./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor561165241
<...>
Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts.
execve("./syz-executor561165241", ["./syz-executor561165241"], 0x7ffc564cc140 /* 10 vars */) = 0
brk(NULL) = 0x555557003000
brk(0x555557003c40) = 0x555557003c40
arch_prctl(ARCH_SET_FS, 0x555557003300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor561165241", 4096) = 27
brk(0x555557024c40) = 0x555557024c40
brk(0x555557025000) = 0x555557025000
mprotect(0x7fb010e8c000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached
, child_tidptr=0x5555570035d0) = 5083
[pid 5083] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5083] setsid() = 1
[pid 5083] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5083] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5083] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5083] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5083] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5083] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5083] unshare(CLONE_NEWNS) = 0
[pid 5083] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5083] unshare(CLONE_NEWIPC) = 0
[pid 5083] unshare(CLONE_NEWCGROUP) = 0
[pid 5083] unshare(CLONE_NEWUTS) = 0
[pid 5083] unshare(CLONE_SYSVSEM) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "16777216", 8) = 8
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "536870912", 9) = 9
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1024", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "8192", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1024", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1024", 4) = 4
[pid 5083] close(3) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5083] close(3) = 0
[pid 5083] getpid() = 1
[pid 5083] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5083] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5083] unshare(CLONE_NEWNET) = 0
[pid 5083] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5083] write(3, "0 65535", 7) = 7
[pid 5083] close(3) = 0
[pid 5083] mkdir("/dev/binderfs", 0777) = 0
[pid 5083] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5083] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5083] memfd_create("syzkaller", 0) = 3
[pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb0089be000
syzkaller login: [ 59.387780][ T5083] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5083 'syz-executor561'
[pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5083] munmap(0x7fb0089be000, 16777216) = 0
[pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5083] close(3) = 0
[pid 5083] mkdir("./file0", 0777) = 0
[ 59.583892][ T5083] loop0: detected capacity change from 0 to 32768
[ 59.596907][ T5083] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 59.605344][ T5083] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 59.618732][ T5083] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[ 59.628753][ T1114] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 59.635653][ T1114] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 59.696876][ T1114] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 61ms
[ 59.705048][ T1114] gfs2: fsid=syz:syz.0: jid=0: Done
[ 59.710373][ T5083] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5083] mount("/dev/loop0", "./file0", "gfs2", 0, "") = 0
[pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5083] chdir("./file0") = 0
[pid 5083] ioctl(4, LOOP_CLR_FD) = 0
[pid 5083] close(4) = 0
[pid 5083] exit_group(1) = ?
[ 59.953346][ T5083] gfs2: fsid=syz:syz.0: found 2 quota changes
[ 59.983668][ T5083] gfs2: fsid=syz:syz.0: original: gfs2_quota_sync+0x2e6/0x660
[ 59.991482][ T5083] gfs2: fsid=syz:syz.0: pid: 5083
[ 59.996662][ T5083] gfs2: fsid=syz:syz.0: lock type: 8 req lock state : 1
[ 60.003622][ T5083] gfs2: fsid=syz:syz.0: new: gfs2_quota_sync+0x2e6/0x660
[ 60.011329][ T5083] gfs2: fsid=syz:syz.0: pid: 5083
[ 60.016466][ T5083] gfs2: fsid=syz:syz.0: lock type: 8 req lock state : 1
[ 60.023437][ T5083] gfs2: fsid=syz:syz.0: G: s:EX n:8/1 f:qb t:EX d:EX/0 a:0 v:0 r:5 m:20 p:0
[ 60.032300][ T5083] gfs2: fsid=syz:syz.0: H: s:EX f:cH e:0 p:5083 [syz-executor561] gfs2_quota_sync+0x2e6/0x660
[ 60.043600][ T5083] ------------[ cut here ]------------
[ 60.049140][ T5083] kernel BUG at fs/gfs2/glock.c:1531!
[ 60.054580][ T5083] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 60.060809][ T5083] CPU: 0 PID: 5083 Comm: syz-executor561 Not tainted 6.2.0-rc2-next-20230105-syzkaller #0
[ 60.070691][ T5083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
[ 60.080755][ T5083] RIP: 0010:gfs2_glock_nq.cold+0x2cf/0x350
[ 60.086558][ T5083] Code: 8e 9c 00 00 00 8b 53 18 44 89 e9 4c 89 e6 48 c7 c7 e0 c0 97 8a e8 c0 d1 f2 ff 48 8b 34 24 ba 01 00 00 00 31 ff e8 39 f3 c1 f9 <0f> 0b e8 42 bd 04 f8 4c 8b 4c 24 18 4c 8b 44 24 10 e9 5c fd ff ff
[ 60.106154][ T5083] RSP: 0018:ffffc90003bcf968 EFLAGS: 00010286
[ 60.112209][ T5083] RAX: 0000000000000000 RBX: ffff888075d25c20 RCX: 0000000000000000
[ 60.120169][ T5083] RDX: ffff888029961d40 RSI: ffffffff838ce337 RDI: ffffffff8a97f810
[ 60.128134][ T5083] RBP: ffff88801dd04438 R08: 0000000000000001 R09: 0000000000000000
[ 60.136119][ T5083] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88802a21d270
[ 60.144090][ T5083] R13: 0000000000000001 R14: ffff88801dd04400 R15: ffff888075d25ca0
[ 60.152135][ T5083] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 60.161054][ T5083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.167633][ T5083] CR2: 00007fb010e90140 CR3: 000000000c48e000 CR4: 00000000003506f0
[ 60.175603][ T5083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.183561][ T5083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.191523][ T5083] Call Trace:
[ 60.194790][ T5083] <TASK>
[ 60.197711][ T5083] ? __gfs2_holder_init+0x18b/0x2f0
[ 60.202907][ T5083] do_sync+0x4b9/0xcf0
[ 60.206969][ T5083] ? gfs2_qa_put+0x160/0x160
[ 60.211638][ T5083] ? gfs2_quota_sync+0x3f5/0x660
[ 60.216579][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 60.221435][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 60.226461][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 60.231405][ T5083] gfs2_quota_sync+0x2e6/0x660
[ 60.236169][ T5083] gfs2_sync_fs+0x44/0xb0
[ 60.240495][ T5083] ? rgrp_unlock_local+0x20/0x20
[ 60.245423][ T5083] sync_filesystem.part.0+0x75/0x1d0
[ 60.250704][ T5083] sync_filesystem+0x8f/0xc0
[ 60.255289][ T5083] generic_shutdown_super+0x74/0x410
[ 60.260569][ T5083] kill_block_super+0x9b/0xf0
[ 60.265264][ T5083] gfs2_kill_sb+0x108/0x170
[ 60.269756][ T5083] deactivate_locked_super+0x98/0x160
[ 60.275393][ T5083] deactivate_super+0xb1/0xd0
[ 60.280064][ T5083] cleanup_mnt+0x2ae/0x3d0
[ 60.284674][ T5083] task_work_run+0x16f/0x270
[ 60.289259][ T5083] ? task_work_cancel+0x30/0x30
[ 60.294103][ T5083] do_exit+0xb17/0x2a90
[ 60.298259][ T5083] ? lock_downgrade+0x6e0/0x6e0
[ 60.303113][ T5083] ? do_raw_spin_lock+0x124/0x2b0
[ 60.308135][ T5083] ? mm_update_next_owner+0x7b0/0x7b0
[ 60.313517][ T5083] ? rwlock_bug.part.0+0x90/0x90
[ 60.318461][ T5083] ? _raw_spin_unlock_irq+0x23/0x50
[ 60.323676][ T5083] do_group_exit+0xd4/0x2a0
[ 60.328182][ T5083] __x64_sys_exit_group+0x3e/0x50
[ 60.333208][ T5083] do_syscall_64+0x39/0xb0
[ 60.337624][ T5083] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 60.343508][ T5083] RIP: 0033:0x7fb010e09999
[ 60.347910][ T5083] Code: Unable to access opcode bytes at 0x7fb010e0996f.
[ 60.354925][ T5083] RSP: 002b:00007ffdb858bf38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 60.363349][ T5083] RAX: ffffffffffffffda RBX: 00007fb010e92330 RCX: 00007fb010e09999
[ 60.371317][ T5083] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 60.379376][ T5083] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 00000000000134ba
[ 60.387367][ T5083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb010e92330
[ 60.395326][ T5083] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 60.403287][ T5083] </TASK>
[ 60.406320][ T5083] Modules linked in:
[ 60.410357][ T5083] ---[ end trace 0000000000000000 ]---
[ 60.415862][ T5083] RIP: 0010:gfs2_glock_nq.cold+0x2cf/0x350
[ 60.421692][ T5083] Code: 8e 9c 00 00 00 8b 53 18 44 89 e9 4c 89 e6 48 c7 c7 e0 c0 97 8a e8 c0 d1 f2 ff 48 8b 34 24 ba 01 00 00 00 31 ff e8 39 f3 c1 f9 <0f> 0b e8 42 bd 04 f8 4c 8b 4c 24 18 4c 8b 44 24 10 e9 5c fd ff ff
[ 60.441435][ T5083] RSP: 0018:ffffc90003bcf968 EFLAGS: 00010286
[ 60.447551][ T5083] RAX: 0000000000000000 RBX: ffff888075d25c20 RCX: 0000000000000000
[ 60.455588][ T5083] RDX: ffff888029961d40 RSI: ffffffff838ce337 RDI: ffffffff8a97f810
[ 60.463568][ T5083] RBP: ffff88801dd04438 R08: 0000000000000001 R09: 0000000000000000
[ 60.471583][ T5083] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88802a21d270
[ 60.479616][ T5083] R13: 0000000000000001 R14: ffff88801dd04400 R15: ffff888075d25ca0
[ 60.487619][ T5083] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 60.496589][ T5083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 60.503168][ T5083] CR2: 00007fb010e90140 CR3: 000000000c48e000 CR4: 00000000003506f0
[ 60.511169][ T5083] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 60.519179][ T5083] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 60.527186][ T5083] Kernel panic - not syncing: Fatal exception
[ 60.533427][ T5083] Kernel Offset: disabled
[ 60.537744][ T5083] Rebooting in 86400 seconds..