0xb6/0x650
[  164.157173][ T4030]  ? panic+0x710/0x710
[  164.161307][ T4030]  ? gfs2_permission+0x2ff/0x430
[  164.166258][ T4030]  ? gfs2_consist_inode_i+0xf3/0x110
[pid  4031] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4029] exit_group(0 <unfinished ...>
[pid  4031] <... futex resumed>)        = ?
[pid  4029] <... exit_group resumed>)   = ?
[pid  4031] +++ exited with 0 +++
[  164.171551][ T4030]  gfs2_dirent_scan+0x535/0x650
[  164.176508][ T4030]  ? gfs2_dirent_search+0xb10/0xb10
[  164.181703][ T4030]  gfs2_dirent_search+0x2ea/0xb10
[  164.186735][ T4030]  ? gfs2_dirent_search+0xb10/0xb10
[  164.191946][ T4030]  ? gfs2_dir_search+0x2a0/0x2a0
[  164.196890][ T4030]  ? gfs2_permission+0x3bf/0x430
[  164.201870][ T4030]  gfs2_dir_search+0x8c/0x2a0
[  164.206575][ T4030]  ? do_filldir_main+0x530/0x530
[  164.211525][ T4030]  ? inode_go_held+0xe4/0x1f0
[  164.216223][ T4030]  ? gfs2_glock_wait+0x213/0x2a0
[  164.221160][ T4030]  gfs2_lookupi+0x465/0x650
[  164.225673][ T4030]  ? gfs2_lookup_simple+0x170/0x170
[  164.230872][ T4030]  ? __gfs2_lookup+0x8c/0x260
[  164.235540][ T4030]  __gfs2_lookup+0x8c/0x260
[  164.240032][ T4030]  ? gfs2_atomic_open+0x230/0x230
[  164.245059][ T4030]  ? __d_lookup+0x6a4/0x770
[  164.249550][ T4030]  ? d_hash_and_lookup+0x1c0/0x1c0
[  164.254653][ T4030]  gfs2_atomic_open+0xa4/0x230
[  164.259423][ T4030]  path_openat+0xf39/0x2df0
[  164.263937][ T4030]  ? gfs2_rename2+0x3000/0x3000
[  164.268789][ T4030]  ? do_filp_open+0x4f0/0x4f0
[  164.273554][ T4030]  do_filp_open+0x264/0x4f0
[  164.278051][ T4030]  ? vfs_tmpfile+0x490/0x490
[  164.282642][ T4030]  ? do_raw_spin_unlock+0x134/0x8a0
[  164.287836][ T4030]  ? _raw_spin_unlock+0x24/0x40
[  164.292690][ T4030]  ? alloc_fd+0x5a7/0x640
[  164.297024][ T4030]  do_sys_openat2+0x124/0x4e0
[  164.301707][ T4030]  ? print_irqtrace_events+0x220/0x220
[  164.307154][ T4030]  ? ptrace_stop+0x74d/0x970
[  164.311748][ T4030]  ? do_sys_open+0x220/0x220
[  164.316346][ T4030]  ? lockdep_hardirqs_on+0x8d/0x130
[  164.321550][ T4030]  ? _raw_spin_unlock_irq+0x2a/0x40
[  164.326774][ T4030]  ? ptrace_notify+0x245/0x340
[  164.331545][ T4030]  __x64_sys_openat+0x243/0x290
[  164.336397][ T4030]  ? __ia32_sys_open+0x270/0x270
[  164.341435][ T4030]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  164.347427][ T4030]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  164.353512][ T4030]  do_syscall_64+0x3d/0xb0
[  164.358021][ T4030]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  164.363930][ T4030] RIP: 0033:0x7fc8868064d9
[  164.368367][ T4030] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  164.388000][ T4030] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  164.396436][ T4030] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  164.404417][ T4030] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  164.412399][ T4030] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4030] <... openat resumed>)       = ?
[pid  4030] +++ exited with 0 +++
[pid  4029] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4029, si_uid=0, si_status=0, si_utime=0, si_stime=32} ---
umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./130/binderfs")                = 0
[  164.420377][ T4030] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  164.428362][ T4030] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  164.436357][ T4030]  </TASK>
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./130/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./130")                          = 0
mkdir("./131", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4032
./strace-static-x86_64: Process 4032 attached
[pid  4032] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4032] chdir("./131")              = 0
[pid  4032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4032] setpgid(0, 0)               = 0
[pid  4032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4032] write(3, "1000", 4)         = 4
[pid  4032] close(3)                    = 0
[pid  4032] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4032] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4032] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4032] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4033], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4033
[pid  4032] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4032] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4033 attached
 <unfinished ...>
[pid  4033] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4033] memfd_create("syzkaller", 0) = 3
[pid  4033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4033] munmap(0x7fc87e392000, 16777216) = 0
[pid  4033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4033] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4033] close(3)                    = 0
[pid  4033] mkdir("./file0", 0777)      = 0
[  164.726640][ T4033] loop0: detected capacity change from 0 to 32768
[  164.736598][ T4033] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  164.745251][ T4033] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  164.754639][ T4033] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  164.763809][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  164.770666][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4033] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4033] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4033] chdir("./file0")            = 0
[pid  4033] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4033] close(4)                    = 0
[pid  4033] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4033] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4032] <... futex resumed>)        = 0
[pid  4032] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4032] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4033] <... futex resumed>)        = 0
[pid  4033] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4033] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4032] <... futex resumed>)        = 0
[pid  4032] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4032] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4033] <... futex resumed>)        = 1
[  164.807844][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  164.816748][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  164.822105][ T4033] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  164.845348][ T4033] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4033] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4032] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4032] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4032] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4032] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4034], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4034
[pid  4032] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4034 attached
[pid  4034] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4034] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4034] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  164.854291][ T4033] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  164.854291][ T4033]   inode = 12 2341
[  164.854291][ T4033]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  164.874276][ T4033] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  164.883690][ T4033] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4033 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  164.894243][ T4033] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  164.902996][ T4033] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  164.910542][ T4033] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  164.919319][ T4033] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  164.927427][ T4033] gfs2: fsid=syz:syz.0: File system withdrawn
[  164.933862][ T4033] CPU: 0 PID: 4033 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  164.944276][ T4033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  164.954329][ T4033] Call Trace:
[  164.957623][ T4033]  <TASK>
[  164.960559][ T4033]  dump_stack_lvl+0x1b1/0x28e
[  164.965232][ T4033]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  164.970686][ T4033]  ? panic+0x710/0x710
[  164.974745][ T4033]  ? kobject_uevent_env+0x46b/0x8e0
[  164.980195][ T4033]  ? do_raw_spin_unlock+0x134/0x8a0
[  164.985406][ T4033]  gfs2_withdraw+0xf33/0x1540
[  164.990116][ T4033]  ? gfs2_lm+0x220/0x220
[  164.994369][ T4033]  ? gfs2_dirent_scan+0xb6/0x650
[  164.999311][ T4033]  ? panic+0x710/0x710
[  165.003372][ T4033]  ? gfs2_permission+0x2ff/0x430
[pid  4034] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4032] exit_group(0 <unfinished ...>
[pid  4034] <... futex resumed>)        = ?
[pid  4032] <... exit_group resumed>)   = ?
[pid  4034] +++ exited with 0 +++
[  165.008331][ T4033]  ? gfs2_consist_inode_i+0xf3/0x110
[  165.013642][ T4033]  gfs2_dirent_scan+0x535/0x650
[  165.018535][ T4033]  ? gfs2_dirent_search+0xb10/0xb10
[  165.023741][ T4033]  gfs2_dirent_search+0x2ea/0xb10
[  165.028773][ T4033]  ? gfs2_dirent_search+0xb10/0xb10
[  165.033981][ T4033]  ? gfs2_dir_search+0x2a0/0x2a0
[  165.038921][ T4033]  ? gfs2_permission+0x3bf/0x430
[  165.043894][ T4033]  gfs2_dir_search+0x8c/0x2a0
[  165.048577][ T4033]  ? do_filldir_main+0x530/0x530
[  165.053550][ T4033]  ? inode_go_held+0xe4/0x1f0
[  165.058230][ T4033]  ? gfs2_glock_wait+0x213/0x2a0
[  165.063174][ T4033]  gfs2_lookupi+0x465/0x650
[  165.067671][ T4033]  ? gfs2_lookup_simple+0x170/0x170
[  165.072872][ T4033]  ? __gfs2_lookup+0x8c/0x260
[  165.077559][ T4033]  __gfs2_lookup+0x8c/0x260
[  165.082072][ T4033]  ? gfs2_atomic_open+0x230/0x230
[  165.087099][ T4033]  ? __d_lookup+0x6a4/0x770
[  165.091603][ T4033]  ? d_hash_and_lookup+0x1c0/0x1c0
[  165.096717][ T4033]  gfs2_atomic_open+0xa4/0x230
[  165.101491][ T4033]  path_openat+0xf39/0x2df0
[  165.105988][ T4033]  ? gfs2_rename2+0x3000/0x3000
[  165.110852][ T4033]  ? do_filp_open+0x4f0/0x4f0
[  165.115537][ T4033]  do_filp_open+0x264/0x4f0
[  165.120042][ T4033]  ? vfs_tmpfile+0x490/0x490
[  165.124642][ T4033]  ? do_raw_spin_unlock+0x134/0x8a0
[  165.129852][ T4033]  ? _raw_spin_unlock+0x24/0x40
[  165.134714][ T4033]  ? alloc_fd+0x5a7/0x640
[  165.139041][ T4033]  do_sys_openat2+0x124/0x4e0
[  165.143712][ T4033]  ? print_irqtrace_events+0x220/0x220
[  165.149166][ T4033]  ? ptrace_stop+0x74d/0x970
[  165.153756][ T4033]  ? do_sys_open+0x220/0x220
[  165.158350][ T4033]  ? lockdep_hardirqs_on+0x8d/0x130
[  165.163537][ T4033]  ? _raw_spin_unlock_irq+0x2a/0x40
[  165.168728][ T4033]  ? ptrace_notify+0x245/0x340
[  165.173477][ T4033]  __x64_sys_openat+0x243/0x290
[  165.178317][ T4033]  ? __ia32_sys_open+0x270/0x270
[  165.183260][ T4033]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  165.189249][ T4033]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  165.195216][ T4033]  do_syscall_64+0x3d/0xb0
[  165.199618][ T4033]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  165.205509][ T4033] RIP: 0033:0x7fc8868064d9
[  165.209936][ T4033] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  165.229620][ T4033] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  165.238030][ T4033] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  165.246001][ T4033] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  4033] <... openat resumed>)       = ?
[pid  4033] +++ exited with 0 +++
[pid  4032] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4032, si_uid=0, si_status=0, si_utime=1, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./131/binderfs")                = 0
[  165.253964][ T4033] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  165.261933][ T4033] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  165.269938][ T4033] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  165.277922][ T4033]  </TASK>
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./131/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./131")                          = 0
mkdir("./132", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4035
./strace-static-x86_64: Process 4035 attached
[pid  4035] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4035] chdir("./132")              = 0
[pid  4035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4035] setpgid(0, 0)               = 0
[pid  4035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4035] write(3, "1000", 4)         = 4
[pid  4035] close(3)                    = 0
[pid  4035] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4035] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4035] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4035] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4036], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4036
[pid  4035] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4036 attached
 <unfinished ...>
[pid  4036] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4036] memfd_create("syzkaller", 0) = 3
[pid  4036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4036] munmap(0x7fc87e392000, 16777216) = 0
[pid  4036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4036] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4036] close(3)                    = 0
[pid  4036] mkdir("./file0", 0777)      = 0
[  165.586905][ T4036] loop0: detected capacity change from 0 to 32768
[  165.598323][ T4036] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  165.606844][ T4036] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  165.616798][ T4036] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  165.625618][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  165.632990][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4036] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4036] chdir("./file0")            = 0
[pid  4036] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4036] close(4)                    = 0
[pid  4036] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4035] <... futex resumed>)        = 0
[pid  4035] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4036] <... futex resumed>)        = 1
[pid  4036] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4036] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4035] <... futex resumed>)        = 0
[pid  4035] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4036] <... futex resumed>)        = 1
[  165.667825][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 34ms
[  165.676014][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  165.681389][ T4036] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  165.695903][ T4036] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  165.704908][ T4036] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  165.704908][ T4036]   inode = 12 2341
[pid  4036] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4035] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4035] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4035] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4035] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4037], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4037
[pid  4035] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4037 attached
[pid  4037] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4037] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4037] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  165.704908][ T4036]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  165.724137][ T4036] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  165.733527][ T4036] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4036 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  165.743958][ T4036] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  165.752913][ T4036] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  165.760358][ T4036] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  165.769456][ T4036] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  165.776532][ T4036] gfs2: fsid=syz:syz.0: File system withdrawn
[  165.782818][ T4036] CPU: 0 PID: 4036 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  165.793329][ T4036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  165.803385][ T4036] Call Trace:
[  165.806656][ T4036]  <TASK>
[  165.809580][ T4036]  dump_stack_lvl+0x1b1/0x28e
[  165.814255][ T4036]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  165.819708][ T4036]  ? panic+0x710/0x710
[  165.823767][ T4036]  ? kobject_uevent_env+0x46b/0x8e0
[  165.828966][ T4036]  ? do_raw_spin_unlock+0x134/0x8a0
[  165.834175][ T4036]  gfs2_withdraw+0xf33/0x1540
[  165.838889][ T4036]  ? gfs2_lm+0x220/0x220
[  165.843148][ T4036]  ? gfs2_dirent_scan+0xb6/0x650
[  165.848105][ T4036]  ? panic+0x710/0x710
[  165.852167][ T4036]  ? gfs2_permission+0x2ff/0x430
[  165.857119][ T4036]  ? gfs2_consist_inode_i+0xf3/0x110
[  165.862420][ T4036]  gfs2_dirent_scan+0x535/0x650
[  165.867283][ T4036]  ? gfs2_dirent_search+0xb10/0xb10
[  165.872493][ T4036]  gfs2_dirent_search+0x2ea/0xb10
[  165.877511][ T4036]  ? gfs2_dirent_search+0xb10/0xb10
[  165.882715][ T4036]  ? gfs2_dir_search+0x2a0/0x2a0
[  165.887663][ T4036]  ? gfs2_permission+0x3bf/0x430
[  165.892602][ T4036]  gfs2_dir_search+0x8c/0x2a0
[  165.897281][ T4036]  ? do_filldir_main+0x530/0x530
[  165.902215][ T4036]  ? inode_go_held+0xe4/0x1f0
[  165.906888][ T4036]  ? gfs2_glock_wait+0x213/0x2a0
[  165.911823][ T4036]  gfs2_lookupi+0x465/0x650
[  165.916332][ T4036]  ? gfs2_lookup_simple+0x170/0x170
[  165.921526][ T4036]  ? __gfs2_lookup+0x8c/0x260
[  165.926204][ T4036]  __gfs2_lookup+0x8c/0x260
[  165.930703][ T4036]  ? gfs2_atomic_open+0x230/0x230
[  165.935726][ T4036]  ? __d_lookup+0x6a4/0x770
[  165.940221][ T4036]  ? d_hash_and_lookup+0x1c0/0x1c0
[  165.945325][ T4036]  gfs2_atomic_open+0xa4/0x230
[  165.950090][ T4036]  path_openat+0xf39/0x2df0
[  165.954633][ T4036]  ? gfs2_rename2+0x3000/0x3000
[  165.959491][ T4036]  ? do_filp_open+0x4f0/0x4f0
[  165.964173][ T4036]  do_filp_open+0x264/0x4f0
[  165.968670][ T4036]  ? vfs_tmpfile+0x490/0x490
[  165.973260][ T4036]  ? do_raw_spin_unlock+0x134/0x8a0
[  165.978459][ T4036]  ? _raw_spin_unlock+0x24/0x40
[  165.983308][ T4036]  ? alloc_fd+0x5a7/0x640
[  165.987639][ T4036]  do_sys_openat2+0x124/0x4e0
[  165.992309][ T4036]  ? print_irqtrace_events+0x220/0x220
[  165.997758][ T4036]  ? ptrace_stop+0x74d/0x970
[  166.002343][ T4036]  ? do_sys_open+0x220/0x220
[  166.006932][ T4036]  ? lockdep_hardirqs_on+0x8d/0x130
[  166.012124][ T4036]  ? _raw_spin_unlock_irq+0x2a/0x40
[  166.017318][ T4036]  ? ptrace_notify+0x245/0x340
[  166.022079][ T4036]  __x64_sys_openat+0x243/0x290
[  166.026939][ T4036]  ? __ia32_sys_open+0x270/0x270
[  166.031875][ T4036]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  166.037853][ T4036]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  166.043847][ T4036]  do_syscall_64+0x3d/0xb0
[  166.048257][ T4036]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  166.054144][ T4036] RIP: 0033:0x7fc8868064d9
[  166.058553][ T4036] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  166.078154][ T4036] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  166.086559][ T4036] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  166.094520][ T4036] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  166.102509][ T4036] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  166.110469][ T4036] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4037] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4036] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4036] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4035] exit_group(0 <unfinished ...>
[pid  4037] <... futex resumed>)        = ?
[pid  4035] <... exit_group resumed>)   = ?
[pid  4037] +++ exited with 0 +++
[pid  4036] +++ exited with 0 +++
[pid  4035] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4035, si_uid=0, si_status=0, si_utime=1, si_stime=32} ---
umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./132/binderfs")                = 0
[  166.118431][ T4036] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  166.126407][ T4036]  </TASK>
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./132/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./132")                          = 0
mkdir("./133", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4038
./strace-static-x86_64: Process 4038 attached
[pid  4038] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4038] chdir("./133")              = 0
[pid  4038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4038] setpgid(0, 0)               = 0
[pid  4038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4038] write(3, "1000", 4)         = 4
[pid  4038] close(3)                    = 0
[pid  4038] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4038] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4038] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4038] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4039 attached
, parent_tid=[4039], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4039
[pid  4039] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4039] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4038] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4039] <... futex resumed>)        = 0
[pid  4038] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4039] memfd_create("syzkaller", 0) = 3
[pid  4039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4039] munmap(0x7fc87e392000, 16777216) = 0
[pid  4039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4039] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4039] close(3)                    = 0
[pid  4039] mkdir("./file0", 0777)      = 0
[  166.438031][ T4039] loop0: detected capacity change from 0 to 32768
[  166.448004][ T4039] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  166.456212][ T4039] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  166.465440][ T4039] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  166.474329][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  166.481240][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4039] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4039] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4039] chdir("./file0")            = 0
[pid  4039] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4039] close(4)                    = 0
[pid  4039] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4038] <... futex resumed>)        = 0
[pid  4039] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4038] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4039] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  4038] <... futex resumed>)        = 0
[pid  4039] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  4038] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4039] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4039] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4039] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4038] <... futex resumed>)        = 0
[pid  4038] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4038] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4039] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[  166.516387][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  166.524599][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  166.529952][ T4039] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  166.552366][ T4039] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4039] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4038] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4038] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4038] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4038] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4038] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4040], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4040
[pid  4038] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4040 attached
[pid  4040] set_robust_list(0x7fc87f3919e0, 24) = 0
[  166.561038][ T4039] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  166.561038][ T4039]   inode = 12 2341
[  166.561038][ T4039]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  166.579808][ T4039] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  166.589230][ T4039] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4039 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  166.599574][ T4039] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  166.604899][ T4040] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  166.608486][ T4039] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  166.618064][ T4040] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  166.624011][ T4039] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  166.624025][ T4039] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  166.624195][ T4039] gfs2: fsid=syz:syz.0: File system withdrawn
[  166.635774][ T4040] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4039 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  166.641987][ T4039] CPU: 0 PID: 4039 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  166.642008][ T4039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  166.642017][ T4039] Call Trace:
[  166.642024][ T4039]  <TASK>
[  166.642032][ T4039]  dump_stack_lvl+0x1b1/0x28e
[  166.649539][ T4040] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4040 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  166.654480][ T4039]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  166.654504][ T4039]  ? panic+0x710/0x710
[  166.654524][ T4039]  ? kobject_uevent_env+0x46b/0x8e0
[  166.654543][ T4039]  ? do_raw_spin_unlock+0x134/0x8a0
[  166.665498][ T4040] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  166.674894][ T4039]  gfs2_withdraw+0xf33/0x1540
[  166.674937][ T4039]  ? gfs2_lm+0x220/0x220
[  166.674953][ T4039]  ? gfs2_dirent_scan+0xb6/0x650
[  166.747884][ T4039]  ? panic+0x710/0x710
[  166.751949][ T4039]  ? gfs2_permission+0x2ff/0x430
[  166.756906][ T4039]  ? gfs2_consist_inode_i+0xf3/0x110
[  166.762205][ T4039]  gfs2_dirent_scan+0x535/0x650
[  166.767057][ T4039]  ? gfs2_dirent_search+0xb10/0xb10
[  166.772860][ T4039]  gfs2_dirent_search+0x2ea/0xb10
[  166.777876][ T4039]  ? gfs2_dirent_search+0xb10/0xb10
[  166.783071][ T4039]  ? gfs2_dir_search+0x2a0/0x2a0
[  166.788003][ T4039]  ? gfs2_permission+0x3bf/0x430
[  166.792970][ T4039]  gfs2_dir_search+0x8c/0x2a0
[  166.797673][ T4039]  ? do_filldir_main+0x530/0x530
[  166.802620][ T4039]  ? inode_go_held+0xe4/0x1f0
[  166.807294][ T4039]  ? gfs2_glock_wait+0x213/0x2a0
[  166.812236][ T4039]  gfs2_lookupi+0x465/0x650
[pid  4040] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4038] exit_group(0)               = ?
[  166.816769][ T4039]  ? gfs2_lookup_simple+0x170/0x170
[  166.821971][ T4039]  ? __gfs2_lookup+0x8c/0x260
[  166.826665][ T4039]  __gfs2_lookup+0x8c/0x260
[  166.831185][ T4039]  ? gfs2_atomic_open+0x230/0x230
[  166.836205][ T4039]  ? __d_lookup+0x6a4/0x770
[  166.840711][ T4039]  ? d_hash_and_lookup+0x1c0/0x1c0
[  166.845827][ T4039]  gfs2_atomic_open+0xa4/0x230
[  166.850584][ T4039]  path_openat+0xf39/0x2df0
[  166.855085][ T4039]  ? gfs2_rename2+0x3000/0x3000
[  166.859960][ T4039]  ? do_filp_open+0x4f0/0x4f0
[  166.864652][ T4039]  do_filp_open+0x264/0x4f0
[  166.869146][ T4039]  ? vfs_tmpfile+0x490/0x490
[  166.873759][ T4039]  ? do_raw_spin_unlock+0x134/0x8a0
[  166.878981][ T4039]  ? _raw_spin_unlock+0x24/0x40
[  166.883829][ T4039]  ? alloc_fd+0x5a7/0x640
[  166.888154][ T4039]  do_sys_openat2+0x124/0x4e0
[  166.892827][ T4039]  ? print_irqtrace_events+0x220/0x220
[  166.898275][ T4039]  ? ptrace_stop+0x74d/0x970
[  166.902866][ T4039]  ? do_sys_open+0x220/0x220
[  166.907459][ T4039]  ? lockdep_hardirqs_on+0x8d/0x130
[  166.912649][ T4039]  ? _raw_spin_unlock_irq+0x2a/0x40
[  166.917849][ T4039]  ? ptrace_notify+0x245/0x340
[  166.922617][ T4039]  __x64_sys_openat+0x243/0x290
[  166.927476][ T4039]  ? __ia32_sys_open+0x270/0x270
[  166.932420][ T4039]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  166.938401][ T4039]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  166.944387][ T4039]  do_syscall_64+0x3d/0xb0
[  166.948791][ T4039]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  166.954673][ T4039] RIP: 0033:0x7fc8868064d9
[  166.959081][ T4039] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  166.978781][ T4039] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  166.987202][ T4039] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  166.995165][ T4039] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  167.003134][ T4039] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4040] <... openat resumed>)       = ?
[pid  4039] <... openat resumed>)       = ?
[pid  4039] +++ exited with 0 +++
[pid  4040] +++ exited with 0 +++
[pid  4038] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4038, si_uid=0, si_status=0, si_utime=0, si_stime=42} ---
umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./133/binderfs")                = 0
[  167.011116][ T4039] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  167.019088][ T4039] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  167.027065][ T4039]  </TASK>
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./133/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./133")                          = 0
mkdir("./134", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4041
./strace-static-x86_64: Process 4041 attached
[pid  4041] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4041] chdir("./134")              = 0
[pid  4041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4041] setpgid(0, 0)               = 0
[pid  4041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4041] write(3, "1000", 4)         = 4
[pid  4041] close(3)                    = 0
[pid  4041] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4041] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4041] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4041] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4042], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4042
[pid  4041] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4041] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4042 attached
 <unfinished ...>
[pid  4042] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4042] memfd_create("syzkaller", 0) = 3
[pid  4042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4042] munmap(0x7fc87e392000, 16777216) = 0
[pid  4042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4042] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4042] close(3)                    = 0
[pid  4042] mkdir("./file0", 0777)      = 0
[  167.323876][ T4042] loop0: detected capacity change from 0 to 32768
[  167.334450][ T4042] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  167.342710][ T4042] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  167.352168][ T4042] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  167.361227][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  167.368011][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4042] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4042] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4042] chdir("./file0")            = 0
[pid  4042] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4042] close(4)                    = 0
[pid  4042] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4041] <... futex resumed>)        = 0
[pid  4041] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4041] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4042] <... futex resumed>)        = 1
[pid  4042] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4042] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4041] <... futex resumed>)        = 0
[pid  4041] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4041] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4042] <... futex resumed>)        = 1
[  167.401504][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  167.409644][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  167.415254][ T4042] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  167.431610][ T4042] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  167.440581][ T4042] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  167.440581][ T4042]   inode = 12 2341
[pid  4042] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4041] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4041] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4041] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4041] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4041] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4043], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4043
[pid  4041] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4043 attached
[pid  4043] set_robust_list(0x7fc87f3919e0, 24) = 0
[  167.440581][ T4042]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  167.459436][ T4042] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  167.468885][ T4042] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4042 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  167.479138][ T4042] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  167.484564][ T4043] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  167.496040][ T4042] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  167.496560][ T4043] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  167.512560][ T4042] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  167.512907][ T4043] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4042 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  167.531354][ T4042] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  167.533108][ T4042] gfs2: fsid=syz:syz.0: File system withdrawn
[  167.538379][ T4043] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4043 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  167.553943][ T4042] CPU: 1 PID: 4042 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  167.553966][ T4042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  167.553977][ T4042] Call Trace:
[  167.553984][ T4042]  <TASK>
[  167.553992][ T4042]  dump_stack_lvl+0x1b1/0x28e
[  167.564967][ T4043] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  167.574425][ T4042]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  167.574455][ T4042]  ? panic+0x710/0x710
[  167.574476][ T4042]  ? kobject_uevent_env+0x46b/0x8e0
[  167.574495][ T4042]  ? do_raw_spin_unlock+0x134/0x8a0
[  167.574524][ T4042]  gfs2_withdraw+0xf33/0x1540
[  167.574559][ T4042]  ? gfs2_lm+0x220/0x220
[  167.574575][ T4042]  ? gfs2_dirent_scan+0xb6/0x650
[  167.627491][ T4042]  ? panic+0x710/0x710
[  167.631571][ T4042]  ? gfs2_permission+0x2ff/0x430
[  167.636505][ T4042]  ? gfs2_consist_inode_i+0xf3/0x110
[  167.641793][ T4042]  gfs2_dirent_scan+0x535/0x650
[  167.646685][ T4042]  ? gfs2_dirent_search+0xb10/0xb10
[  167.651880][ T4042]  gfs2_dirent_search+0x2ea/0xb10
[  167.656900][ T4042]  ? gfs2_dirent_search+0xb10/0xb10
[  167.662091][ T4042]  ? gfs2_dir_search+0x2a0/0x2a0
[  167.667028][ T4042]  ? gfs2_permission+0x3bf/0x430
[  167.671977][ T4042]  gfs2_dir_search+0x8c/0x2a0
[  167.676655][ T4042]  ? do_filldir_main+0x530/0x530
[  167.681598][ T4042]  ? inode_go_held+0xe4/0x1f0
[  167.686274][ T4042]  ? gfs2_glock_wait+0x213/0x2a0
[  167.691218][ T4042]  gfs2_lookupi+0x465/0x650
[  167.695740][ T4042]  ? gfs2_lookup_simple+0x170/0x170
[pid  4043] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4041] exit_group(0)               = ?
[  167.700944][ T4042]  ? __gfs2_lookup+0x8c/0x260
[  167.705653][ T4042]  __gfs2_lookup+0x8c/0x260
[  167.710159][ T4042]  ? gfs2_atomic_open+0x230/0x230
[  167.715188][ T4042]  ? __d_lookup+0x6a4/0x770
[  167.719692][ T4042]  ? d_hash_and_lookup+0x1c0/0x1c0
[  167.724804][ T4042]  gfs2_atomic_open+0xa4/0x230
[  167.729582][ T4042]  path_openat+0xf39/0x2df0
[  167.734083][ T4042]  ? gfs2_rename2+0x3000/0x3000
[  167.738934][ T4042]  ? do_filp_open+0x4f0/0x4f0
[  167.743617][ T4042]  do_filp_open+0x264/0x4f0
[  167.748118][ T4042]  ? vfs_tmpfile+0x490/0x490
[  167.752719][ T4042]  ? do_raw_spin_unlock+0x134/0x8a0
[  167.757922][ T4042]  ? _raw_spin_unlock+0x24/0x40
[  167.762768][ T4042]  ? alloc_fd+0x5a7/0x640
[  167.767120][ T4042]  do_sys_openat2+0x124/0x4e0
[  167.771787][ T4042]  ? print_irqtrace_events+0x220/0x220
[  167.777232][ T4042]  ? ptrace_stop+0x74d/0x970
[  167.781823][ T4042]  ? do_sys_open+0x220/0x220
[  167.786403][ T4042]  ? lockdep_hardirqs_on+0x8d/0x130
[  167.791599][ T4042]  ? _raw_spin_unlock_irq+0x2a/0x40
[  167.796796][ T4042]  ? ptrace_notify+0x245/0x340
[  167.801556][ T4042]  __x64_sys_openat+0x243/0x290
[  167.806407][ T4042]  ? __ia32_sys_open+0x270/0x270
[  167.811339][ T4042]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  167.817325][ T4042]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  167.823314][ T4042]  do_syscall_64+0x3d/0xb0
[  167.829254][ T4042]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  167.835152][ T4042] RIP: 0033:0x7fc8868064d9
[  167.839573][ T4042] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  167.859169][ T4042] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  167.869497][ T4042] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  167.877478][ T4042] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  167.885438][ T4042] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  167.893428][ T4042] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4043] <... openat resumed>)       = ?
[pid  4042] <... openat resumed>)       = ?
[pid  4043] +++ exited with 0 +++
[pid  4042] +++ exited with 0 +++
[pid  4041] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4041, si_uid=0, si_status=0, si_utime=1, si_stime=39} ---
umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./134/binderfs")                = 0
[  167.901409][ T4042] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  167.909406][ T4042]  </TASK>
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./134/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./134")                          = 0
mkdir("./135", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4044
./strace-static-x86_64: Process 4044 attached
[pid  4044] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4044] chdir("./135")              = 0
[pid  4044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4044] setpgid(0, 0)               = 0
[pid  4044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4044] write(3, "1000", 4)         = 4
[pid  4044] close(3)                    = 0
[pid  4044] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4044] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4044] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4044] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4045], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4045
[pid  4044] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4044] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4045 attached
 <unfinished ...>
[pid  4045] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4045] memfd_create("syzkaller", 0) = 3
[pid  4045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4045] munmap(0x7fc87e392000, 16777216) = 0
[pid  4045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4045] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4045] close(3)                    = 0
[pid  4045] mkdir("./file0", 0777)      = 0
[  168.196712][ T4045] loop0: detected capacity change from 0 to 32768
[  168.207650][ T4045] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  168.215958][ T4045] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  168.227937][ T4045] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  168.236628][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  168.243636][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4045] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4045] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4045] chdir("./file0")            = 0
[pid  4045] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4045] close(4)                    = 0
[pid  4045] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4044] <... futex resumed>)        = 0
[pid  4044] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4044] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4045] <... futex resumed>)        = 1
[pid  4045] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4045] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4044] <... futex resumed>)        = 0
[pid  4044] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4044] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4045] <... futex resumed>)        = 1
[  168.283422][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 39ms
[  168.292133][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  168.297399][ T4045] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  168.317584][ T4045] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  168.326563][ T4045] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  4045] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4044] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4044] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4044] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4044] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4046], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4046
[pid  4044] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4046 attached
[pid  4046] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4046] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4046] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  168.326563][ T4045]   inode = 12 2341
[  168.326563][ T4045]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  168.345718][ T4045] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  168.355113][ T4045] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4045 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  168.365433][ T4045] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  168.374257][ T4045] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  168.382301][ T4045] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  168.391460][ T4045] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  168.399240][ T4045] gfs2: fsid=syz:syz.0: File system withdrawn
[  168.405823][ T4045] CPU: 0 PID: 4045 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  168.416230][ T4045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  168.426272][ T4045] Call Trace:
[  168.429540][ T4045]  <TASK>
[  168.432479][ T4045]  dump_stack_lvl+0x1b1/0x28e
[  168.437160][ T4045]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  168.442604][ T4045]  ? panic+0x710/0x710
[  168.446659][ T4045]  ? kobject_uevent_env+0x46b/0x8e0
[  168.451842][ T4045]  ? do_raw_spin_unlock+0x134/0x8a0
[  168.457031][ T4045]  gfs2_withdraw+0xf33/0x1540
[  168.461708][ T4045]  ? gfs2_lm+0x220/0x220
[  168.465934][ T4045]  ? gfs2_dirent_scan+0xb6/0x650
[  168.470864][ T4045]  ? panic+0x710/0x710
[  168.474918][ T4045]  ? gfs2_permission+0x2ff/0x430
[  168.479846][ T4045]  ? gfs2_consist_inode_i+0xf3/0x110
[  168.485116][ T4045]  gfs2_dirent_scan+0x535/0x650
[  168.489954][ T4045]  ? gfs2_dirent_search+0xb10/0xb10
[  168.495141][ T4045]  gfs2_dirent_search+0x2ea/0xb10
[  168.500161][ T4045]  ? gfs2_dirent_search+0xb10/0xb10
[  168.505350][ T4045]  ? gfs2_dir_search+0x2a0/0x2a0
[  168.510280][ T4045]  ? gfs2_permission+0x3bf/0x430
[  168.515233][ T4045]  gfs2_dir_search+0x8c/0x2a0
[  168.519915][ T4045]  ? do_filldir_main+0x530/0x530
[  168.524850][ T4045]  ? inode_go_held+0xe4/0x1f0
[  168.529527][ T4045]  ? gfs2_glock_wait+0x213/0x2a0
[  168.534462][ T4045]  gfs2_lookupi+0x465/0x650
[  168.538970][ T4045]  ? gfs2_lookup_simple+0x170/0x170
[  168.544167][ T4045]  ? __gfs2_lookup+0x8c/0x260
[  168.548844][ T4045]  __gfs2_lookup+0x8c/0x260
[  168.553341][ T4045]  ? gfs2_atomic_open+0x230/0x230
[  168.558361][ T4045]  ? __d_lookup+0x6a4/0x770
[  168.562855][ T4045]  ? d_hash_and_lookup+0x1c0/0x1c0
[  168.567959][ T4045]  gfs2_atomic_open+0xa4/0x230
[  168.572721][ T4045]  path_openat+0xf39/0x2df0
[  168.577222][ T4045]  ? gfs2_rename2+0x3000/0x3000
[  168.582083][ T4045]  ? do_filp_open+0x4f0/0x4f0
[  168.586767][ T4045]  do_filp_open+0x264/0x4f0
[  168.591264][ T4045]  ? vfs_tmpfile+0x490/0x490
[  168.595861][ T4045]  ? do_raw_spin_unlock+0x134/0x8a0
[  168.601073][ T4045]  ? _raw_spin_unlock+0x24/0x40
[  168.605964][ T4045]  ? alloc_fd+0x5a7/0x640
[  168.610308][ T4045]  do_sys_openat2+0x124/0x4e0
[  168.615002][ T4045]  ? print_irqtrace_events+0x220/0x220
[  168.620464][ T4045]  ? ptrace_stop+0x74d/0x970
[  168.625052][ T4045]  ? do_sys_open+0x220/0x220
[  168.629636][ T4045]  ? lockdep_hardirqs_on+0x8d/0x130
[  168.634847][ T4045]  ? _raw_spin_unlock_irq+0x2a/0x40
[  168.640057][ T4045]  ? ptrace_notify+0x245/0x340
[  168.644830][ T4045]  __x64_sys_openat+0x243/0x290
[  168.649695][ T4045]  ? __ia32_sys_open+0x270/0x270
[  168.654663][ T4045]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  168.660642][ T4045]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  168.666615][ T4045]  do_syscall_64+0x3d/0xb0
[  168.671024][ T4045]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  168.676906][ T4045] RIP: 0033:0x7fc8868064d9
[  168.681312][ T4045] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  168.700908][ T4045] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  168.709313][ T4045] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  168.717277][ T4045] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  168.725242][ T4045] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4046] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4045] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4045] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4045] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4044] exit_group(0 <unfinished ...>
[pid  4046] <... futex resumed>)        = ?
[pid  4044] <... exit_group resumed>)   = ?
[pid  4046] +++ exited with 0 +++
[pid  4045] <... futex resumed>)        = ?
[pid  4045] +++ exited with 0 +++
[pid  4044] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4044, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./135/binderfs")                = 0
[  168.733203][ T4045] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  168.741163][ T4045] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  168.749141][ T4045]  </TASK>
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./135/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./135")                          = 0
mkdir("./136", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4047
./strace-static-x86_64: Process 4047 attached
[pid  4047] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4047] chdir("./136")              = 0
[pid  4047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4047] setpgid(0, 0)               = 0
[pid  4047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4047] write(3, "1000", 4)         = 4
[pid  4047] close(3)                    = 0
[pid  4047] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4047] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4047] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4047] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4048], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4048
[pid  4047] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4047] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4048 attached
 <unfinished ...>
[pid  4048] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4048] memfd_create("syzkaller", 0) = 3
[pid  4048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4048] munmap(0x7fc87e392000, 16777216) = 0
[pid  4048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4048] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4048] close(3)                    = 0
[pid  4048] mkdir("./file0", 0777)      = 0
[  169.035229][ T4048] loop0: detected capacity change from 0 to 32768
[  169.045304][ T4048] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  169.053628][ T4048] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  169.062521][ T4048] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  169.071862][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  169.078631][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4048] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4048] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4048] chdir("./file0")            = 0
[pid  4048] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4048] close(4)                    = 0
[pid  4048] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4047] <... futex resumed>)        = 0
[pid  4047] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4047] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4048] <... futex resumed>)        = 1
[pid  4048] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4048] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4047] <... futex resumed>)        = 0
[pid  4047] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4048] <... futex resumed>)        = 1
[pid  4047] <... futex resumed>)        = 0
[pid  4048] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  169.112026][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  169.119551][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  169.124869][ T4048] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  169.146881][ T4048] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4047] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4047] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4047] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4047] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4049], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4049
[  169.155415][ T4048] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  169.155415][ T4048]   inode = 12 2341
[  169.155415][ T4048]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  169.174846][ T4048] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  169.184127][ T4048] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4048 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  169.194333][ T4048] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  169.202959][ T4048] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  4047] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4049 attached
[pid  4049] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4049] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4049] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  169.211213][ T4048] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  169.220647][ T4048] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  169.227191][ T4048] gfs2: fsid=syz:syz.0: File system withdrawn
[  169.233334][ T4048] CPU: 1 PID: 4048 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  169.243762][ T4048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  169.253823][ T4048] Call Trace:
[  169.259103][ T4048]  <TASK>
[  169.262045][ T4048]  dump_stack_lvl+0x1b1/0x28e
[  169.266726][ T4048]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  169.272173][ T4048]  ? panic+0x710/0x710
[  169.276241][ T4048]  ? kobject_uevent_env+0x46b/0x8e0
[  169.281475][ T4048]  ? do_raw_spin_unlock+0x134/0x8a0
[  169.286682][ T4048]  gfs2_withdraw+0xf33/0x1540
[  169.291385][ T4048]  ? gfs2_lm+0x220/0x220
[  169.295628][ T4048]  ? gfs2_dirent_scan+0xb6/0x650
[  169.300582][ T4048]  ? panic+0x710/0x710
[  169.304668][ T4048]  ? gfs2_permission+0x2ff/0x430
[  169.309614][ T4048]  ? gfs2_consist_inode_i+0xf3/0x110
[  169.314904][ T4048]  gfs2_dirent_scan+0x535/0x650
[  169.319749][ T4048]  ? gfs2_dirent_search+0xb10/0xb10
[  169.324950][ T4048]  gfs2_dirent_search+0x2ea/0xb10
[  169.329985][ T4048]  ? gfs2_dirent_search+0xb10/0xb10
[  169.335180][ T4048]  ? gfs2_dir_search+0x2a0/0x2a0
[  169.340114][ T4048]  ? gfs2_permission+0x3bf/0x430
[  169.345052][ T4048]  gfs2_dir_search+0x8c/0x2a0
[  169.349726][ T4048]  ? do_filldir_main+0x530/0x530
[  169.354661][ T4048]  ? inode_go_held+0xe4/0x1f0
[  169.359335][ T4048]  ? gfs2_glock_wait+0x213/0x2a0
[  169.364266][ T4048]  gfs2_lookupi+0x465/0x650
[  169.368767][ T4048]  ? gfs2_lookup_simple+0x170/0x170
[  169.373960][ T4048]  ? __gfs2_lookup+0x8c/0x260
[  169.378645][ T4048]  __gfs2_lookup+0x8c/0x260
[  169.383231][ T4048]  ? gfs2_atomic_open+0x230/0x230
[  169.388253][ T4048]  ? __d_lookup+0x6a4/0x770
[  169.392748][ T4048]  ? d_hash_and_lookup+0x1c0/0x1c0
[  169.397856][ T4048]  gfs2_atomic_open+0xa4/0x230
[  169.402617][ T4048]  path_openat+0xf39/0x2df0
[  169.407118][ T4048]  ? gfs2_rename2+0x3000/0x3000
[  169.411978][ T4048]  ? do_filp_open+0x4f0/0x4f0
[  169.416693][ T4048]  do_filp_open+0x264/0x4f0
[  169.421200][ T4048]  ? vfs_tmpfile+0x490/0x490
[  169.425791][ T4048]  ? do_raw_spin_unlock+0x134/0x8a0
[  169.430994][ T4048]  ? _raw_spin_unlock+0x24/0x40
[  169.436883][ T4048]  ? alloc_fd+0x5a7/0x640
[  169.441217][ T4048]  do_sys_openat2+0x124/0x4e0
[  169.445913][ T4048]  ? print_irqtrace_events+0x220/0x220
[  169.451362][ T4048]  ? ptrace_stop+0x74d/0x970
[  169.455952][ T4048]  ? do_sys_open+0x220/0x220
[  169.460541][ T4048]  ? lockdep_hardirqs_on+0x8d/0x130
[  169.465736][ T4048]  ? _raw_spin_unlock_irq+0x2a/0x40
[  169.470929][ T4048]  ? ptrace_notify+0x245/0x340
[  169.475708][ T4048]  __x64_sys_openat+0x243/0x290
[  169.480572][ T4048]  ? __ia32_sys_open+0x270/0x270
[  169.485504][ T4048]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  169.491481][ T4048]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  169.497457][ T4048]  do_syscall_64+0x3d/0xb0
[  169.501868][ T4048]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  169.507753][ T4048] RIP: 0033:0x7fc8868064d9
[  169.512160][ T4048] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  169.531759][ T4048] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  169.540179][ T4048] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  169.548144][ T4048] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  169.556106][ T4048] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4049] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4048] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4048] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4048] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4047] exit_group(0 <unfinished ...>
[pid  4049] <... futex resumed>)        = ?
[pid  4048] <... futex resumed>)        = ?
[pid  4047] <... exit_group resumed>)   = ?
[pid  4049] +++ exited with 0 +++
[pid  4048] +++ exited with 0 +++
[pid  4047] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4047, si_uid=0, si_status=0, si_utime=0, si_stime=33} ---
umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./136/binderfs")                = 0
[  169.564066][ T4048] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  169.572026][ T4048] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  169.580000][ T4048]  </TASK>
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./136/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./136")                          = 0
mkdir("./137", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4050
./strace-static-x86_64: Process 4050 attached
[pid  4050] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4050] chdir("./137")              = 0
[pid  4050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4050] setpgid(0, 0)               = 0
[pid  4050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4050] write(3, "1000", 4)         = 4
[pid  4050] close(3)                    = 0
[pid  4050] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4050] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4050] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4050] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4051], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4051
[pid  4050] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4050] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4051 attached
 <unfinished ...>
[pid  4051] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4051] memfd_create("syzkaller", 0) = 3
[pid  4051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4051] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4051] munmap(0x7fc87e392000, 16777216) = 0
[pid  4051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4051] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4051] close(3)                    = 0
[pid  4051] mkdir("./file0", 0777)      = 0
[  169.867659][ T4051] loop0: detected capacity change from 0 to 32768
[  169.878482][ T4051] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  169.886944][ T4051] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  169.896926][ T4051] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  169.905795][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  169.912947][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4051] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4051] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4051] chdir("./file0")            = 0
[pid  4051] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4051] close(4)                    = 0
[pid  4051] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4050] <... futex resumed>)        = 0
[pid  4050] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4050] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4051] <... futex resumed>)        = 1
[pid  4051] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4051] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4050] <... futex resumed>)        = 0
[pid  4050] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4050] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4051] <... futex resumed>)        = 1
[  169.950179][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  169.958668][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  169.964019][ T4051] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  169.988355][ T4051] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4051] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4050] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4050] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4050] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4050] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4052], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4052
[pid  4050] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4052 attached
[pid  4052] set_robust_list(0x7fc87f3919e0, 24) = 0
[  169.997447][ T4051] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  169.997447][ T4051]   inode = 12 2341
[  169.997447][ T4051]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  170.016583][ T4051] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  170.026238][ T4051] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4051 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  170.036761][ T4051] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  170.044312][ T4052] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  170.046205][ T4051] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  170.054160][ T4052] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  170.061259][ T4051] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  170.070460][ T4052] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4051 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  170.079013][ T4051] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  170.089103][ T4052] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4052 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  170.097270][ T4051] gfs2: fsid=syz:syz.0: File system withdrawn
[  170.105715][ T4052] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  170.111827][ T4051] CPU: 1 PID: 4051 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  170.130264][ T4051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  170.140323][ T4051] Call Trace:
[  170.143599][ T4051]  <TASK>
[  170.146522][ T4051]  dump_stack_lvl+0x1b1/0x28e
[  170.151197][ T4051]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  170.156647][ T4051]  ? panic+0x710/0x710
[  170.160710][ T4051]  ? kobject_uevent_env+0x46b/0x8e0
[  170.165901][ T4051]  ? do_raw_spin_unlock+0x134/0x8a0
[  170.171100][ T4051]  gfs2_withdraw+0xf33/0x1540
[  170.175783][ T4051]  ? gfs2_lm+0x220/0x220
[  170.180022][ T4051]  ? gfs2_dirent_scan+0xb6/0x650
[  170.184959][ T4051]  ? panic+0x710/0x710
[  170.189043][ T4051]  ? gfs2_permission+0x2ff/0x430
[  170.193981][ T4051]  ? gfs2_consist_inode_i+0xf3/0x110
[  170.199269][ T4051]  gfs2_dirent_scan+0x535/0x650
[  170.204130][ T4051]  ? gfs2_dirent_search+0xb10/0xb10
[  170.209415][ T4051]  gfs2_dirent_search+0x2ea/0xb10
[  170.214439][ T4051]  ? gfs2_dirent_search+0xb10/0xb10
[  170.219636][ T4051]  ? gfs2_dir_search+0x2a0/0x2a0
[  170.224568][ T4051]  ? gfs2_permission+0x3bf/0x430
[  170.229507][ T4051]  gfs2_dir_search+0x8c/0x2a0
[  170.234528][ T4051]  ? do_filldir_main+0x530/0x530
[  170.239473][ T4051]  ? inode_go_held+0xe4/0x1f0
[  170.244234][ T4051]  ? gfs2_glock_wait+0x213/0x2a0
[  170.249167][ T4051]  gfs2_lookupi+0x465/0x650
[  170.253673][ T4051]  ? gfs2_lookup_simple+0x170/0x170
[  170.258865][ T4051]  ? __gfs2_lookup+0x8c/0x260
[  170.263542][ T4051]  __gfs2_lookup+0x8c/0x260
[  170.268041][ T4051]  ? gfs2_atomic_open+0x230/0x230
[  170.273063][ T4051]  ? __d_lookup+0x6a4/0x770
[  170.277557][ T4051]  ? d_hash_and_lookup+0x1c0/0x1c0
[  170.282662][ T4051]  gfs2_atomic_open+0xa4/0x230
[  170.287430][ T4051]  path_openat+0xf39/0x2df0
[  170.291935][ T4051]  ? gfs2_rename2+0x3000/0x3000
[  170.296793][ T4051]  ? do_filp_open+0x4f0/0x4f0
[  170.301476][ T4051]  do_filp_open+0x264/0x4f0
[  170.305975][ T4051]  ? vfs_tmpfile+0x490/0x490
[  170.310569][ T4051]  ? do_raw_spin_unlock+0x134/0x8a0
[  170.315766][ T4051]  ? _raw_spin_unlock+0x24/0x40
[  170.320616][ T4051]  ? alloc_fd+0x5a7/0x640
[  170.324951][ T4051]  do_sys_openat2+0x124/0x4e0
[  170.329641][ T4051]  ? print_irqtrace_events+0x220/0x220
[  170.335092][ T4051]  ? ptrace_stop+0x74d/0x970
[  170.339719][ T4051]  ? do_sys_open+0x220/0x220
[  170.344304][ T4051]  ? lockdep_hardirqs_on+0x8d/0x130
[  170.349500][ T4051]  ? _raw_spin_unlock_irq+0x2a/0x40
[  170.354697][ T4051]  ? ptrace_notify+0x245/0x340
[  170.359455][ T4051]  __x64_sys_openat+0x243/0x290
[  170.364304][ T4051]  ? __ia32_sys_open+0x270/0x270
[  170.369239][ T4051]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  170.375222][ T4051]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  170.381201][ T4051]  do_syscall_64+0x3d/0xb0
[  170.385610][ T4051]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  170.391494][ T4051] RIP: 0033:0x7fc8868064d9
[  170.395901][ T4051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  170.415502][ T4051] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  170.423908][ T4051] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  170.431871][ T4051] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  170.439834][ T4051] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4052] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4051] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4051] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4051] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4052] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4052] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4052] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4050] exit_group(0 <unfinished ...>
[pid  4052] <... futex resumed>)        = ?
[pid  4050] <... exit_group resumed>)   = ?
[pid  4052] +++ exited with 0 +++
[pid  4051] <... futex resumed>)        = ?
[pid  4051] +++ exited with 0 +++
[pid  4050] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4050, si_uid=0, si_status=0, si_utime=0, si_stime=41} ---
umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./137/binderfs")                = 0
[  170.447795][ T4051] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  170.455753][ T4051] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  170.463728][ T4051]  </TASK>
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./137/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./137")                          = 0
mkdir("./138", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4053
./strace-static-x86_64: Process 4053 attached
[pid  4053] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4053] chdir("./138")              = 0
[pid  4053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4053] setpgid(0, 0)               = 0
[pid  4053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4053] write(3, "1000", 4)         = 4
[pid  4053] close(3)                    = 0
[pid  4053] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4053] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4053] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4053] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4054 attached
, parent_tid=[4054], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4054
[pid  4054] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4054] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4053] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4054] <... futex resumed>)        = 0
[pid  4053] <... futex resumed>)        = 1
[pid  4053] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4054] memfd_create("syzkaller", 0) = 3
[pid  4054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4054] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4054] munmap(0x7fc87e392000, 16777216) = 0
[pid  4054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4054] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4054] close(3)                    = 0
[pid  4054] mkdir("./file0", 0777)      = 0
[  170.761654][ T4054] loop0: detected capacity change from 0 to 32768
[  170.772071][ T4054] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  170.780304][ T4054] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  170.789898][ T4054] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  170.799204][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  170.806332][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4054] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4054] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4054] chdir("./file0")            = 0
[pid  4054] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4054] close(4)                    = 0
[pid  4054] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4053] <... futex resumed>)        = 0
[pid  4053] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4053] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4054] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4054] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4053] <... futex resumed>)        = 0
[pid  4053] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4053] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  170.838785][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  170.846334][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  170.851881][ T4054] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  170.887067][ T4054] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  170.895797][ T4054] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  170.895797][ T4054]   inode = 12 2341
[  170.895797][ T4054]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  170.916444][ T4054] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  170.926042][ T4054] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4054 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4054] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4053] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4053] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4053] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4053] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4055], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4055
[pid  4053] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4055 attached
[pid  4055] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4055] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4055] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  170.936282][ T4054] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  170.945126][ T4054] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  170.952693][ T4054] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  170.961713][ T4054] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  170.969947][ T4054] gfs2: fsid=syz:syz.0: File system withdrawn
[  170.976358][ T4054] CPU: 0 PID: 4054 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  170.988507][ T4054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  170.998558][ T4054] Call Trace:
[  171.001834][ T4054]  <TASK>
[  171.004779][ T4054]  dump_stack_lvl+0x1b1/0x28e
[  171.009465][ T4054]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  171.014921][ T4054]  ? panic+0x710/0x710
[  171.018990][ T4054]  ? kobject_uevent_env+0x46b/0x8e0
[  171.024193][ T4054]  ? do_raw_spin_unlock+0x134/0x8a0
[  171.029396][ T4054]  gfs2_withdraw+0xf33/0x1540
[pid  4055] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4053] exit_group(0 <unfinished ...>
[pid  4055] <... futex resumed>)        = ?
[pid  4053] <... exit_group resumed>)   = ?
[pid  4055] +++ exited with 0 +++
[  171.034090][ T4054]  ? gfs2_lm+0x220/0x220
[  171.038335][ T4054]  ? gfs2_dirent_scan+0xb6/0x650
[  171.043270][ T4054]  ? panic+0x710/0x710
[  171.047328][ T4054]  ? gfs2_permission+0x2ff/0x430
[  171.052257][ T4054]  ? gfs2_consist_inode_i+0xf3/0x110
[  171.057533][ T4054]  gfs2_dirent_scan+0x535/0x650
[  171.062391][ T4054]  ? gfs2_dirent_search+0xb10/0xb10
[  171.067598][ T4054]  gfs2_dirent_search+0x2ea/0xb10
[  171.072618][ T4054]  ? gfs2_dirent_search+0xb10/0xb10
[  171.077821][ T4054]  ? gfs2_dir_search+0x2a0/0x2a0
[  171.082788][ T4054]  ? gfs2_permission+0x3bf/0x430
[  171.087739][ T4054]  gfs2_dir_search+0x8c/0x2a0
[  171.092410][ T4054]  ? do_filldir_main+0x530/0x530
[  171.097425][ T4054]  ? inode_go_held+0xe4/0x1f0
[  171.102092][ T4054]  ? gfs2_glock_wait+0x213/0x2a0
[  171.107017][ T4054]  gfs2_lookupi+0x465/0x650
[  171.111519][ T4054]  ? gfs2_lookup_simple+0x170/0x170
[  171.116707][ T4054]  ? __gfs2_lookup+0x8c/0x260
[  171.121378][ T4054]  __gfs2_lookup+0x8c/0x260
[  171.125894][ T4054]  ? gfs2_atomic_open+0x230/0x230
[  171.130928][ T4054]  ? __d_lookup+0x6a4/0x770
[  171.135427][ T4054]  ? d_hash_and_lookup+0x1c0/0x1c0
[  171.140543][ T4054]  gfs2_atomic_open+0xa4/0x230
[  171.145309][ T4054]  path_openat+0xf39/0x2df0
[  171.149812][ T4054]  ? gfs2_rename2+0x3000/0x3000
[  171.154686][ T4054]  ? do_filp_open+0x4f0/0x4f0
[  171.159383][ T4054]  do_filp_open+0x264/0x4f0
[  171.163906][ T4054]  ? vfs_tmpfile+0x490/0x490
[  171.168522][ T4054]  ? do_raw_spin_unlock+0x134/0x8a0
[  171.173734][ T4054]  ? _raw_spin_unlock+0x24/0x40
[  171.178580][ T4054]  ? alloc_fd+0x5a7/0x640
[  171.182907][ T4054]  do_sys_openat2+0x124/0x4e0
[  171.187582][ T4054]  ? print_irqtrace_events+0x220/0x220
[  171.193028][ T4054]  ? ptrace_stop+0x74d/0x970
[  171.197623][ T4054]  ? do_sys_open+0x220/0x220
[  171.202218][ T4054]  ? lockdep_hardirqs_on+0x8d/0x130
[  171.207418][ T4054]  ? _raw_spin_unlock_irq+0x2a/0x40
[  171.212629][ T4054]  ? ptrace_notify+0x245/0x340
[  171.217397][ T4054]  __x64_sys_openat+0x243/0x290
[  171.222253][ T4054]  ? __ia32_sys_open+0x270/0x270
[  171.227199][ T4054]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  171.233173][ T4054]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  171.239152][ T4054]  do_syscall_64+0x3d/0xb0
[  171.243563][ T4054]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  171.249447][ T4054] RIP: 0033:0x7fc8868064d9
[  171.253853][ T4054] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  171.273477][ T4054] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  4054] <... openat resumed>)       = ?
[pid  4054] +++ exited with 0 +++
[pid  4053] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4053, si_uid=0, si_status=0, si_utime=3, si_stime=26} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./138/binderfs")                = 0
[  171.281903][ T4054] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  171.289877][ T4054] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  171.297858][ T4054] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  171.305817][ T4054] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  171.313784][ T4054] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  171.321758][ T4054]  </TASK>
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./138/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./138")                          = 0
mkdir("./139", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4056
./strace-static-x86_64: Process 4056 attached
[pid  4056] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4056] chdir("./139")              = 0
[pid  4056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4056] setpgid(0, 0)               = 0
[pid  4056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4056] write(3, "1000", 4)         = 4
[pid  4056] close(3)                    = 0
[pid  4056] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4056] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4056] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4056] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4057], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4057
[pid  4056] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4056] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4057 attached
 <unfinished ...>
[pid  4057] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4057] memfd_create("syzkaller", 0) = 3
[pid  4057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4057] munmap(0x7fc87e392000, 16777216) = 0
[pid  4057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4057] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4057] close(3)                    = 0
[pid  4057] mkdir("./file0", 0777)      = 0
[  171.607156][ T4057] loop0: detected capacity change from 0 to 32768
[  171.618146][ T4057] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  171.626628][ T4057] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  171.636710][ T4057] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  171.645546][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  171.652667][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4057] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4057] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4057] chdir("./file0")            = 0
[pid  4057] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4057] close(4)                    = 0
[pid  4057] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4056] <... futex resumed>)        = 0
[pid  4056] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4056] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4057] <... futex resumed>)        = 1
[pid  4057] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4057] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4056] <... futex resumed>)        = 0
[pid  4056] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4056] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4057] <... futex resumed>)        = 1
[  171.685044][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  171.693824][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  171.699059][ T4057] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  171.722362][ T4057] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4057] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4056] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4056] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4056] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4056] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4058], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4058
[pid  4056] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4058 attached
[pid  4058] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4058] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4058] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  171.731272][ T4057] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  171.731272][ T4057]   inode = 12 2341
[  171.731272][ T4057]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  171.750551][ T4057] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  171.759640][ T4057] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4057 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  171.770213][ T4057] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  171.778669][ T4057] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  171.786449][ T4057] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  171.795771][ T4057] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  171.803853][ T4057] gfs2: fsid=syz:syz.0: File system withdrawn
[  171.809947][ T4057] CPU: 0 PID: 4057 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  171.820368][ T4057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  171.830422][ T4057] Call Trace:
[  171.833702][ T4057]  <TASK>
[  171.836643][ T4057]  dump_stack_lvl+0x1b1/0x28e
[  171.841329][ T4057]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  171.846778][ T4057]  ? panic+0x710/0x710
[  171.850840][ T4057]  ? kobject_uevent_env+0x46b/0x8e0
[  171.856036][ T4057]  ? do_raw_spin_unlock+0x134/0x8a0
[  171.861248][ T4057]  gfs2_withdraw+0xf33/0x1540
[  171.865940][ T4057]  ? gfs2_lm+0x220/0x220
[  171.870197][ T4057]  ? gfs2_dirent_scan+0xb6/0x650
[  171.875145][ T4057]  ? panic+0x710/0x710
[  171.879201][ T4057]  ? gfs2_permission+0x2ff/0x430
[pid  4058] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4056] exit_group(0 <unfinished ...>
[pid  4058] <... futex resumed>)        = ?
[pid  4056] <... exit_group resumed>)   = ?
[pid  4058] +++ exited with 0 +++
[  171.884147][ T4057]  ? gfs2_consist_inode_i+0xf3/0x110
[  171.889442][ T4057]  gfs2_dirent_scan+0x535/0x650
[  171.894300][ T4057]  ? gfs2_dirent_search+0xb10/0xb10
[  171.899525][ T4057]  gfs2_dirent_search+0x2ea/0xb10
[  171.904577][ T4057]  ? gfs2_dirent_search+0xb10/0xb10
[  171.909770][ T4057]  ? gfs2_dir_search+0x2a0/0x2a0
[  171.914711][ T4057]  ? gfs2_permission+0x3bf/0x430
[  171.919696][ T4057]  gfs2_dir_search+0x8c/0x2a0
[  171.924414][ T4057]  ? do_filldir_main+0x530/0x530
[  171.929362][ T4057]  ? inode_go_held+0xe4/0x1f0
[  171.934046][ T4057]  ? gfs2_glock_wait+0x213/0x2a0
[  171.938991][ T4057]  gfs2_lookupi+0x465/0x650
[  171.943505][ T4057]  ? gfs2_lookup_simple+0x170/0x170
[  171.948712][ T4057]  ? __gfs2_lookup+0x8c/0x260
[  171.953381][ T4057]  __gfs2_lookup+0x8c/0x260
[  171.957879][ T4057]  ? gfs2_atomic_open+0x230/0x230
[  171.962912][ T4057]  ? __d_lookup+0x6a4/0x770
[  171.968720][ T4057]  ? d_hash_and_lookup+0x1c0/0x1c0
[  171.973839][ T4057]  gfs2_atomic_open+0xa4/0x230
[  171.978630][ T4057]  path_openat+0xf39/0x2df0
[  171.983129][ T4057]  ? gfs2_rename2+0x3000/0x3000
[  171.987980][ T4057]  ? do_filp_open+0x4f0/0x4f0
[  171.992653][ T4057]  do_filp_open+0x264/0x4f0
[  171.997159][ T4057]  ? vfs_tmpfile+0x490/0x490
[  172.001757][ T4057]  ? do_raw_spin_unlock+0x134/0x8a0
[  172.006962][ T4057]  ? _raw_spin_unlock+0x24/0x40
[  172.011819][ T4057]  ? alloc_fd+0x5a7/0x640
[  172.016241][ T4057]  do_sys_openat2+0x124/0x4e0
[  172.020944][ T4057]  ? print_irqtrace_events+0x220/0x220
[  172.026409][ T4057]  ? ptrace_stop+0x74d/0x970
[  172.031009][ T4057]  ? do_sys_open+0x220/0x220
[  172.035593][ T4057]  ? lockdep_hardirqs_on+0x8d/0x130
[  172.040805][ T4057]  ? _raw_spin_unlock_irq+0x2a/0x40
[  172.046008][ T4057]  ? ptrace_notify+0x245/0x340
[  172.050779][ T4057]  __x64_sys_openat+0x243/0x290
[  172.055640][ T4057]  ? __ia32_sys_open+0x270/0x270
[  172.060598][ T4057]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  172.066583][ T4057]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  172.072584][ T4057]  do_syscall_64+0x3d/0xb0
[  172.077249][ T4057]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  172.083144][ T4057] RIP: 0033:0x7fc8868064d9
[  172.087573][ T4057] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  172.107260][ T4057] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  172.115671][ T4057] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  172.123636][ T4057] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  4057] <... openat resumed>)       = ?
[pid  4057] +++ exited with 0 +++
[pid  4056] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4056, si_uid=0, si_status=0, si_utime=0, si_stime=30} ---
umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./139/binderfs")                = 0
[  172.131601][ T4057] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  172.139571][ T4057] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  172.147547][ T4057] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  172.155523][ T4057]  </TASK>
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./139/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./139")                          = 0
mkdir("./140", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4059
./strace-static-x86_64: Process 4059 attached
[pid  4059] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4059] chdir("./140")              = 0
[pid  4059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4059] setpgid(0, 0)               = 0
[pid  4059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4059] write(3, "1000", 4)         = 4
[pid  4059] close(3)                    = 0
[pid  4059] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4059] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4059] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4059] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4060], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4060
[pid  4059] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4059] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4060 attached
 <unfinished ...>
[pid  4060] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4060] memfd_create("syzkaller", 0) = 3
[pid  4060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4060] munmap(0x7fc87e392000, 16777216) = 0
[pid  4060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4060] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4060] close(3)                    = 0
[pid  4060] mkdir("./file0", 0777)      = 0
[  172.452302][ T4060] loop0: detected capacity change from 0 to 32768
[  172.462474][ T4060] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  172.470815][ T4060] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  172.480826][ T4060] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  172.489610][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  172.497388][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4060] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4060] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4060] chdir("./file0")            = 0
[pid  4060] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4060] close(4)                    = 0
[pid  4060] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4059] <... futex resumed>)        = 0
[pid  4060] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4059] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4059] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4060] <... futex resumed>)        = 0
[pid  4060] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4060] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4059] <... futex resumed>)        = 0
[pid  4059] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4059] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4060] <... futex resumed>)        = 1
[  172.530591][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  172.538141][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  172.543541][ T4060] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  172.567674][ T4060] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4060] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4059] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  172.576250][ T4060] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  172.576250][ T4060]   inode = 12 2341
[  172.576250][ T4060]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  172.595306][ T4060] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  172.604402][ T4060] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4060 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  172.614513][ T4060] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  172.623080][ T4060] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  4059] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4059] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4059] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4061], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4061
[pid  4059] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4061 attached
[pid  4061] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4061] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4061] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  172.631879][ T4060] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  172.641064][ T4060] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  172.649875][ T4060] gfs2: fsid=syz:syz.0: File system withdrawn
[  172.656453][ T4060] CPU: 0 PID: 4060 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  172.666878][ T4060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  172.676923][ T4060] Call Trace:
[  172.680194][ T4060]  <TASK>
[  172.683118][ T4060]  dump_stack_lvl+0x1b1/0x28e
[  172.687794][ T4060]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  172.693262][ T4060]  ? panic+0x710/0x710
[  172.697322][ T4060]  ? kobject_uevent_env+0x46b/0x8e0
[  172.702510][ T4060]  ? do_raw_spin_unlock+0x134/0x8a0
[  172.707704][ T4060]  gfs2_withdraw+0xf33/0x1540
[  172.712394][ T4060]  ? gfs2_lm+0x220/0x220
[  172.716625][ T4060]  ? gfs2_dirent_scan+0xb6/0x650
[  172.721557][ T4060]  ? panic+0x710/0x710
[  172.725615][ T4060]  ? gfs2_permission+0x2ff/0x430
[pid  4061] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4059] exit_group(0)               = ?
[pid  4061] <... futex resumed>)        = ?
[pid  4061] +++ exited with 0 +++
[  172.730562][ T4060]  ? gfs2_consist_inode_i+0xf3/0x110
[  172.735848][ T4060]  gfs2_dirent_scan+0x535/0x650
[  172.740720][ T4060]  ? gfs2_dirent_search+0xb10/0xb10
[  172.745924][ T4060]  gfs2_dirent_search+0x2ea/0xb10
[  172.750960][ T4060]  ? gfs2_dirent_search+0xb10/0xb10
[  172.756170][ T4060]  ? gfs2_dir_search+0x2a0/0x2a0
[  172.761213][ T4060]  ? gfs2_permission+0x3bf/0x430
[  172.766156][ T4060]  gfs2_dir_search+0x8c/0x2a0
[  172.770835][ T4060]  ? do_filldir_main+0x530/0x530
[  172.775775][ T4060]  ? inode_go_held+0xe4/0x1f0
[  172.780496][ T4060]  ? gfs2_glock_wait+0x213/0x2a0
[  172.785425][ T4060]  gfs2_lookupi+0x465/0x650
[  172.789924][ T4060]  ? gfs2_lookup_simple+0x170/0x170
[  172.795113][ T4060]  ? __gfs2_lookup+0x8c/0x260
[  172.799798][ T4060]  __gfs2_lookup+0x8c/0x260
[  172.804293][ T4060]  ? gfs2_atomic_open+0x230/0x230
[  172.809307][ T4060]  ? __d_lookup+0x6a4/0x770
[  172.813799][ T4060]  ? d_hash_and_lookup+0x1c0/0x1c0
[  172.818916][ T4060]  gfs2_atomic_open+0xa4/0x230
[  172.823691][ T4060]  path_openat+0xf39/0x2df0
[  172.828205][ T4060]  ? gfs2_rename2+0x3000/0x3000
[  172.833068][ T4060]  ? do_filp_open+0x4f0/0x4f0
[  172.837759][ T4060]  do_filp_open+0x264/0x4f0
[  172.842259][ T4060]  ? vfs_tmpfile+0x490/0x490
[  172.846842][ T4060]  ? do_raw_spin_unlock+0x134/0x8a0
[  172.852031][ T4060]  ? _raw_spin_unlock+0x24/0x40
[  172.856866][ T4060]  ? alloc_fd+0x5a7/0x640
[  172.861193][ T4060]  do_sys_openat2+0x124/0x4e0
[  172.865858][ T4060]  ? print_irqtrace_events+0x220/0x220
[  172.871297][ T4060]  ? ptrace_stop+0x74d/0x970
[  172.875891][ T4060]  ? do_sys_open+0x220/0x220
[  172.880470][ T4060]  ? lockdep_hardirqs_on+0x8d/0x130
[  172.885651][ T4060]  ? _raw_spin_unlock_irq+0x2a/0x40
[  172.890836][ T4060]  ? ptrace_notify+0x245/0x340
[  172.895581][ T4060]  __x64_sys_openat+0x243/0x290
[  172.900420][ T4060]  ? __ia32_sys_open+0x270/0x270
[  172.905341][ T4060]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  172.911307][ T4060]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  172.917273][ T4060]  do_syscall_64+0x3d/0xb0
[  172.921681][ T4060]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  172.927581][ T4060] RIP: 0033:0x7fc8868064d9
[  172.931998][ T4060] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  172.951943][ T4060] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  172.960343][ T4060] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  172.968299][ T4060] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[pid  4060] <... openat resumed>)       = ?
[pid  4060] +++ exited with 0 +++
[pid  4059] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4059, si_uid=0, si_status=0, si_utime=4, si_stime=27} ---
umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./140/binderfs")                = 0
[  172.976255][ T4060] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  172.984212][ T4060] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  172.992164][ T4060] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  173.000129][ T4060]  </TASK>
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./140/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./140")                          = 0
mkdir("./141", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4062
./strace-static-x86_64: Process 4062 attached
[pid  4062] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4062] chdir("./141")              = 0
[pid  4062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4062] setpgid(0, 0)               = 0
[pid  4062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4062] write(3, "1000", 4)         = 4
[pid  4062] close(3)                    = 0
[pid  4062] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4062] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4062] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4062] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4063 attached
 <unfinished ...>
[pid  4063] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4062] <... clone resumed>, parent_tid=[4063], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4063
[pid  4062] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4063] <... set_robust_list resumed>) = 0
[pid  4062] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4063] memfd_create("syzkaller", 0) = 3
[pid  4063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4063] munmap(0x7fc87e392000, 16777216) = 0
[pid  4063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4063] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4063] close(3)                    = 0
[pid  4063] mkdir("./file0", 0777)      = 0
[  173.293902][ T4063] loop0: detected capacity change from 0 to 32768
[  173.305518][ T4063] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  173.313764][ T4063] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  173.323537][ T4063] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  173.332286][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  173.339050][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4063] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4063] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4063] chdir("./file0")            = 0
[pid  4063] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4063] close(4)                    = 0
[pid  4063] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4062] <... futex resumed>)        = 0
[pid  4062] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4062] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4063] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4063] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4062] <... futex resumed>)        = 0
[pid  4062] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4062] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  173.371526][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 32ms
[  173.379740][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  173.385172][ T4063] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  173.406846][ T4063] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4063] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4062] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[  173.415825][ T4063] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  173.415825][ T4063]   inode = 12 2341
[  173.415825][ T4063]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  173.434758][ T4063] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  173.444489][ T4063] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4063 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  173.454837][ T4063] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  173.463658][ T4063] gfs2: fsid=syz:syz.0: about to withdraw this file system
[pid  4062] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4062] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4062] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4064], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4064
[pid  4062] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4064 attached
[pid  4064] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4064] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4064] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  173.471132][ T4063] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  173.480345][ T4063] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  173.487527][ T4063] gfs2: fsid=syz:syz.0: File system withdrawn
[  173.493768][ T4063] CPU: 0 PID: 4063 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  173.504202][ T4063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  173.514282][ T4063] Call Trace:
[  173.517569][ T4063]  <TASK>
[  173.520502][ T4063]  dump_stack_lvl+0x1b1/0x28e
[  173.525199][ T4063]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  173.530686][ T4063]  ? panic+0x710/0x710
[  173.534769][ T4063]  ? kobject_uevent_env+0x46b/0x8e0
[  173.539961][ T4063]  ? do_raw_spin_unlock+0x134/0x8a0
[  173.545171][ T4063]  gfs2_withdraw+0xf33/0x1540
[  173.549869][ T4063]  ? gfs2_lm+0x220/0x220
[  173.554102][ T4063]  ? gfs2_dirent_scan+0xb6/0x650
[  173.559043][ T4063]  ? panic+0x710/0x710
[  173.563132][ T4063]  ? gfs2_permission+0x2ff/0x430
[pid  4064] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4062] exit_group(0 <unfinished ...>
[pid  4064] <... futex resumed>)        = ?
[pid  4062] <... exit_group resumed>)   = ?
[pid  4064] +++ exited with 0 +++
[  173.568082][ T4063]  ? gfs2_consist_inode_i+0xf3/0x110
[  173.573359][ T4063]  gfs2_dirent_scan+0x535/0x650
[  173.578207][ T4063]  ? gfs2_dirent_search+0xb10/0xb10
[  173.583408][ T4063]  gfs2_dirent_search+0x2ea/0xb10
[  173.588437][ T4063]  ? gfs2_dirent_search+0xb10/0xb10
[  173.593656][ T4063]  ? gfs2_dir_search+0x2a0/0x2a0
[  173.598616][ T4063]  ? gfs2_permission+0x3bf/0x430
[  173.603579][ T4063]  gfs2_dir_search+0x8c/0x2a0
[  173.608253][ T4063]  ? do_filldir_main+0x530/0x530
[  173.613193][ T4063]  ? inode_go_held+0xe4/0x1f0
[  173.617865][ T4063]  ? gfs2_glock_wait+0x213/0x2a0
[  173.622811][ T4063]  gfs2_lookupi+0x465/0x650
[  173.627330][ T4063]  ? gfs2_lookup_simple+0x170/0x170
[  173.632543][ T4063]  ? __gfs2_lookup+0x8c/0x260
[  173.637220][ T4063]  __gfs2_lookup+0x8c/0x260
[  173.641718][ T4063]  ? gfs2_atomic_open+0x230/0x230
[  173.646750][ T4063]  ? __d_lookup+0x6a4/0x770
[  173.651257][ T4063]  ? d_hash_and_lookup+0x1c0/0x1c0
[  173.656369][ T4063]  gfs2_atomic_open+0xa4/0x230
[  173.661143][ T4063]  path_openat+0xf39/0x2df0
[  173.665640][ T4063]  ? gfs2_rename2+0x3000/0x3000
[  173.670511][ T4063]  ? do_filp_open+0x4f0/0x4f0
[  173.675190][ T4063]  do_filp_open+0x264/0x4f0
[  173.679707][ T4063]  ? vfs_tmpfile+0x490/0x490
[  173.684307][ T4063]  ? do_raw_spin_unlock+0x134/0x8a0
[  173.689505][ T4063]  ? _raw_spin_unlock+0x24/0x40
[  173.694347][ T4063]  ? alloc_fd+0x5a7/0x640
[  173.698680][ T4063]  do_sys_openat2+0x124/0x4e0
[  173.703367][ T4063]  ? print_irqtrace_events+0x220/0x220
[  173.708842][ T4063]  ? ptrace_stop+0x74d/0x970
[  173.713462][ T4063]  ? do_sys_open+0x220/0x220
[  173.718138][ T4063]  ? lockdep_hardirqs_on+0x8d/0x130
[  173.723341][ T4063]  ? _raw_spin_unlock_irq+0x2a/0x40
[  173.729320][ T4063]  ? ptrace_notify+0x245/0x340
[  173.734087][ T4063]  __x64_sys_openat+0x243/0x290
[  173.738952][ T4063]  ? __ia32_sys_open+0x270/0x270
[  173.743895][ T4063]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  173.749885][ T4063]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  173.755857][ T4063]  do_syscall_64+0x3d/0xb0
[  173.760279][ T4063]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  173.766177][ T4063] RIP: 0033:0x7fc8868064d9
[  173.770580][ T4063] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  173.790184][ T4063] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  173.798602][ T4063] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  173.806574][ T4063] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  173.814546][ T4063] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4063] <... openat resumed>)       = ?
[pid  4063] +++ exited with 0 +++
[pid  4062] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4062, si_uid=0, si_status=0, si_utime=2, si_stime=30} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./141/binderfs")                = 0
[  173.822523][ T4063] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  173.830498][ T4063] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  173.838469][ T4063]  </TASK>
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./141/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./141")                          = 0
mkdir("./142", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4065
./strace-static-x86_64: Process 4065 attached
[pid  4065] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4065] chdir("./142")              = 0
[pid  4065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4065] setpgid(0, 0)               = 0
[pid  4065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4065] write(3, "1000", 4)         = 4
[pid  4065] close(3)                    = 0
[pid  4065] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4065] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4065] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4066], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4066
[pid  4065] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4066 attached
 <unfinished ...>
[pid  4066] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4066] memfd_create("syzkaller", 0) = 3
[pid  4066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4066] munmap(0x7fc87e392000, 16777216) = 0
[pid  4066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4066] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4066] close(3)                    = 0
[pid  4066] mkdir("./file0", 0777)      = 0
[  174.117798][ T4066] loop0: detected capacity change from 0 to 32768
[  174.128490][ T4066] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  174.137062][ T4066] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  174.146952][ T4066] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  174.155805][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  174.163127][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4066] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4066] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4066] chdir("./file0")            = 0
[pid  4066] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4066] close(4)                    = 0
[pid  4066] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4065] <... futex resumed>)        = 0
[pid  4065] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4066] <... futex resumed>)        = 1
[pid  4066] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4066] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4065] <... futex resumed>)        = 0
[pid  4065] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4066] <... futex resumed>)        = 1
[  174.203783][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms
[  174.212609][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  174.217854][ T4066] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  174.235667][ T4066] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  174.244846][ T4066] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[pid  4066] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4065] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4065] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out)
[pid  4065] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4065] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4065] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4067], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4067
[pid  4065] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4067 attached
[pid  4067] set_robust_list(0x7fc87f3919e0, 24) = 0
[  174.244846][ T4066]   inode = 12 2341
[  174.244846][ T4066]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  174.263795][ T4066] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  174.273169][ T4066] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4066 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  174.283838][ T4066] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  174.288695][ T4067] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  174.292834][ T4066] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  174.307951][ T4066] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  174.308598][ T4067] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  174.316747][ T4066] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  174.318631][ T4066] gfs2: fsid=syz:syz.0: File system withdrawn
[  174.332707][ T4067] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4066 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  174.348451][ T4066] CPU: 1 PID: 4066 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  174.348475][ T4066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  174.348485][ T4066] Call Trace:
[  174.348491][ T4066]  <TASK>
[  174.348498][ T4066]  dump_stack_lvl+0x1b1/0x28e
[  174.359855][ T4067] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4067 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  174.368951][ T4066]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  174.368974][ T4066]  ? panic+0x710/0x710
[  174.368993][ T4066]  ? kobject_uevent_env+0x46b/0x8e0
[  174.369014][ T4066]  ? do_raw_spin_unlock+0x134/0x8a0
[  174.369043][ T4066]  gfs2_withdraw+0xf33/0x1540
[  174.369077][ T4066]  ? gfs2_lm+0x220/0x220
[  174.373152][ T4067] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  174.375256][ T4066]  ? gfs2_dirent_scan+0xb6/0x650
[  174.375284][ T4066]  ? panic+0x710/0x710
[  174.436070][ T4066]  ? gfs2_permission+0x2ff/0x430
[  174.441026][ T4066]  ? gfs2_consist_inode_i+0xf3/0x110
[  174.446321][ T4066]  gfs2_dirent_scan+0x535/0x650
[  174.451197][ T4066]  ? gfs2_dirent_search+0xb10/0xb10
[  174.456412][ T4066]  gfs2_dirent_search+0x2ea/0xb10
[  174.461459][ T4066]  ? gfs2_dirent_search+0xb10/0xb10
[  174.466654][ T4066]  ? gfs2_dir_search+0x2a0/0x2a0
[  174.471589][ T4066]  ? gfs2_permission+0x3bf/0x430
[  174.476552][ T4066]  gfs2_dir_search+0x8c/0x2a0
[  174.481246][ T4066]  ? do_filldir_main+0x530/0x530
[  174.486174][ T4066]  ? inode_go_held+0xe4/0x1f0
[  174.490841][ T4066]  ? gfs2_glock_wait+0x213/0x2a0
[  174.495779][ T4066]  gfs2_lookupi+0x465/0x650
[pid  4067] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4065] exit_group(0)               = ?
[  174.500294][ T4066]  ? gfs2_lookup_simple+0x170/0x170
[  174.505498][ T4066]  ? __gfs2_lookup+0x8c/0x260
[  174.510205][ T4066]  __gfs2_lookup+0x8c/0x260
[  174.514734][ T4066]  ? gfs2_atomic_open+0x230/0x230
[  174.519761][ T4066]  ? __d_lookup+0x6a4/0x770
[  174.524267][ T4066]  ? d_hash_and_lookup+0x1c0/0x1c0
[  174.529381][ T4066]  gfs2_atomic_open+0xa4/0x230
[  174.534159][ T4066]  path_openat+0xf39/0x2df0
[  174.538658][ T4066]  ? gfs2_rename2+0x3000/0x3000
[  174.543507][ T4066]  ? do_filp_open+0x4f0/0x4f0
[  174.548184][ T4066]  do_filp_open+0x264/0x4f0
[  174.552692][ T4066]  ? vfs_tmpfile+0x490/0x490
[  174.557289][ T4066]  ? do_raw_spin_unlock+0x134/0x8a0
[  174.562494][ T4066]  ? _raw_spin_unlock+0x24/0x40
[  174.567356][ T4066]  ? alloc_fd+0x5a7/0x640
[  174.571681][ T4066]  do_sys_openat2+0x124/0x4e0
[  174.576350][ T4066]  ? print_irqtrace_events+0x220/0x220
[  174.581807][ T4066]  ? ptrace_stop+0x74d/0x970
[  174.586390][ T4066]  ? do_sys_open+0x220/0x220
[  174.590971][ T4066]  ? lockdep_hardirqs_on+0x8d/0x130
[  174.596162][ T4066]  ? _raw_spin_unlock_irq+0x2a/0x40
[  174.601355][ T4066]  ? ptrace_notify+0x245/0x340
[  174.606106][ T4066]  __x64_sys_openat+0x243/0x290
[  174.610976][ T4066]  ? __ia32_sys_open+0x270/0x270
[  174.615916][ T4066]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  174.621906][ T4066]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  174.627875][ T4066]  do_syscall_64+0x3d/0xb0
[  174.632281][ T4066]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  174.638172][ T4066] RIP: 0033:0x7fc8868064d9
[  174.642574][ T4066] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  174.662184][ T4066] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  174.670767][ T4066] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  174.678733][ T4066] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  174.686695][ T4066] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  174.694657][ T4066] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[pid  4066] <... openat resumed>)       = ?
[pid  4067] <... openat resumed>)       = ?
[pid  4066] +++ exited with 0 +++
[pid  4067] +++ exited with 0 +++
[pid  4065] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4065, si_uid=0, si_status=0, si_utime=0, si_stime=42} ---
umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./142/binderfs")                = 0
[  174.702638][ T4066] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  174.710627][ T4066]  </TASK>
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./142/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./142")                          = 0
mkdir("./143", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4068
./strace-static-x86_64: Process 4068 attached
[pid  4068] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4068] chdir("./143")              = 0
[pid  4068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4068] setpgid(0, 0)               = 0
[pid  4068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4068] write(3, "1000", 4)         = 4
[pid  4068] close(3)                    = 0
[pid  4068] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4068] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4068] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4068] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4069], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4069
[pid  4068] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4068] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4069 attached
 <unfinished ...>
[pid  4069] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4069] memfd_create("syzkaller", 0) = 3
[pid  4069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4069] munmap(0x7fc87e392000, 16777216) = 0
[pid  4069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4069] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4069] close(3)                    = 0
[pid  4069] mkdir("./file0", 0777)      = 0
[  175.002379][ T4069] loop0: detected capacity change from 0 to 32768
[  175.012931][ T4069] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  175.021180][ T4069] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  175.031175][ T4069] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  175.039541][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  175.046449][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4069] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4069] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4069] chdir("./file0")            = 0
[pid  4069] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4069] close(4)                    = 0
[pid  4069] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4068] <... futex resumed>)        = 0
[pid  4069] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4068] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4069] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  4068] <... futex resumed>)        = 0
[pid  4069] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  4068] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4069] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4069] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4069] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4068] <... futex resumed>)        = 0
[pid  4068] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4069] <... futex resumed>)        = 0
[pid  4068] <... futex resumed>)        = 1
[pid  4069] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  175.081469][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  175.090301][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  175.095562][ T4069] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  4068] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4068] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  175.122575][ T4069] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  175.131026][ T4069] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  175.131026][ T4069]   inode = 12 2341
[  175.131026][ T4069]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  175.149967][ T4069] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  175.159258][ T4069] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4069 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4068] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4068] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4070], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4070
[pid  4068] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4070 attached
[pid  4070] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4070] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4070] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  175.169364][ T4069] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  175.178149][ T4069] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  175.185451][ T4069] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  175.194471][ T4069] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  175.202576][ T4069] gfs2: fsid=syz:syz.0: File system withdrawn
[  175.208662][ T4069] CPU: 0 PID: 4069 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  175.219077][ T4069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  175.229127][ T4069] Call Trace:
[  175.232402][ T4069]  <TASK>
[  175.235325][ T4069]  dump_stack_lvl+0x1b1/0x28e
[  175.240011][ T4069]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  175.245488][ T4069]  ? panic+0x710/0x710
[  175.249573][ T4069]  ? kobject_uevent_env+0x46b/0x8e0
[  175.254780][ T4069]  ? do_raw_spin_unlock+0x134/0x8a0
[  175.259993][ T4069]  gfs2_withdraw+0xf33/0x1540
[  175.264730][ T4069]  ? gfs2_lm+0x220/0x220
[pid  4070] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4068] exit_group(0 <unfinished ...>
[pid  4070] <... futex resumed>)        = ?
[pid  4068] <... exit_group resumed>)   = ?
[pid  4070] +++ exited with 0 +++
[  175.268962][ T4069]  ? gfs2_dirent_scan+0xb6/0x650
[  175.273892][ T4069]  ? panic+0x710/0x710
[  175.277960][ T4069]  ? gfs2_permission+0x2ff/0x430
[  175.282909][ T4069]  ? gfs2_consist_inode_i+0xf3/0x110
[  175.288202][ T4069]  gfs2_dirent_scan+0x535/0x650
[  175.293079][ T4069]  ? gfs2_dirent_search+0xb10/0xb10
[  175.298298][ T4069]  gfs2_dirent_search+0x2ea/0xb10
[  175.303335][ T4069]  ? gfs2_dirent_search+0xb10/0xb10
[  175.308565][ T4069]  ? gfs2_dir_search+0x2a0/0x2a0
[  175.313526][ T4069]  ? gfs2_permission+0x3bf/0x430
[  175.318467][ T4069]  gfs2_dir_search+0x8c/0x2a0
[  175.323142][ T4069]  ? do_filldir_main+0x530/0x530
[  175.328081][ T4069]  ? inode_go_held+0xe4/0x1f0
[  175.332759][ T4069]  ? gfs2_glock_wait+0x213/0x2a0
[  175.337706][ T4069]  gfs2_lookupi+0x465/0x650
[  175.342225][ T4069]  ? gfs2_lookup_simple+0x170/0x170
[  175.347489][ T4069]  ? __gfs2_lookup+0x8c/0x260
[  175.352178][ T4069]  __gfs2_lookup+0x8c/0x260
[  175.356676][ T4069]  ? gfs2_atomic_open+0x230/0x230
[  175.361703][ T4069]  ? __d_lookup+0x6a4/0x770
[  175.366197][ T4069]  ? d_hash_and_lookup+0x1c0/0x1c0
[  175.371329][ T4069]  gfs2_atomic_open+0xa4/0x230
[  175.376103][ T4069]  path_openat+0xf39/0x2df0
[  175.380618][ T4069]  ? gfs2_rename2+0x3000/0x3000
[  175.385492][ T4069]  ? do_filp_open+0x4f0/0x4f0
[  175.390186][ T4069]  do_filp_open+0x264/0x4f0
[  175.394693][ T4069]  ? vfs_tmpfile+0x490/0x490
[  175.399278][ T4069]  ? do_raw_spin_unlock+0x134/0x8a0
[  175.404469][ T4069]  ? _raw_spin_unlock+0x24/0x40
[  175.409318][ T4069]  ? alloc_fd+0x5a7/0x640
[  175.413674][ T4069]  do_sys_openat2+0x124/0x4e0
[  175.418357][ T4069]  ? print_irqtrace_events+0x220/0x220
[  175.423806][ T4069]  ? ptrace_stop+0x74d/0x970
[  175.428397][ T4069]  ? do_sys_open+0x220/0x220
[  175.432992][ T4069]  ? lockdep_hardirqs_on+0x8d/0x130
[  175.438206][ T4069]  ? _raw_spin_unlock_irq+0x2a/0x40
[  175.443487][ T4069]  ? ptrace_notify+0x245/0x340
[  175.448266][ T4069]  __x64_sys_openat+0x243/0x290
[  175.453137][ T4069]  ? __ia32_sys_open+0x270/0x270
[  175.458068][ T4069]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  175.464045][ T4069]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  175.470019][ T4069]  do_syscall_64+0x3d/0xb0
[  175.474456][ T4069]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  175.480356][ T4069] RIP: 0033:0x7fc8868064d9
[  175.484762][ T4069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  175.504358][ T4069] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  175.512776][ T4069] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  4069] <... openat resumed>)       = ?
[pid  4069] +++ exited with 0 +++
[pid  4068] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4068, si_uid=0, si_status=0, si_utime=2, si_stime=28} ---
umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./143/binderfs")                = 0
[  175.520751][ T4069] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  175.528712][ T4069] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  175.536672][ T4069] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  175.544642][ T4069] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  175.552642][ T4069]  </TASK>
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./143/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./143")                          = 0
mkdir("./144", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4071
./strace-static-x86_64: Process 4071 attached
[pid  4071] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4071] chdir("./144")              = 0
[pid  4071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4071] setpgid(0, 0)               = 0
[pid  4071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4071] write(3, "1000", 4)         = 4
[pid  4071] close(3)                    = 0
[pid  4071] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4071] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4071] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4071] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4072 attached
 <unfinished ...>
[pid  4072] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4071] <... clone resumed>, parent_tid=[4072], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4072
[pid  4071] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4072] <... set_robust_list resumed>) = 0
[pid  4071] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4072] memfd_create("syzkaller", 0) = 3
[pid  4072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4072] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4072] munmap(0x7fc87e392000, 16777216) = 0
[pid  4072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4072] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4072] close(3)                    = 0
[pid  4072] mkdir("./file0", 0777)      = 0
[  175.868430][ T4072] loop0: detected capacity change from 0 to 32768
[  175.879283][ T4072] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  175.887546][ T4072] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  175.897725][ T4072] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  175.906280][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  175.913351][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4072] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4072] chdir("./file0")            = 0
[pid  4072] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4072] close(4)                    = 0
[pid  4072] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4071] <... futex resumed>)        = 0
[pid  4071] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4071] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4072] <... futex resumed>)        = 1
[pid  4072] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4072] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4071] <... futex resumed>)        = 0
[pid  4071] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4071] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4072] <... futex resumed>)        = 1
[  175.947336][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 33ms
[  175.956180][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  175.961584][ T4072] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  175.977444][ T4072] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  175.986211][ T4072] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  175.986211][ T4072]   inode = 12 2341
[pid  4072] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4071] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4071] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4071] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4071] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4073], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4073
[pid  4071] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4073 attached
[pid  4073] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4073] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4073] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  175.986211][ T4072]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  176.005161][ T4072] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  176.014793][ T4072] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4072 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  176.025759][ T4072] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  176.035624][ T4072] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  176.042973][ T4072] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  176.051829][ T4072] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  176.059708][ T4072] gfs2: fsid=syz:syz.0: File system withdrawn
[  176.067662][ T4072] CPU: 0 PID: 4072 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  176.078090][ T4072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  176.088159][ T4072] Call Trace:
[  176.091435][ T4072]  <TASK>
[  176.094363][ T4072]  dump_stack_lvl+0x1b1/0x28e
[  176.099043][ T4072]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  176.104515][ T4072]  ? panic+0x710/0x710
[  176.108599][ T4072]  ? kobject_uevent_env+0x46b/0x8e0
[  176.113807][ T4072]  ? do_raw_spin_unlock+0x134/0x8a0
[  176.119012][ T4072]  gfs2_withdraw+0xf33/0x1540
[  176.123707][ T4072]  ? gfs2_lm+0x220/0x220
[  176.127945][ T4072]  ? gfs2_dirent_scan+0xb6/0x650
[  176.132900][ T4072]  ? panic+0x710/0x710
[  176.136978][ T4072]  ? gfs2_permission+0x2ff/0x430
[  176.141927][ T4072]  ? gfs2_consist_inode_i+0xf3/0x110
[pid  4073] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4071] exit_group(0 <unfinished ...>
[pid  4073] <... futex resumed>)        = ?
[pid  4071] <... exit_group resumed>)   = ?
[pid  4073] +++ exited with 0 +++
[  176.147205][ T4072]  gfs2_dirent_scan+0x535/0x650
[  176.152053][ T4072]  ? gfs2_dirent_search+0xb10/0xb10
[  176.157264][ T4072]  gfs2_dirent_search+0x2ea/0xb10
[  176.162292][ T4072]  ? gfs2_dirent_search+0xb10/0xb10
[  176.167519][ T4072]  ? gfs2_dir_search+0x2a0/0x2a0
[  176.172474][ T4072]  ? gfs2_permission+0x3bf/0x430
[  176.177410][ T4072]  gfs2_dir_search+0x8c/0x2a0
[  176.182081][ T4072]  ? do_filldir_main+0x530/0x530
[  176.187009][ T4072]  ? inode_go_held+0xe4/0x1f0
[  176.191684][ T4072]  ? gfs2_glock_wait+0x213/0x2a0
[  176.196614][ T4072]  gfs2_lookupi+0x465/0x650
[  176.201133][ T4072]  ? gfs2_lookup_simple+0x170/0x170
[  176.206339][ T4072]  ? __gfs2_lookup+0x8c/0x260
[  176.211016][ T4072]  __gfs2_lookup+0x8c/0x260
[  176.215513][ T4072]  ? gfs2_atomic_open+0x230/0x230
[  176.220543][ T4072]  ? __d_lookup+0x6a4/0x770
[  176.225033][ T4072]  ? d_hash_and_lookup+0x1c0/0x1c0
[  176.230138][ T4072]  gfs2_atomic_open+0xa4/0x230
[  176.234902][ T4072]  path_openat+0xf39/0x2df0
[  176.239413][ T4072]  ? gfs2_rename2+0x3000/0x3000
[  176.244278][ T4072]  ? do_filp_open+0x4f0/0x4f0
[  176.248981][ T4072]  do_filp_open+0x264/0x4f0
[  176.253484][ T4072]  ? vfs_tmpfile+0x490/0x490
[  176.258068][ T4072]  ? do_raw_spin_unlock+0x134/0x8a0
[  176.263264][ T4072]  ? _raw_spin_unlock+0x24/0x40
[  176.268106][ T4072]  ? alloc_fd+0x5a7/0x640
[  176.272454][ T4072]  do_sys_openat2+0x124/0x4e0
[  176.277139][ T4072]  ? print_irqtrace_events+0x220/0x220
[  176.282586][ T4072]  ? ptrace_stop+0x74d/0x970
[  176.287168][ T4072]  ? do_sys_open+0x220/0x220
[  176.291761][ T4072]  ? lockdep_hardirqs_on+0x8d/0x130
[  176.296966][ T4072]  ? _raw_spin_unlock_irq+0x2a/0x40
[  176.302157][ T4072]  ? ptrace_notify+0x245/0x340
[  176.306919][ T4072]  __x64_sys_openat+0x243/0x290
[  176.311783][ T4072]  ? __ia32_sys_open+0x270/0x270
[  176.316712][ T4072]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  176.322686][ T4072]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  176.328660][ T4072]  do_syscall_64+0x3d/0xb0
[  176.333107][ T4072]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  176.339009][ T4072] RIP: 0033:0x7fc8868064d9
[  176.343411][ T4072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  176.363020][ T4072] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  176.371456][ T4072] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  176.379430][ T4072] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  176.387394][ T4072] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4072] <... openat resumed>)       = ?
[pid  4072] +++ exited with 0 +++
[pid  4071] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4071, si_uid=0, si_status=0, si_utime=3, si_stime=30} ---
umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./144/binderfs")                = 0
[  176.395355][ T4072] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  176.403316][ T4072] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  176.411309][ T4072]  </TASK>
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./144/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./144")                          = 0
mkdir("./145", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4074
./strace-static-x86_64: Process 4074 attached
[pid  4074] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4074] chdir("./145")              = 0
[pid  4074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4074] setpgid(0, 0)               = 0
[pid  4074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4074] write(3, "1000", 4)         = 4
[pid  4074] close(3)                    = 0
[pid  4074] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4074] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4074] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4074] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4075], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4075
[pid  4074] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4074] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4075 attached
 <unfinished ...>
[pid  4075] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4075] memfd_create("syzkaller", 0) = 3
[pid  4075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4075] munmap(0x7fc87e392000, 16777216) = 0
[pid  4075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4075] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4075] close(3)                    = 0
[pid  4075] mkdir("./file0", 0777)      = 0
[  176.696653][ T4075] loop0: detected capacity change from 0 to 32768
[  176.707424][ T4075] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  176.715663][ T4075] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  176.725334][ T4075] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  176.734153][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  176.741557][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4075] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4075] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4075] chdir("./file0")            = 0
[pid  4075] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4075] close(4)                    = 0
[pid  4075] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4074] <... futex resumed>)        = 0
[pid  4074] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4074] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4075] <... futex resumed>)        = 1
[pid  4075] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4075] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4074] <... futex resumed>)        = 0
[pid  4074] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4074] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4075] <... futex resumed>)        = 1
[  176.778493][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 36ms
[  176.786149][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  176.791575][ T4075] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  176.808312][ T4075] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  176.816852][ T4075] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  176.816852][ T4075]   inode = 12 2341
[pid  4075] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4074] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4074] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4074] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4074] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4076], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4076
[pid  4074] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  176.816852][ T4075]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  176.835631][ T4075] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  176.845087][ T4075] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4075 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  176.855439][ T4075] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  176.864401][ T4075] gfs2: fsid=syz:syz.0: about to withdraw this file system
./strace-static-x86_64: Process 4076 attached
[pid  4076] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4076] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4076] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  176.872166][ T4075] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  176.881803][ T4075] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  176.888694][ T4075] gfs2: fsid=syz:syz.0: File system withdrawn
[  176.895143][ T4075] CPU: 0 PID: 4075 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  176.905563][ T4075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  176.915605][ T4075] Call Trace:
[  176.918874][ T4075]  <TASK>
[  176.921794][ T4075]  dump_stack_lvl+0x1b1/0x28e
[  176.926462][ T4075]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  176.931905][ T4075]  ? panic+0x710/0x710
[  176.935960][ T4075]  ? kobject_uevent_env+0x46b/0x8e0
[  176.946003][ T4075]  ? do_raw_spin_unlock+0x134/0x8a0
[  176.951194][ T4075]  gfs2_withdraw+0xf33/0x1540
[  176.955866][ T4075]  ? gfs2_lm+0x220/0x220
[  176.960092][ T4075]  ? gfs2_dirent_scan+0xb6/0x650
[  176.965014][ T4075]  ? panic+0x710/0x710
[  176.969067][ T4075]  ? gfs2_permission+0x2ff/0x430
[  176.973992][ T4075]  ? gfs2_consist_inode_i+0xf3/0x110
[  176.979284][ T4075]  gfs2_dirent_scan+0x535/0x650
[  176.984122][ T4075]  ? gfs2_dirent_search+0xb10/0xb10
[  176.989312][ T4075]  gfs2_dirent_search+0x2ea/0xb10
[  176.994375][ T4075]  ? gfs2_dirent_search+0xb10/0xb10
[  176.999566][ T4075]  ? gfs2_dir_search+0x2a0/0x2a0
[  177.004490][ T4075]  ? gfs2_permission+0x3bf/0x430
[  177.009415][ T4075]  gfs2_dir_search+0x8c/0x2a0
[  177.014079][ T4075]  ? do_filldir_main+0x530/0x530
[  177.018999][ T4075]  ? inode_go_held+0xe4/0x1f0
[  177.023662][ T4075]  ? gfs2_glock_wait+0x213/0x2a0
[  177.028589][ T4075]  gfs2_lookupi+0x465/0x650
[  177.033080][ T4075]  ? gfs2_lookup_simple+0x170/0x170
[  177.038263][ T4075]  ? __gfs2_lookup+0x8c/0x260
[  177.042929][ T4075]  __gfs2_lookup+0x8c/0x260
[  177.047419][ T4075]  ? gfs2_atomic_open+0x230/0x230
[  177.052429][ T4075]  ? __d_lookup+0x6a4/0x770
[  177.056916][ T4075]  ? d_hash_and_lookup+0x1c0/0x1c0
[  177.062012][ T4075]  gfs2_atomic_open+0xa4/0x230
[  177.066766][ T4075]  path_openat+0xf39/0x2df0
[  177.071258][ T4075]  ? gfs2_rename2+0x3000/0x3000
[  177.076101][ T4075]  ? do_filp_open+0x4f0/0x4f0
[  177.080774][ T4075]  do_filp_open+0x264/0x4f0
[  177.085261][ T4075]  ? vfs_tmpfile+0x490/0x490
[  177.089841][ T4075]  ? do_raw_spin_unlock+0x134/0x8a0
[  177.095027][ T4075]  ? _raw_spin_unlock+0x24/0x40
[  177.099863][ T4075]  ? alloc_fd+0x5a7/0x640
[  177.104184][ T4075]  do_sys_openat2+0x124/0x4e0
[  177.108847][ T4075]  ? print_irqtrace_events+0x220/0x220
[  177.114290][ T4075]  ? ptrace_stop+0x74d/0x970
[  177.118867][ T4075]  ? do_sys_open+0x220/0x220
[  177.123444][ T4075]  ? lockdep_hardirqs_on+0x8d/0x130
[  177.128628][ T4075]  ? _raw_spin_unlock_irq+0x2a/0x40
[  177.133814][ T4075]  ? ptrace_notify+0x245/0x340
[  177.138567][ T4075]  __x64_sys_openat+0x243/0x290
[  177.143406][ T4075]  ? __ia32_sys_open+0x270/0x270
[  177.148329][ T4075]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  177.154294][ T4075]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  177.160259][ T4075]  do_syscall_64+0x3d/0xb0
[  177.164676][ T4075]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  177.170555][ T4075] RIP: 0033:0x7fc8868064d9
[  177.174953][ T4075] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  177.194541][ T4075] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  177.202939][ T4075] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  177.210893][ T4075] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  177.218852][ T4075] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[pid  4076] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4075] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4075] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4074] exit_group(0 <unfinished ...>
[pid  4076] <... futex resumed>)        = ?
[pid  4074] <... exit_group resumed>)   = ?
[pid  4076] +++ exited with 0 +++
[pid  4075] <... futex resumed>)        = ?
[pid  4075] +++ exited with 0 +++
[pid  4074] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4074, si_uid=0, si_status=0, si_utime=1, si_stime=29} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./145/binderfs")                = 0
[  177.226806][ T4075] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  177.234759][ T4075] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  177.242726][ T4075]  </TASK>
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./145/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./145")                          = 0
mkdir("./146", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4077
./strace-static-x86_64: Process 4077 attached
[pid  4077] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4077] chdir("./146")              = 0
[pid  4077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4077] setpgid(0, 0)               = 0
[pid  4077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4077] write(3, "1000", 4)         = 4
[pid  4077] close(3)                    = 0
[pid  4077] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4077] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4077] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4077] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4078], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4078
[pid  4077] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4077] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 4078 attached
 <unfinished ...>
[pid  4078] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4078] memfd_create("syzkaller", 0) = 3
[pid  4078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4078] munmap(0x7fc87e392000, 16777216) = 0
[pid  4078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4078] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4078] close(3)                    = 0
[pid  4078] mkdir("./file0", 0777)      = 0
[  177.525350][ T4078] loop0: detected capacity change from 0 to 32768
[  177.536926][ T4078] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  177.545825][ T4078] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  177.555081][ T4078] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  177.563733][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  177.570983][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4078] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4078] chdir("./file0")            = 0
[pid  4078] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4078] close(4)                    = 0
[pid  4078] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4078] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4077] <... futex resumed>)        = 0
[pid  4077] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4078] <... futex resumed>)        = 0
[pid  4077] <... futex resumed>)        = 1
[pid  4078] ioctl(0, VFAT_IOCTL_READDIR_SHORT <unfinished ...>
[pid  4077] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4078] <... ioctl resumed>, 0)     = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4078] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4077] <... futex resumed>)        = 0
[pid  4078] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4077] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4078] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  4077] <... futex resumed>)        = 0
[pid  4077] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[  177.606883][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 35ms
[  177.615747][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  177.621315][ T4078] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  177.647735][ T4078] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  177.656453][ T4078] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  177.656453][ T4078]   inode = 12 2341
[  177.656453][ T4078]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  177.675573][ T4078] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  177.684976][ T4078] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4078 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4078] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4077] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4077] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4077] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4077] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4079], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4079
[pid  4077] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4079 attached
[pid  4079] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4079] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4079] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  177.695087][ T4078] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  177.703626][ T4078] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  177.710960][ T4078] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  177.720312][ T4078] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  177.727032][ T4078] gfs2: fsid=syz:syz.0: File system withdrawn
[  177.733480][ T4078] CPU: 0 PID: 4078 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  177.743905][ T4078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  177.753953][ T4078] Call Trace:
[  177.757224][ T4078]  <TASK>
[  177.760162][ T4078]  dump_stack_lvl+0x1b1/0x28e
[  177.764846][ T4078]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  177.770294][ T4078]  ? panic+0x710/0x710
[  177.774349][ T4078]  ? kobject_uevent_env+0x46b/0x8e0
[  177.779533][ T4078]  ? do_raw_spin_unlock+0x134/0x8a0
[  177.784722][ T4078]  gfs2_withdraw+0xf33/0x1540
[  177.789393][ T4078]  ? gfs2_lm+0x220/0x220
[  177.793622][ T4078]  ? gfs2_dirent_scan+0xb6/0x650
[  177.798634][ T4078]  ? panic+0x710/0x710
[  177.802688][ T4078]  ? gfs2_permission+0x2ff/0x430
[  177.807611][ T4078]  ? gfs2_consist_inode_i+0xf3/0x110
[  177.812880][ T4078]  gfs2_dirent_scan+0x535/0x650
[  177.817733][ T4078]  ? gfs2_dirent_search+0xb10/0xb10
[  177.822921][ T4078]  gfs2_dirent_search+0x2ea/0xb10
[  177.827932][ T4078]  ? gfs2_dirent_search+0xb10/0xb10
[  177.833117][ T4078]  ? gfs2_dir_search+0x2a0/0x2a0
[  177.838039][ T4078]  ? gfs2_permission+0x3bf/0x430
[  177.842974][ T4078]  gfs2_dir_search+0x8c/0x2a0
[  177.847658][ T4078]  ? do_filldir_main+0x530/0x530
[  177.852592][ T4078]  ? inode_go_held+0xe4/0x1f0
[  177.857272][ T4078]  ? gfs2_glock_wait+0x213/0x2a0
[  177.862205][ T4078]  gfs2_lookupi+0x465/0x650
[  177.866706][ T4078]  ? gfs2_lookup_simple+0x170/0x170
[  177.871898][ T4078]  ? __gfs2_lookup+0x8c/0x260
[  177.876598][ T4078]  __gfs2_lookup+0x8c/0x260
[  177.881106][ T4078]  ? gfs2_atomic_open+0x230/0x230
[  177.886126][ T4078]  ? __d_lookup+0x6a4/0x770
[  177.890619][ T4078]  ? d_hash_and_lookup+0x1c0/0x1c0
[  177.895721][ T4078]  gfs2_atomic_open+0xa4/0x230
[  177.900478][ T4078]  path_openat+0xf39/0x2df0
[  177.904984][ T4078]  ? gfs2_rename2+0x3000/0x3000
[  177.909847][ T4078]  ? do_filp_open+0x4f0/0x4f0
[  177.914530][ T4078]  do_filp_open+0x264/0x4f0
[  177.919025][ T4078]  ? vfs_tmpfile+0x490/0x490
[  177.923615][ T4078]  ? do_raw_spin_unlock+0x134/0x8a0
[  177.928836][ T4078]  ? _raw_spin_unlock+0x24/0x40
[  177.933680][ T4078]  ? alloc_fd+0x5a7/0x640
[  177.938008][ T4078]  do_sys_openat2+0x124/0x4e0
[  177.942714][ T4078]  ? print_irqtrace_events+0x220/0x220
[  177.948175][ T4078]  ? ptrace_stop+0x74d/0x970
[  177.952759][ T4078]  ? do_sys_open+0x220/0x220
[  177.957344][ T4078]  ? lockdep_hardirqs_on+0x8d/0x130
[  177.962535][ T4078]  ? _raw_spin_unlock_irq+0x2a/0x40
[  177.967727][ T4078]  ? ptrace_notify+0x245/0x340
[  177.972483][ T4078]  __x64_sys_openat+0x243/0x290
[  177.977333][ T4078]  ? __ia32_sys_open+0x270/0x270
[  177.982266][ T4078]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  177.988239][ T4078]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  177.994235][ T4078]  do_syscall_64+0x3d/0xb0
[  177.998646][ T4078]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  178.004530][ T4078] RIP: 0033:0x7fc8868064d9
[  178.008935][ T4078] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  178.028532][ T4078] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  178.036936][ T4078] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  4079] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4078] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4078] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4077] exit_group(0 <unfinished ...>
[pid  4079] <... futex resumed>)        = ?
[pid  4077] <... exit_group resumed>)   = ?
[pid  4079] +++ exited with 0 +++
[pid  4078] <... futex resumed>)        = ?
[pid  4078] +++ exited with 0 +++
[pid  4077] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4077, si_uid=0, si_status=0, si_utime=0, si_stime=31} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./146/binderfs")                = 0
[  178.044902][ T4078] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  178.052866][ T4078] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  178.060826][ T4078] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  178.068793][ T4078] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  178.076777][ T4078]  </TASK>
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./146/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./146")                          = 0
mkdir("./147", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4080
./strace-static-x86_64: Process 4080 attached
[pid  4080] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4080] chdir("./147")              = 0
[pid  4080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4080] setpgid(0, 0)               = 0
[pid  4080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4080] write(3, "1000", 4)         = 4
[pid  4080] close(3)                    = 0
[pid  4080] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4080] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4080] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4080] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4081 attached
, parent_tid=[4081], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4081
[pid  4081] set_robust_list(0x7fc8867b29e0, 24) = 0
[pid  4081] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4080] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4081] <... futex resumed>)        = 0
[pid  4080] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4081] memfd_create("syzkaller", 0) = 3
[pid  4081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4081] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4081] munmap(0x7fc87e392000, 16777216) = 0
[pid  4081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4081] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4081] close(3)                    = 0
[pid  4081] mkdir("./file0", 0777)      = 0
[  178.370973][ T4081] loop0: detected capacity change from 0 to 32768
[  178.382441][ T4081] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  178.390929][ T4081] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  178.401084][ T4081] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  178.409870][   T14] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  178.417338][   T14] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4081] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4081] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4081] chdir("./file0")            = 0
[pid  4081] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4081] close(4)                    = 0
[pid  4081] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4080] <... futex resumed>)        = 0
[pid  4081] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  4080] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4081] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4080] <... futex resumed>)        = 0
[pid  4081] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4080] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4081] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4080] <... futex resumed>)        = -1 EAGAIN (Resource temporarily unavailable)
[pid  4080] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4081] <... futex resumed>)        = 0
[  178.454878][   T14] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  178.462522][   T14] gfs2: fsid=syz:syz.0: jid=0: Done
[  178.467858][ T4081] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  4080] <... futex resumed>)        = 1
[pid  4081] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[  178.507213][ T4081] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  178.516239][ T4081] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  178.516239][ T4081]   inode = 12 2341
[  178.516239][ T4081]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  178.535026][ T4081] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  178.544851][ T4081] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4081 [syz-executor337] __gfs2_lookup+0x8c/0x260
[pid  4080] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out)
[pid  4080] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4080] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4080] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4082], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4082
[pid  4080] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4082 attached
[pid  4082] set_robust_list(0x7fc87f3919e0, 24) = 0
[pid  4082] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH) = -1 EIO (Input/output error)
[pid  4082] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  178.555300][ T4081] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  178.564297][ T4081] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  178.571591][ T4081] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  178.580431][ T4081] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  178.586999][ T4081] gfs2: fsid=syz:syz.0: File system withdrawn
[  178.593263][ T4081] CPU: 0 PID: 4081 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  178.603697][ T4081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  178.613755][ T4081] Call Trace:
[  178.617023][ T4081]  <TASK>
[  178.619946][ T4081]  dump_stack_lvl+0x1b1/0x28e
[  178.624630][ T4081]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  178.630094][ T4081]  ? panic+0x710/0x710
[  178.634172][ T4081]  ? kobject_uevent_env+0x46b/0x8e0
[  178.639360][ T4081]  ? do_raw_spin_unlock+0x134/0x8a0
[  178.644552][ T4081]  gfs2_withdraw+0xf33/0x1540
[  178.649230][ T4081]  ? gfs2_lm+0x220/0x220
[pid  4082] futex(0x7fc88689d7b8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4080] exit_group(0 <unfinished ...>
[pid  4082] <... futex resumed>)        = ?
[pid  4080] <... exit_group resumed>)   = ?
[pid  4082] +++ exited with 0 +++
[  178.653467][ T4081]  ? gfs2_dirent_scan+0xb6/0x650
[  178.658409][ T4081]  ? panic+0x710/0x710
[  178.662489][ T4081]  ? gfs2_permission+0x2ff/0x430
[  178.667435][ T4081]  ? gfs2_consist_inode_i+0xf3/0x110
[  178.672710][ T4081]  gfs2_dirent_scan+0x535/0x650
[  178.677553][ T4081]  ? gfs2_dirent_search+0xb10/0xb10
[  178.682743][ T4081]  gfs2_dirent_search+0x2ea/0xb10
[  178.687769][ T4081]  ? gfs2_dirent_search+0xb10/0xb10
[  178.692990][ T4081]  ? gfs2_dir_search+0x2a0/0x2a0
[  178.697940][ T4081]  ? gfs2_permission+0x3bf/0x430
[  178.702883][ T4081]  gfs2_dir_search+0x8c/0x2a0
[  178.707567][ T4081]  ? do_filldir_main+0x530/0x530
[  178.712500][ T4081]  ? inode_go_held+0xe4/0x1f0
[  178.717177][ T4081]  ? gfs2_glock_wait+0x213/0x2a0
[  178.722125][ T4081]  gfs2_lookupi+0x465/0x650
[  178.726627][ T4081]  ? gfs2_lookup_simple+0x170/0x170
[  178.731821][ T4081]  ? __gfs2_lookup+0x8c/0x260
[  178.736497][ T4081]  __gfs2_lookup+0x8c/0x260
[  178.740996][ T4081]  ? gfs2_atomic_open+0x230/0x230
[  178.746046][ T4081]  ? __d_lookup+0x6a4/0x770
[  178.750541][ T4081]  ? d_hash_and_lookup+0x1c0/0x1c0
[  178.755647][ T4081]  gfs2_atomic_open+0xa4/0x230
[  178.760408][ T4081]  path_openat+0xf39/0x2df0
[  178.764932][ T4081]  ? gfs2_rename2+0x3000/0x3000
[  178.769789][ T4081]  ? do_filp_open+0x4f0/0x4f0
[  178.774487][ T4081]  do_filp_open+0x264/0x4f0
[  178.779009][ T4081]  ? vfs_tmpfile+0x490/0x490
[  178.783609][ T4081]  ? do_raw_spin_unlock+0x134/0x8a0
[  178.788811][ T4081]  ? _raw_spin_unlock+0x24/0x40
[  178.793670][ T4081]  ? alloc_fd+0x5a7/0x640
[  178.798011][ T4081]  do_sys_openat2+0x124/0x4e0
[  178.802692][ T4081]  ? print_irqtrace_events+0x220/0x220
[  178.808149][ T4081]  ? ptrace_stop+0x74d/0x970
[  178.812737][ T4081]  ? do_sys_open+0x220/0x220
[  178.817324][ T4081]  ? lockdep_hardirqs_on+0x8d/0x130
[  178.822519][ T4081]  ? _raw_spin_unlock_irq+0x2a/0x40
[  178.827718][ T4081]  ? ptrace_notify+0x245/0x340
[  178.832474][ T4081]  __x64_sys_openat+0x243/0x290
[  178.837324][ T4081]  ? __ia32_sys_open+0x270/0x270
[  178.842258][ T4081]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  178.848248][ T4081]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  178.854225][ T4081]  do_syscall_64+0x3d/0xb0
[  178.858637][ T4081]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  178.864525][ T4081] RIP: 0033:0x7fc8868064d9
[  178.868935][ T4081] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  178.889837][ T4081] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  178.898245][ T4081] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[pid  4081] <... openat resumed>)       = ?
[pid  4081] +++ exited with 0 +++
[pid  4080] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4080, si_uid=0, si_status=0, si_utime=3, si_stime=24} ---
umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555556360620 /* 4 entries */, 32768) = 112
umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./147/binderfs")                = 0
[  178.906224][ T4081] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  178.914207][ T4081] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  178.922178][ T4081] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  178.930144][ T4081] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  178.938119][ T4081]  </TASK>
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556368660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556368660 /* 0 entries */, 32768) = 0
close(4)                                = 0
rmdir("./147/file0")                    = 0
getdents64(3, 0x555556360620 /* 0 entries */, 32768) = 0
close(3)                                = 0
rmdir("./147")                          = 0
mkdir("./148", 0777)                    = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555635f5d0) = 4083
./strace-static-x86_64: Process 4083 attached
[pid  4083] set_robust_list(0x55555635f5e0, 24) = 0
[pid  4083] chdir("./148")              = 0
[pid  4083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  4083] setpgid(0, 0)               = 0
[pid  4083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  4083] write(3, "1000", 4)         = 4
[pid  4083] close(3)                    = 0
[pid  4083] symlink("/dev/binderfs", "./binderfs") = 0
[pid  4083] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc886792000
[pid  4083] mprotect(0x7fc886793000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4083] clone(child_stack=0x7fc8867b23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 4084 attached
, parent_tid=[4084], tls=0x7fc8867b2700, child_tidptr=0x7fc8867b29d0) = 4084
[pid  4084] set_robust_list(0x7fc8867b29e0, 24 <unfinished ...>
[pid  4083] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4084] <... set_robust_list resumed>) = 0
[pid  4083] <... futex resumed>)        = 0
[pid  4083] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} <unfinished ...>
[pid  4084] memfd_create("syzkaller", 0) = 3
[pid  4084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc87e392000
[pid  4084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  4084] munmap(0x7fc87e392000, 16777216) = 0
[pid  4084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  4084] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  4084] close(3)                    = 0
[pid  4084] mkdir("./file0", 0777)      = 0
[  179.229338][ T4084] loop0: detected capacity change from 0 to 32768
[  179.240647][ T4084] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  179.249110][ T4084] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  179.258456][ T4084] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  179.267268][  T154] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  179.274286][  T154] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[pid  4084] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0
[pid  4084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  4084] chdir("./file0")            = 0
[pid  4084] ioctl(4, LOOP_CLR_FD)       = 0
[pid  4084] close(4)                    = 0
[pid  4084] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4084] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4083] <... futex resumed>)        = 0
[pid  4083] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1
[pid  4083] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4084] <... futex resumed>)        = 0
[pid  4084] ioctl(0, VFAT_IOCTL_READDIR_SHORT, 0) = -1 ENOTTY (Inappropriate ioctl for device)
[pid  4084] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000 <unfinished ...>
[pid  4083] <... futex resumed>)        = 0
[pid  4083] futex(0x7fc88689d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4083] futex(0x7fc88689d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} <unfinished ...>
[pid  4084] <... futex resumed>)        = 1
[  179.312036][  T154] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 37ms
[  179.321029][  T154] gfs2: fsid=syz:syz.0: jid=0: Done
[  179.326285][ T4084] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  179.348978][ T4084] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[pid  4084] openat(AT_FDCWD, "./file0", O_RDONLY <unfinished ...>
[pid  4083] <... futex resumed>)        = -1 ETIMEDOUT (Connection timed out)
[pid  4083] futex(0x7fc88689d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0
[pid  4083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fc87f371000
[pid  4083] mprotect(0x7fc87f372000, 131072, PROT_READ|PROT_WRITE) = 0
[pid  4083] clone(child_stack=0x7fc87f3913f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[4085], tls=0x7fc87f391700, child_tidptr=0x7fc87f3919d0) = 4085
[pid  4083] futex(0x7fc88689d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0
./strace-static-x86_64: Process 4085 attached
[pid  4085] set_robust_list(0x7fc87f3919e0, 24) = 0
[  179.358504][ T4084] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  179.358504][ T4084]   inode = 12 2341
[  179.358504][ T4084]   function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 602
[  179.377240][ T4084] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:3 m:20 p:1
[  179.386631][ T4084] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4084 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  179.396968][ T4084] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  179.405254][ T4085] gfs2: fsid=syz:syz.0: gfs2_dirent_offset: wrong block type 1577058308
[  179.406470][ T4084] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  179.420976][ T4084] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  179.429769][ T4084] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  179.436470][ T4084] gfs2: fsid=syz:syz.0: File system withdrawn
[  179.442606][ T4085] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:qob t:SH d:EX/0 a:0 v:0 r:4 m:20 p:1
[  179.451759][ T4084] CPU: 1 PID: 4084 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  179.462175][ T4084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  179.472222][ T4084] Call Trace:
[  179.475494][ T4084]  <TASK>
[  179.478418][ T4084]  dump_stack_lvl+0x1b1/0x28e
[  179.483100][ T4084]  ? nf_tcp_handle_invalid+0x62e/0x62e
[  179.488549][ T4084]  ? panic+0x710/0x710
[  179.492607][ T4084]  ? kobject_uevent_env+0x46b/0x8e0
[  179.497796][ T4084]  ? do_raw_spin_unlock+0x134/0x8a0
[  179.502995][ T4084]  gfs2_withdraw+0xf33/0x1540
[  179.507676][ T4084]  ? gfs2_lm+0x220/0x220
[  179.511909][ T4084]  ? gfs2_dirent_scan+0xb6/0x650
[  179.516840][ T4084]  ? panic+0x710/0x710
[  179.520900][ T4084]  ? gfs2_permission+0x2ff/0x430
[  179.525834][ T4084]  ? gfs2_consist_inode_i+0xf3/0x110
[  179.531112][ T4084]  gfs2_dirent_scan+0x535/0x650
[  179.535963][ T4084]  ? gfs2_dirent_search+0xb10/0xb10
[  179.541158][ T4084]  gfs2_dirent_search+0x2ea/0xb10
[  179.546180][ T4084]  ? gfs2_dirent_search+0xb10/0xb10
[  179.551374][ T4084]  ? gfs2_dir_search+0x2a0/0x2a0
[  179.556303][ T4084]  ? gfs2_permission+0x3bf/0x430
[  179.561240][ T4084]  gfs2_dir_search+0x8c/0x2a0
[  179.565914][ T4084]  ? do_filldir_main+0x530/0x530
[  179.570847][ T4084]  ? inode_go_held+0xe4/0x1f0
[  179.575537][ T4084]  ? gfs2_glock_wait+0x213/0x2a0
[  179.580479][ T4084]  gfs2_lookupi+0x465/0x650
[  179.584990][ T4084]  ? gfs2_lookup_simple+0x170/0x170
[  179.590196][ T4084]  ? __gfs2_lookup+0x8c/0x260
[  179.594926][ T4084]  __gfs2_lookup+0x8c/0x260
[  179.599434][ T4084]  ? gfs2_atomic_open+0x230/0x230
[  179.604458][ T4084]  ? __d_lookup+0x6a4/0x770
[  179.608970][ T4084]  ? d_hash_and_lookup+0x1c0/0x1c0
[  179.614084][ T4084]  gfs2_atomic_open+0xa4/0x230
[  179.618858][ T4084]  path_openat+0xf39/0x2df0
[  179.624236][ T4084]  ? gfs2_rename2+0x3000/0x3000
[  179.629107][ T4084]  ? do_filp_open+0x4f0/0x4f0
[  179.633797][ T4084]  do_filp_open+0x264/0x4f0
[  179.638302][ T4084]  ? vfs_tmpfile+0x490/0x490
[  179.642919][ T4084]  ? do_raw_spin_unlock+0x134/0x8a0
[  179.648116][ T4084]  ? _raw_spin_unlock+0x24/0x40
[  179.652965][ T4084]  ? alloc_fd+0x5a7/0x640
[  179.657299][ T4084]  do_sys_openat2+0x124/0x4e0
[  179.661972][ T4084]  ? print_irqtrace_events+0x220/0x220
[  179.667442][ T4084]  ? ptrace_stop+0x74d/0x970
[  179.672058][ T4084]  ? do_sys_open+0x220/0x220
[  179.676667][ T4084]  ? lockdep_hardirqs_on+0x8d/0x130
[  179.681869][ T4084]  ? _raw_spin_unlock_irq+0x2a/0x40
[  179.687071][ T4084]  ? ptrace_notify+0x245/0x340
[  179.691827][ T4084]  __x64_sys_openat+0x243/0x290
[  179.696678][ T4084]  ? __ia32_sys_open+0x270/0x270
[  179.701615][ T4084]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  179.707591][ T4084]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  179.713596][ T4084]  do_syscall_64+0x3d/0xb0
[  179.718098][ T4084]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  179.723988][ T4084] RIP: 0033:0x7fc8868064d9
[  179.728409][ T4084] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  179.748269][ T4084] RSP: 002b:00007fc8867b2318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[pid  4085] openat(AT_FDCWD, "./cgroup.cpu/syz1", O_RDWR|O_PATH <unfinished ...>
[pid  4084] <... openat resumed>)       = -1 EIO (Input/output error)
[pid  4084] futex(0x7fc88689d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0
[  179.756696][ T4084] RAX: ffffffffffffffda RBX: 00007fc88689d7a8 RCX: 00007fc8868064d9
[  179.764659][ T4084] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00000000ffffff9c
[  179.772623][ T4084] RBP: 00007fc88689d7a0 R08: 0000000000000000 R09: 0000000000000000
[  179.780583][ T4084] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  179.788546][ T4084] R13: 00007ffe2e4164af R14: 00007fc8867b2400 R15: 0000000000022000
[  179.796545][ T4084]  </TASK>
[  179.800356][ T4085] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:4084 [syz-executor337] __gfs2_lookup+0x8c/0x260
[  179.810595][ T4085] general protection fault, probably for non-canonical address 0xedd3ea0f5f858324: 0000 [#1] PREEMPT SMP KASAN
[  179.822323][ T4085] KASAN: maybe wild-memory-access in range [0x6e9f707afc2c1920-0x6e9f707afc2c1927]
[  179.831585][ T4085] CPU: 0 PID: 4085 Comm: syz-executor337 Not tainted 6.1.0-rc8-syzkaller-00154-g296a7b7eb792 #0
[  179.841978][ T4085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[  179.852017][ T4085] RIP: 0010:gfs2_dump_glock+0xd7b/0x1b60
[  179.857644][ T4085] Code: 05 3c be ac 0a 01 48 c7 c7 00 32 3c 8b be e4 02 00 00 48 c7 c2 40 32 3c 8b e8 a1 85 b5 fd 90 4d 8d 65 20 4d 89 e6 49 c1 ee 03 <43> 0f b6 04 3e 84 c0 0f 85 c6 07 00 00 41 0f b7 1c 24 89 de 81 e6
[  179.877258][ T4085] RSP: 0018:ffffc900043beda0 EFLAGS: 00010206
[  179.883315][ T4085] RAX: ffffffff83b5273f RBX: ffffc900043af750 RCX: ffff88802727ba80
[  179.891286][ T4085] RDX: 0000000000000000 RSI: ffffffff8b4b3f80 RDI: ffffffff8b4b3f40
[  179.899256][ T4085] RBP: ffffc900043bf088 R08: dffffc0000000000 R09: fffffbfff20b2e29
[  179.907219][ T4085] R10: fffffbfff20b2e29 R11: 1ffffffff20b2e28 R12: 6e9f707afc2c1920
[  179.915191][ T4085] R13: 6e9f707afc2c1900 R14: 0dd3ee0f5f858324 R15: dffffc0000000000
[  179.923146][ T4085] FS:  00007fc87f391700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[  179.932058][ T4085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  179.938623][ T4085] CR2: 00007fc886847bb0 CR3: 00000000277a7000 CR4: 00000000003506f0
[  179.946585][ T4085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  179.954547][ T4085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  179.962517][ T4085] Call Trace:
[  179.965783][ T4085]  <TASK>
[  179.968723][ T4085]  ? gfs2_glock_free+0xdc0/0xdc0
[  179.973649][ T4085]  ? llist_add_batch+0x154/0x1b0
[  179.978575][ T4085]  ? find_next_clump8+0x1b0/0x1b0
[  179.983587][ T4085]  ? preempt_schedule_common+0xb7/0xe0
[  179.989030][ T4085]  ? preempt_schedule+0xb6/0xc0
[  179.993871][ T4085]  ? gfs2_dirent_scan+0xb6/0x650
[  179.998967][ T4085]  ? panic+0x710/0x710
[  180.003019][ T4085]  ? gfs2_permission+0x2ff/0x430
[  180.007954][ T4085]  gfs2_consist_inode_i+0xf3/0x110
[  180.013064][ T4085]  gfs2_dirent_scan+0x535/0x650
[  180.017901][ T4085]  ? gfs2_dirent_search+0xb10/0xb10
[  180.023081][ T4085]  gfs2_dirent_search+0x2ea/0xb10
[  180.028090][ T4085]  ? gfs2_dirent_search+0xb10/0xb10
[  180.033271][ T4085]  ? gfs2_dir_search+0x2a0/0x2a0
[  180.038192][ T4085]  ? gfs2_permission+0x3bf/0x430
[  180.043130][ T4085]  gfs2_dir_search+0x8c/0x2a0
[  180.047808][ T4085]  ? do_filldir_main+0x530/0x530
[  180.052727][ T4085]  ? inode_go_held+0xe4/0x1f0
[  180.057477][ T4085]  ? gfs2_glock_wait+0x213/0x2a0
[  180.062398][ T4085]  gfs2_lookupi+0x465/0x650
[  180.066885][ T4085]  ? gfs2_lookup_simple+0x170/0x170
[  180.072064][ T4085]  ? __gfs2_lookup+0x8c/0x260
[  180.076722][ T4085]  ? d_alloc_parallel+0x1144/0x1240
[  180.081906][ T4085]  ? memset+0x1f/0x40
[  180.085883][ T4085]  __gfs2_lookup+0x8c/0x260
[  180.090376][ T4085]  ? gfs2_atomic_open+0x230/0x230
[  180.095414][ T4085]  ? d_hash_and_lookup+0x1c0/0x1c0
[  180.100524][ T4085]  ? __init_waitqueue_head+0xa6/0x140
[  180.105900][ T4085]  __lookup_slow+0x266/0x3a0
[  180.110497][ T4085]  ? lookup_one_len+0x690/0x690
[  180.115337][ T4085]  ? try_to_unlazy+0x687/0xb80
[  180.120089][ T4085]  ? crc32_le_base+0x589/0xd00
[  180.124836][ T4085]  ? __down_read_common+0x156/0x2a0
[  180.130016][ T4085]  lookup_slow+0x53/0x70
[  180.134253][ T4085]  link_path_walk+0xa06/0xf00
[  180.138933][ T4085]  ? handle_lookup_down+0x130/0x130
[  180.144120][ T4085]  path_lookupat+0xab/0x450
[  180.148611][ T4085]  do_o_path+0x84/0x240
[  180.152767][ T4085]  ? do_tmpfile+0x330/0x330
[  180.157262][ T4085]  path_openat+0x2812/0x2df0
[  180.161846][ T4085]  ? stack_trace_save+0x104/0x1e0
[  180.166856][ T4085]  ? stack_trace_snprint+0xf0/0xf0
[  180.172131][ T4085]  ? rcu_read_lock_sched_held+0x87/0x110
[  180.177745][ T4085]  ? __stack_depot_save+0x36/0x4a0
[  180.182845][ T4085]  ? mark_lock+0x9a/0x350
[  180.187164][ T4085]  ? do_filp_open+0x4f0/0x4f0
[  180.191823][ T4085]  ? rcu_read_lock_sched_held+0x87/0x110
[  180.197437][ T4085]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[  180.203410][ T4085]  do_filp_open+0x264/0x4f0
[  180.207910][ T4085]  ? vfs_tmpfile+0x490/0x490
[  180.212485][ T4085]  ? do_raw_spin_unlock+0x134/0x8a0
[  180.217670][ T4085]  ? _raw_spin_unlock+0x24/0x40
[  180.222504][ T4085]  ? alloc_fd+0x5a7/0x640
[  180.226822][ T4085]  do_sys_openat2+0x124/0x4e0
[  180.231503][ T4085]  ? print_irqtrace_events+0x220/0x220
[  180.236940][ T4085]  ? ptrace_stop+0x74d/0x970
[  180.241511][ T4085]  ? do_sys_open+0x220/0x220
[  180.246082][ T4085]  ? lockdep_hardirqs_on+0x8d/0x130
[  180.251263][ T4085]  ? _raw_spin_unlock_irq+0x2a/0x40
[  180.256450][ T4085]  ? ptrace_notify+0x245/0x340
[  180.261226][ T4085]  __x64_sys_openat+0x243/0x290
[  180.266066][ T4085]  ? __ia32_sys_open+0x270/0x270
[  180.270991][ T4085]  ? syscall_enter_from_user_mode+0x2e/0x1d0
[  180.276961][ T4085]  ? syscall_enter_from_user_mode+0x86/0x1d0
[  180.282930][ T4085]  do_syscall_64+0x3d/0xb0
[  180.287335][ T4085]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  180.293218][ T4085] RIP: 0033:0x7fc8868064d9
[  180.297627][ T4085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  180.317217][ T4085] RSP: 002b:00007fc87f391318 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  180.325703][ T4085] RAX: ffffffffffffffda RBX: 00007fc88689d7b8 RCX: 00007fc8868064d9
[  180.333668][ T4085] RDX: 0000000000200002 RSI: 00000000200001c0 RDI: ffffffffffffff9c
[  180.342406][ T4085] RBP: 00007fc88689d7b0 R08: 00007fc87f391700 R09: 0000000000000000
[  180.350371][ T4085] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[  180.358339][ T4085] R13: 00007ffe2e4164af R14: 00007fc87f391400 R15: 0000000000022000
[  180.366301][ T4085]  </TASK>
[  180.369306][ T4085] Modules linked in:
[  180.373526][ T4085] ---[ end trace 0000000000000000 ]---
[  180.379211][ T4085] RIP: 0010:gfs2_dump_glock+0xd7b/0x1b60
[  180.384923][ T4085] Code: 05 3c be ac 0a 01 48 c7 c7 00 32 3c 8b be e4 02 00 00 48 c7 c2 40 32 3c 8b e8 a1 85 b5 fd 90 4d 8d 65 20 4d 89 e6 49 c1 ee 03 <43> 0f b6 04 3e 84 c0 0f 85 c6 07 00 00 41 0f b7 1c 24 89 de 81 e6
[  180.404792][ T4085] RSP: 0018:ffffc900043beda0 EFLAGS: 00010206
[  180.411021][ T4085] RAX: ffffffff83b5273f RBX: ffffc900043af750 RCX: ffff88802727ba80
[  180.418984][ T4085] RDX: 0000000000000000 RSI: ffffffff8b4b3f80 RDI: ffffffff8b4b3f40
[  180.427224][ T4085] RBP: ffffc900043bf088 R08: dffffc0000000000 R09: fffffbfff20b2e29
[  180.435380][ T4085] R10: fffffbfff20b2e29 R11: 1ffffffff20b2e28 R12: 6e9f707afc2c1920
[  180.443512][ T4085] R13: 6e9f707afc2c1900 R14: 0dd3ee0f5f858324 R15: dffffc0000000000
[  180.451719][ T4085] FS:  00007fc87f391700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[pid  4084] futex(0x7fc88689d7a8, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...>
[pid  4083] exit_group(0)               = ?
[pid  4084] <... futex resumed>)        = ?
[pid  4084] +++ exited with 0 +++
[  180.460801][ T4085] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  180.467375][ T4085] CR2: 00007fc886847bb0 CR3: 00000000277a7000 CR4: 00000000003506f0
[  180.475539][ T4085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  180.483656][ T4085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  180.492565][ T4085] Kernel panic - not syncing: Fatal exception
[  180.498804][ T4085] Kernel Offset: disabled
[  180.503122][ T4085] Rebooting in 86400 seconds..