./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor66301388

<...>
Warning: Permanently added '10.128.0.139' (ED25519) to the list of known hosts.
execve("./syz-executor66301388", ["./syz-executor66301388"], 0x7ffd5830d2d0 /* 10 vars */) = 0
brk(NULL)                               = 0x555555699000
brk(0x555555699d00)                     = 0x555555699d00
arch_prctl(ARCH_SET_FS, 0x555555699380) = 0
set_tid_address(0x555555699650)         = 5020
set_robust_list(0x555555699660, 24)     = 0
rseq(0x555555699ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor66301388", 4096) = 26
getrandom("\xd5\x6a\x55\x85\x8d\x3a\xed\x87", 8, GRND_NONBLOCK) = 8
brk(NULL)                               = 0x555555699d00
brk(0x5555556bad00)                     = 0x5555556bad00
brk(0x5555556bb000)                     = 0x5555556bb000
mprotect(0x7fe6b9894000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.efstIj", 0700)       = 0
chmod("./syzkaller.efstIj", 0777)       = 0
chdir("./syzkaller.efstIj")             = 0
mkdir("./0", 0777)                      = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR)  = 3
ioctl(3, LOOP_CLR_FD)                   = -1 ENXIO (No such device or address)
close(3)                                = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555699650) = 5021
./strace-static-x86_64: Process 5021 attached
[pid  5021] set_robust_list(0x555555699660, 24) = 0
[pid  5021] chdir("./0")                = 0
[pid  5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid  5021] setpgid(0, 0)               = 0
[pid  5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid  5021] write(3, "1000", 4)         = 4
[pid  5021] close(3)                    = 0
[pid  5021] symlink("/dev/binderfs", "./binderfs") = 0
[pid  5021] memfd_create("syzkaller", 0) = 3
[pid  5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe6b13cf000
[   47.361960][ T5021] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5021 'syz-executor663'
[pid  5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid  5021] munmap(0x7fe6b13cf000, 16777216) = 0
[pid  5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid  5021] ioctl(4, LOOP_SET_FD, 3)    = 0
[pid  5021] close(3)                    = 0
[pid  5021] mkdir("./file0", 0777)      = 0
[   47.548168][ T5021] loop0: detected capacity change from 0 to 32768
[   47.563521][ T5021] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[   47.572012][ T5021] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[   47.585514][ T5021] gfs2: fsid=syz:syz.0: journal 0 mapped with 12 extents in 0ms
[   47.595865][  T912] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[   47.602871][  T912] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[   47.628664][  T912] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 25ms
[   47.636600][  T912] gfs2: fsid=syz:syz.0: jid=0: Done
[pid  5021] mount("/dev/loop0", "./file0", "gfs2", MS_RDONLY|MS_STRICTATIME|MS_LAZYTIME, "") = 0
[pid  5021] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid  5021] chdir("./file0")            = 0
[pid  5021] ioctl(4, LOOP_CLR_FD)       = 0
[pid  5021] close(4)                    = 0
[pid  5021] fspick(AT_FDCWD, ".", 0)    = 4
[   47.642467][ T5021] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid  5021] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0) = 0
[pid  5021] exit_group(0)               = ?
[pid  5021] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=30 /* 0.30 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555569a6f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs")                  = 0
[   47.745254][ T5021] gfs2: fsid=syz:syz.0: found 1 quota changes
[   70.742401][    T7] cfg80211: failed to load regulatory.db
[  285.776807][   T28] INFO: task syz-executor663:5020 blocked for more than 143 seconds.
[  285.784996][   T28]       Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[  285.792591][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  285.801335][   T28] task:syz-executor663 state:D stack:27216 pid:5020  ppid:5017   flags:0x00004002
[  285.810649][   T28] Call Trace:
[  285.813938][   T28]  <TASK>
[  285.816932][   T28]  __schedule+0xee1/0x59f0
[  285.821449][   T28]  ? io_schedule_timeout+0x150/0x150
[  285.826788][   T28]  ? timer_fixup_activate+0x2b0/0x2b0
[  285.832268][   T28]  ? mark_held_locks+0x9f/0xe0
[  285.837336][   T28]  schedule+0xe7/0x1b0
[  285.841432][   T28]  schedule_timeout+0x157/0x2c0
[  285.846289][   T28]  ? usleep_range_state+0x1a0/0x1a0
[  285.851547][   T28]  ? destroy_timer_on_stack+0x20/0x20
[  285.857004][   T28]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[  285.862831][   T28]  ? prepare_to_wait_event+0xcf/0x690
[  285.868340][   T28]  gfs2_gl_hash_clear+0x210/0x290
[  285.873395][   T28]  ? gfs2_gl_dq_holders+0x250/0x250
[  285.878713][   T28]  ? gfs2_jindex_free+0x3c7/0x540
[  285.883795][   T28]  ? prepare_to_swait_exclusive+0x240/0x240
[  285.889744][   T28]  ? gfs2_clear_rgrpd+0x52/0x330
[  285.894721][   T28]  gfs2_put_super+0x4f5/0x690
[  285.899477][   T28]  ? free_local_statfs_inodes+0x350/0x350
[  285.905241][   T28]  generic_shutdown_super+0x158/0x480
[  285.910657][   T28]  kill_block_super+0x64/0xb0
[  285.915359][   T28]  gfs2_kill_sb+0x361/0x410
[  285.919955][   T28]  deactivate_locked_super+0x9a/0x170
[  285.925382][   T28]  deactivate_super+0xde/0x100
[  285.930233][   T28]  cleanup_mnt+0x222/0x3d0
[  285.934681][   T28]  task_work_run+0x14d/0x240
[  285.939428][   T28]  ? task_work_cancel+0x30/0x30
[  285.944338][   T28]  ptrace_notify+0x10c/0x130
[  285.948974][   T28]  syscall_exit_to_user_mode_prepare+0x120/0x220
[  285.955381][   T28]  syscall_exit_to_user_mode+0xd/0x60
[  285.960859][   T28]  do_syscall_64+0x44/0xb0
[  285.965307][   T28]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  285.971260][   T28] RIP: 0033:0x7fe6b980f347
[  285.975689][   T28] RSP: 002b:00007ffecec90cb8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[  285.984249][   T28] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe6b980f347
[  285.992265][   T28] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffecec90d70
[  286.000299][   T28] RBP: 00007ffecec90d70 R08: 0000000000000000 R09: 0000000000000000
[  286.008310][   T28] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007ffecec91dd0
[  286.016273][   T28] R13: 000055555569a6c0 R14: 0000000000000001 R15: 431bde82d7b634db
[  286.024402][   T28]  </TASK>
[  286.027476][   T28] 
[  286.027476][   T28] Showing all locks held in the system:
[  286.035210][   T28] 1 lock held by rcu_tasks_kthre/13:
[  286.040595][   T28]  #0: ffffffff8c9a67f0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[  286.051165][   T28] 1 lock held by rcu_tasks_trace/14:
[  286.056472][   T28]  #0: ffffffff8c9a64f0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x2c/0xe20
[  286.067552][   T28] 1 lock held by khungtaskd/28:
[  286.072442][   T28]  #0: ffffffff8c9a7400 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x340
[  286.082429][   T28] 2 locks held by getty/4772:
[  286.087182][   T28]  #0: ffff88814b6b8098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  286.097087][   T28]  #1: ffffc900015b02f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfcb/0x1480
[  286.107357][   T28] 1 lock held by syz-executor663/5020:
[  286.112824][   T28]  #0: ffff88807e7500e0 (&type->s_umount_key#42){+.+.}-{3:3}, at: deactivate_super+0xd6/0x100
[  286.123151][   T28] 
[  286.125482][   T28] =============================================
[  286.125482][   T28] 
[  286.133955][   T28] NMI backtrace for cpu 1
[  286.138391][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[  286.148218][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  286.158281][   T28] Call Trace:
[  286.161547][   T28]  <TASK>
[  286.164469][   T28]  dump_stack_lvl+0xd9/0x1b0
[  286.169072][   T28]  nmi_cpu_backtrace+0x277/0x380
[  286.173997][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  286.179194][   T28]  nmi_trigger_cpumask_backtrace+0x2ac/0x310
[  286.185175][   T28]  watchdog+0xf29/0x11b0
[  286.189426][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  286.195421][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  286.201414][   T28]  kthread+0x33a/0x430
[  286.205481][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  286.211113][   T28]  ret_from_fork+0x2c/0x70
[  286.215532][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  286.221162][   T28]  ret_from_fork_asm+0x11/0x20
[  286.225941][   T28]  </TASK>
[  286.229069][   T28] Sending NMI from CPU 1 to CPUs 0:
[  286.234304][    C0] NMI backtrace for cpu 0
[  286.234312][    C0] CPU: 0 PID: 47 Comm: kworker/u4:3 Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[  286.234325][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  286.234333][    C0] Workqueue: events_unbound toggle_allocation_gate
[  286.234349][    C0] RIP: 0010:inat_get_opcode_attribute+0x37/0x50
[  286.234365][    C0] Code: b6 db 48 b8 00 00 00 00 00 fc ff df 48 8d 3c 9d 40 42 b0 8b 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 <7c> 04 84 d2 75 09 8b 04 9d 40 42 b0 8b 5b c3 e8 25 ef b2 f7 eb f0
[  286.234376][    C0] RSP: 0018:ffffc90000b87820 EFLAGS: 00000202
[  286.234385][    C0] RAX: 0000000000000007 RBX: 000000000000000f RCX: 0000000000000000
[  286.234391][    C0] RDX: 0000000000000000 RSI: ffffffff8a272bfc RDI: ffffffff8bb0427c
[  286.234399][    C0] RBP: ffffc90000b87ac3 R08: 0000000000000001 R09: 0000000000000000
[  286.234406][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 000000000000000f
[  286.234412][    C0] R13: 000000000000000f R14: 0000000000000001 R15: dffffc0000000000
[  286.234422][    C0] FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[  286.234434][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  286.234442][    C0] CR2: 0000555c332aa780 CR3: 000000000c776000 CR4: 0000000000350ef0
[  286.234449][    C0] Call Trace:
[  286.234453][    C0]  <NMI>
[  286.234457][    C0]  ? nmi_cpu_backtrace+0x1d4/0x380
[  286.234469][    C0]  ? inat_get_opcode_attribute+0x37/0x50
[  286.234482][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x10
[  286.234499][    C0]  ? nmi_handle+0x145/0x400
[  286.234514][    C0]  ? irqentry_nmi_enter+0x7f/0x90
[  286.234530][    C0]  ? inat_get_opcode_attribute+0x37/0x50
[  286.234543][    C0]  ? default_do_nmi+0x69/0x160
[  286.234557][    C0]  ? exc_nmi+0x171/0x1e0
[  286.234569][    C0]  ? end_repeat_nmi+0x16/0x31
[  286.234586][    C0]  ? inat_get_opcode_attribute+0xc/0x50
[  286.234598][    C0]  ? inat_get_opcode_attribute+0x37/0x50
[  286.234611][    C0]  ? inat_get_opcode_attribute+0x37/0x50
[  286.234624][    C0]  ? inat_get_opcode_attribute+0x37/0x50
[  286.234636][    C0]  </NMI>
[  286.234639][    C0]  <TASK>
[  286.234642][    C0]  insn_get_prefixes+0x60c/0x1120
[  286.234658][    C0]  insn_get_opcode+0x462/0xa30
[  286.234673][    C0]  insn_get_modrm+0x30e/0x730
[  286.234685][    C0]  ? kmem_cache_alloc_bulk+0x197/0x7c0
[  286.234701][    C0]  insn_get_sib+0x1ad/0x320
[  286.234713][    C0]  insn_get_displacement+0x23a/0x680
[  286.234727][    C0]  insn_get_immediate+0x550/0x1c50
[  286.234739][    C0]  ? kmem_cache_alloc_bulk+0x197/0x7c0
[  286.234755][    C0]  insn_decode+0x2ae/0x340
[  286.234767][    C0]  text_poke_loc_init+0xc2/0x4d0
[  286.234778][    C0]  ? kmem_cache_alloc_bulk+0x197/0x7c0
[  286.234793][    C0]  ? text_poke_memset+0x60/0x60
[  286.234808][    C0]  ? kmem_cache_alloc_bulk+0x197/0x7c0
[  286.234822][    C0]  ? __jump_label_patch+0x173/0x340
[  286.234840][    C0]  arch_jump_label_transform_queue+0x97/0x100
[  286.234858][    C0]  __jump_label_update+0x125/0x420
[  286.234875][    C0]  jump_label_update+0x32e/0x410
[  286.234891][    C0]  static_key_disable_cpuslocked+0x154/0x1b0
[  286.234907][    C0]  static_key_disable+0x1a/0x20
[  286.234921][    C0]  toggle_allocation_gate+0x13f/0x250
[  286.234934][    C0]  ? wake_up_kfence_timer+0x30/0x30
[  286.234946][    C0]  ? spin_bug+0x1d0/0x1d0
[  286.234970][    C0]  process_one_work+0xaa2/0x16f0
[  286.234987][    C0]  ? lock_sync+0x190/0x190
[  286.235002][    C0]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  286.235017][    C0]  ? spin_bug+0x1d0/0x1d0
[  286.235035][    C0]  worker_thread+0x687/0x1110
[  286.235053][    C0]  ? process_one_work+0x16f0/0x16f0
[  286.235067][    C0]  kthread+0x33a/0x430
[  286.235079][    C0]  ? kthread_complete_and_exit+0x40/0x40
[  286.235092][    C0]  ret_from_fork+0x2c/0x70
[  286.235105][    C0]  ? kthread_complete_and_exit+0x40/0x40
[  286.235118][    C0]  ret_from_fork_asm+0x11/0x20
[  286.235139][    C0]  </TASK>
[  286.235302][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[  286.615415][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted 6.5.0-rc7-syzkaller-00104-g4f9e7fabf864 #0
[  286.625221][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  286.635267][   T28] Call Trace:
[  286.638539][   T28]  <TASK>
[  286.641467][   T28]  dump_stack_lvl+0xd9/0x1b0
[  286.646058][   T28]  panic+0x6a4/0x750
[  286.649963][   T28]  ? panic_smp_self_stop+0xa0/0xa0
[  286.655089][   T28]  ? irq_work_claim+0x76/0x90
[  286.659779][   T28]  ? lapic_can_unplug_cpu+0xa0/0xa0
[  286.664980][   T28]  ? irq_work_queue+0x2a/0x70
[  286.669657][   T28]  ? __wake_up_klogd.part.0+0x99/0xf0
[  286.675029][   T28]  ? watchdog+0xce1/0x11b0
[  286.679458][   T28]  watchdog+0xcf2/0x11b0
[  286.683735][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  286.689724][   T28]  ? proc_dohung_task_timeout_secs+0x90/0x90
[  286.695704][   T28]  kthread+0x33a/0x430
[  286.699766][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  286.705399][   T28]  ret_from_fork+0x2c/0x70
[  286.709822][   T28]  ? kthread_complete_and_exit+0x40/0x40
[  286.715453][   T28]  ret_from_fork_asm+0x11/0x20
[  286.720230][   T28]  </TASK>
[  286.723836][   T28] Kernel Offset: disabled
[  286.728155][   T28] Rebooting in 86400 seconds..