./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3192145838

<...>
Warning: Permanently added '10.128.0.102' (ED25519) to the list of known hosts.
execve("./syz-executor3192145838", ["./syz-executor3192145838"], 0x7ffc63dc6220 /* 10 vars */) = 0
brk(NULL)                               = 0x555557a4f000
brk(0x555557a4fd00)                     = 0x555557a4fd00
arch_prctl(ARCH_SET_FS, 0x555557a4f380) = 0
set_tid_address(0x555557a4f650)         = 5851
set_robust_list(0x555557a4f660, 24)     = 0
rseq(0x555557a4fca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor3192145838", 4096) = 28
getrandom("\xab\xda\xe0\x31\x30\x89\xd6\xa3", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555557a4fd00
brk(0x555557a70d00)                     = 0x555557a70d00
brk(0x555557a71000)                     = 0x555557a71000
mprotect(0x7feaaad64000, 16384, PROT_READ) = 0
mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000
mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000
mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000
mkdir("./syzkaller.IzZbSi", 0700)       = 0
chmod("./syzkaller.IzZbSi", 0777)       = 0
chdir("./syzkaller.IzZbSi")             = 0
mkdir("./0", 0777)                      = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555557a4f650) = 5852
./strace-static-x86_64: Process 5852 attached
[pid  5852] set_robust_list(0x555557a4f660, 24) = 0
[pid  5852] chdir("./0")                = 0
[pid  5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5852] setpgid(0, 0)               = 0
[pid  5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5852] write(3, "1000", 4)         = 4
[pid  5852] close(3)                    = 0
[pid  5852] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid  5852] write(1, "executing program\n", 18) = 18
[pid  5852] mknodat(AT_FDCWD, "./file0", 000) = 0
[pid  5852] write(-1, "\x15\x00\x00\x00\x65\xff\xff\x01\x7f\x00\x0e\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = -1 EBADF (Bad file descriptor)
[pid  5852] pipe2([3, 4], 0)            = 0
[pid  5852] write(4, "\x15\x00\x00\x00\x65\xff\xff\x01\x7f\x00\x0e\x08\x00\x39\x50\x32\x30\x30\x30\x00\x00", 21) = 21
[pid  5852] dup(4)                      = 5
[pid  5852] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24
[pid  5852] write(5, "\xb0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 176) = 176
[pid  5852] write(5, "\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 24) = 24
[pid  5852] write(5, "\x50\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x29\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x04\x00\x3b\x05\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 80) = 80
[pid  5852] mount(NULL, "./file0", "9p", MS_DIRSYNC, "trans=fd,rfdno=0x0000000000000003,wfdno=0x0000000000000005,") = 0
[pid  5852] openat(AT_FDCWD, "./file0", O_RDWR|O_CREAT|O_NONBLOCK|O_NOFOLLOW, 000) = 6
[pid  5852] mmap(0x200000000000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 6, 0x75e7f000) = 0x200000000000
[pid  5852] read(6, 0x200000000680, 8224) = -1 EIO (Input/output error)
[pid  5852] exit_group(0)               = ?
[pid  5852] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
[  129.685085][ T5852] netfs: Couldn't get user pages (rc=-14)
[  129.690899][ T5852] netfs: Zero-sized read [R=1]
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x555557a506f0 /* 4 entries */, 32768) = 112
[  286.335400][   T31] INFO: task syz-executor319:5851 blocked for more than 143 seconds.
[  286.343602][   T31]       Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0
[  286.350877][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  286.359588][   T31] task:syz-executor319 state:D stack:25160 pid:5851  tgid:5851  ppid:5848   task_flags:0x400100 flags:0x00004002
[  286.371647][   T31] Call Trace:
[  286.375010][   T31]  <TASK>
[  286.377951][   T31]  __schedule+0x16a2/0x4cb0
[  286.382488][   T31]  ? do_raw_spin_lock+0x121/0x290
[  286.387535][   T31]  ? schedule+0x165/0x360
[  286.391866][   T31]  ? __lock_acquire+0xab9/0xd20
[  286.396767][   T31]  ? __pfx___schedule+0x10/0x10
[  286.401627][   T31]  ? schedule+0x91/0x360
[  286.405893][   T31]  schedule+0x165/0x360
[  286.410051][   T31]  v9fs_evict_inode+0x170/0x320
[  286.414950][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  286.420338][   T31]  ? __pfx_var_wake_function+0x10/0x10
[  286.425827][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  286.431032][   T31]  ? __pfx_v9fs_evict_inode+0x10/0x10
[  286.436438][   T31]  evict+0x501/0x9c0
[  286.440339][   T31]  ? __pfx_evict+0x10/0x10
[  286.444768][   T31]  ? do_raw_spin_unlock+0x122/0x240
[  286.449966][   T31]  ? _raw_spin_unlock+0x28/0x50
[  286.454859][   T31]  ? iput+0x6d8/0x9d0
[  286.458846][   T31]  __dentry_kill+0x209/0x660
[  286.463456][   T31]  ? dput+0x37/0x2b0
[  286.467352][   T31]  dput+0x19f/0x2b0
[  286.471148][   T31]  shrink_dcache_for_umount+0xa0/0x170
[  286.476648][   T31]  generic_shutdown_super+0x67/0x2c0
[  286.481935][   T31]  kill_anon_super+0x3b/0x70
[  286.486551][   T31]  v9fs_kill_super+0x4c/0x90
[  286.491143][   T31]  deactivate_locked_super+0xbc/0x130
[  286.496577][   T31]  cleanup_mnt+0x425/0x4c0
[  286.501004][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.506254][   T31]  task_work_run+0x1d1/0x260
[  286.510861][   T31]  ? __pfx_task_work_run+0x10/0x10
[  286.516024][   T31]  ? __x64_sys_umount+0x122/0x160
[  286.521065][   T31]  ptrace_notify+0x281/0x2c0
[  286.525682][   T31]  ? __pfx_ptrace_notify+0x10/0x10
[  286.530796][   T31]  ? __x64_sys_umount+0x122/0x160
[  286.535852][   T31]  ? __pfx___x64_sys_umount+0x10/0x10
[  286.541231][   T31]  syscall_exit_work+0xc6/0x1d0
[  286.546106][   T31]  do_syscall_64+0x2ad/0x3b0
[  286.550699][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.555927][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.561993][   T31]  ? clear_bhb_loop+0x60/0xb0
[  286.566696][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.572586][   T31] RIP: 0033:0x7feaaacf2747
[  286.577077][   T31] RSP: 002b:00007ffc3beca448 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  286.585581][   T31] RAX: 0000000000000000 RBX: 000000000001fa00 RCX: 00007feaaacf2747
[  286.593842][   T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc3beca500
[  286.601815][   T31] RBP: 00007ffc3beca500 R08: 0000000000000000 R09: 0000000000000000
[  286.609800][   T31] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffc3becb570
[  286.617831][   T31] R13: 0000555557a506c0 R14: 00007ffc3becb570 R15: 0000000000000001
[  286.625905][   T31]  </TASK>
[  286.628938][   T31] 
[  286.628938][   T31] Showing all locks held in the system:
[  286.636697][   T31] 1 lock held by khungtaskd/31:
[  286.641550][   T31]  #0: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  286.651478][   T31] 2 locks held by getty/5590:
[  286.656184][   T31]  #0: ffff8880352da0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  286.665943][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  286.676085][   T31] 1 lock held by syz-executor319/5851:
[  286.681517][   T31]  #0: ffff88802a1740e0 (&type->s_umount_key#43){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  286.691711][   T31] 
[  286.694050][   T31] =============================================
[  286.694050][   T31] 
[  286.702443][   T31] NMI backtrace for cpu 0
[  286.702458][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  286.702469][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.702474][   T31] Call Trace:
[  286.702479][   T31]  <TASK>
[  286.702483][   T31]  dump_stack_lvl+0x189/0x250
[  286.702499][   T31]  ? __wake_up_klogd+0xd9/0x110
[  286.702512][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.702525][   T31]  ? __pfx__printk+0x10/0x10
[  286.702540][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  286.702552][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  286.702561][   T31]  ? _printk+0xcf/0x120
[  286.702572][   T31]  ? __pfx__printk+0x10/0x10
[  286.702581][   T31]  ? debug_show_all_locks+0x2e/0x180
[  286.702595][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  286.702608][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  286.702619][   T31]  watchdog+0xfee/0x1030
[  286.702634][   T31]  ? watchdog+0x1de/0x1030
[  286.702649][   T31]  kthread+0x70e/0x8a0
[  286.702661][   T31]  ? __pfx_watchdog+0x10/0x10
[  286.702672][   T31]  ? __pfx_kthread+0x10/0x10
[  286.702682][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.702693][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.702703][   T31]  ? __pfx_kthread+0x10/0x10
[  286.702722][   T31]  ret_from_fork+0x3f9/0x770
[  286.702745][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  286.702769][   T31]  ? __switch_to_asm+0x39/0x70
[  286.702784][   T31]  ? __switch_to_asm+0x33/0x70
[  286.702794][   T31]  ? __pfx_kthread+0x10/0x10
[  286.702804][   T31]  ret_from_fork_asm+0x1a/0x30
[  286.702820][   T31]  </TASK>
[  286.858080][   T31] Sending NMI from CPU 0 to CPUs 1:
[  286.863338][    C1] NMI backtrace for cpu 1
[  286.863351][    C1] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  286.863368][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.863377][    C1] Workqueue: events_unbound toggle_allocation_gate
[  286.863398][    C1] RIP: 0010:___pte_offset_map+0xe/0x2c0
[  286.863416][    C1] Code: e8 17 6c f7 ff 90 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 41 57 41 56 41 55 41 54 53 <50> 49 89 d7 48 89 f3 49 89 fe e8 93 dc b1 ff e8 5e 5c 99 ff 48 8d
[  286.863427][    C1] RSP: 0018:ffffc90000ba7630 EFLAGS: 00000293
[  286.863439][    C1] RAX: ffffffff820e74ad RBX: ffff88801a47aaa8 RCX: ffff8881416e5a00
[  286.863450][    C1] RDX: ffffc90000ba7698 RSI: 00002aaaaaaab000 RDI: ffff88801a47aaa8
[  286.863461][    C1] RBP: ffffc90000ba7830 R08: ffffea0000085a87 R09: 1ffffd4000010b50
[  286.863471][    C1] R10: dffffc0000000000 R11: fffff94000010b51 R12: ffffffff8216afbd
[  286.863482][    C1] R13: fffffffffffffeff R14: ffffc90000ba77c0 R15: 00002aaaaaaab000
[  286.863492][    C1] FS:  0000000000000000(0000) GS:ffff888125d89000(0000) knlGS:0000000000000000
[  286.863504][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.863514][    C1] CR2: 0000557a0c0ae660 CR3: 000000000df38000 CR4: 00000000003526f0
[  286.863527][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  286.863535][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  286.863544][    C1] Call Trace:
[  286.863550][    C1]  <TASK>
[  286.863556][    C1]  ? kmem_cache_alloc_node_noprof+0x8d/0x3c0
[  286.863575][    C1]  __pte_offset_map_lock+0x46/0x210
[  286.863590][    C1]  ? kmem_cache_alloc_node_noprof+0x8d/0x3c0
[  286.863608][    C1]  ? kmem_cache_alloc_node_noprof+0x8d/0x3c0
[  286.863624][    C1]  __text_poke+0x2e6/0xa10
[  286.863641][    C1]  ? __pfx_text_poke_memcpy+0x10/0x10
[  286.863655][    C1]  ? kmem_cache_alloc_node_noprof+0x8d/0x3c0
[  286.863671][    C1]  ? __pfx___text_poke+0x10/0x10
[  286.863683][    C1]  ? rcu_is_watching+0x15/0xb0
[  286.863701][    C1]  ? trace_contention_end+0x39/0x120
[  286.863721][    C1]  smp_text_poke_batch_finish+0xd0a/0x1100
[  286.863739][    C1]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  286.863755][    C1]  ? arch_jump_label_transform_queue+0x97/0x110
[  286.863776][    C1]  arch_jump_label_transform_apply+0x1c/0x30
[  286.863792][    C1]  static_key_enable_cpuslocked+0x128/0x250
[  286.863807][    C1]  static_key_enable+0x1a/0x20
[  286.863820][    C1]  toggle_allocation_gate+0xad/0x240
[  286.863837][    C1]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  286.863853][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  286.863875][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  286.863891][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  286.863909][    C1]  process_scheduled_works+0xade/0x17b0
[  286.863940][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  286.863965][    C1]  worker_thread+0x8a0/0xda0
[  286.863994][    C1]  kthread+0x70e/0x8a0
[  286.864010][    C1]  ? __pfx_worker_thread+0x10/0x10
[  286.864033][    C1]  ? __pfx_kthread+0x10/0x10
[  286.864048][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  286.864063][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.864078][    C1]  ? __pfx_kthread+0x10/0x10
[  286.864092][    C1]  ret_from_fork+0x3f9/0x770
[  286.864110][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  286.864128][    C1]  ? __switch_to_asm+0x39/0x70
[  286.864141][    C1]  ? __switch_to_asm+0x33/0x70
[  286.864154][    C1]  ? __pfx_kthread+0x10/0x10
[  286.864168][    C1]  ret_from_fork_asm+0x1a/0x30
[  286.864188][    C1]  </TASK>
[  286.864335][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  287.212777][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-12058-g64980441d269 #0 PREEMPT(full) 
[  287.224234][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.234290][   T31] Call Trace:
[  287.237562][   T31]  <TASK>
[  287.240484][   T31]  dump_stack_lvl+0x99/0x250
[  287.245069][   T31]  ? __asan_memcpy+0x40/0x70
[  287.249645][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.254834][   T31]  ? __pfx__printk+0x10/0x10
[  287.259422][   T31]  panic+0x2db/0x790
[  287.263310][   T31]  ? __pfx_panic+0x10/0x10
[  287.267718][   T31]  ? __pfx_delay_tsc+0x10/0x10
[  287.272467][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  287.278270][   T31]  ? irq_work_queue+0xc3/0x140
[  287.283030][   T31]  watchdog+0x102d/0x1030
[  287.287349][   T31]  ? watchdog+0x1de/0x1030
[  287.291757][   T31]  kthread+0x70e/0x8a0
[  287.295815][   T31]  ? __pfx_watchdog+0x10/0x10
[  287.300480][   T31]  ? __pfx_kthread+0x10/0x10
[  287.305059][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  287.310244][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.315429][   T31]  ? __pfx_kthread+0x10/0x10
[  287.320008][   T31]  ret_from_fork+0x3f9/0x770
[  287.324592][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  287.329695][   T31]  ? __switch_to_asm+0x39/0x70
[  287.334447][   T31]  ? __switch_to_asm+0x33/0x70
[  287.339194][   T31]  ? __pfx_kthread+0x10/0x10
[  287.343775][   T31]  ret_from_fork_asm+0x1a/0x30
[  287.348536][   T31]  </TASK>
[  287.351763][   T31] Kernel Offset: disabled
[  287.356073][   T31] Rebooting in 86400 seconds..