./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2069542119
<...>
Warning: Permanently added '10.128.0.49' (ECDSA) to the list of known hosts.
execve("./syz-executor2069542119", ["./syz-executor2069542119"], 0x7fffa8e9eeb0 /* 10 vars */) = 0
brk(NULL) = 0x555555ee4000
brk(0x555555ee4c40) = 0x555555ee4c40
arch_prctl(ARCH_SET_FS, 0x555555ee4300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor2069542119", 4096) = 28
brk(0x555555f05c40) = 0x555555f05c40
brk(0x555555f06000) = 0x555555f06000
mprotect(0x7f48fb26f000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
unshare(CLONE_NEWPID) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached
, child_tidptr=0x555555ee45d0) = 5078
[pid 5078] mount(NULL, "/sys/fs/fuse/connections", "fusectl", 0, NULL) = -1 EBUSY (Device or resource busy)
[pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5078] setsid() = 1
[pid 5078] prlimit64(0, RLIMIT_AS, {rlim_cur=204800*1024, rlim_max=204800*1024}, NULL) = 0
[pid 5078] prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=32768*1024, rlim_max=32768*1024}, NULL) = 0
[pid 5078] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=139264*1024, rlim_max=139264*1024}, NULL) = 0
[pid 5078] prlimit64(0, RLIMIT_STACK, {rlim_cur=1024*1024, rlim_max=1024*1024}, NULL) = 0
[pid 5078] prlimit64(0, RLIMIT_CORE, {rlim_cur=131072*1024, rlim_max=131072*1024}, NULL) = 0
[pid 5078] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=256, rlim_max=256}, NULL) = 0
[pid 5078] unshare(CLONE_NEWNS) = 0
[pid 5078] mount(NULL, "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
[pid 5078] unshare(CLONE_NEWIPC) = 0
[pid 5078] unshare(CLONE_NEWCGROUP) = 0
[pid 5078] unshare(CLONE_NEWUTS) = 0
[pid 5078] unshare(CLONE_SYSVSEM) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "16777216", 8) = 8
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmall", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "536870912", 9) = 9
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/shmmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1024", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmax", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "8192", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmni", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1024", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/msgmnb", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1024", 4) = 4
[pid 5078] close(3) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/kernel/sem", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "1024 1048576 500 1024", 21) = 21
[pid 5078] close(3) = 0
[pid 5078] getpid() = 1
[pid 5078] capget({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PTRACE|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_NICE|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5078] capset({version=_LINUX_CAPABILITY_VERSION_3, pid=1}, {effective=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, permitted=1<<CAP_CHOWN|1<<CAP_DAC_OVERRIDE|1<<CAP_DAC_READ_SEARCH|1<<CAP_FOWNER|1<<CAP_FSETID|1<<CAP_KILL|1<<CAP_SETGID|1<<CAP_SETUID|1<<CAP_SETPCAP|1<<CAP_LINUX_IMMUTABLE|1<<CAP_NET_BIND_SERVICE|1<<CAP_NET_BROADCAST|1<<CAP_NET_ADMIN|1<<CAP_NET_RAW|1<<CAP_IPC_LOCK|1<<CAP_IPC_OWNER|1<<CAP_SYS_MODULE|1<<CAP_SYS_RAWIO|1<<CAP_SYS_CHROOT|1<<CAP_SYS_PACCT|1<<CAP_SYS_ADMIN|1<<CAP_SYS_BOOT|1<<CAP_SYS_RESOURCE|1<<CAP_SYS_TIME|1<<CAP_SYS_TTY_CONFIG|1<<CAP_MKNOD|1<<CAP_LEASE|1<<CAP_AUDIT_WRITE|1<<CAP_AUDIT_CONTROL|1<<CAP_SETFCAP|1<<CAP_MAC_OVERRIDE|1<<CAP_MAC_ADMIN|1<<CAP_SYSLOG|1<<CAP_WAKE_ALARM|1<<CAP_BLOCK_SUSPEND|1<<CAP_AUDIT_READ|1<<CAP_PERFMON|1<<CAP_BPF|1<<CAP_CHECKPOINT_RESTORE, inheritable=0}) = 0
[pid 5078] unshare(CLONE_NEWNET) = 0
[pid 5078] openat(AT_FDCWD, "/proc/sys/net/ipv4/ping_group_range", O_WRONLY|O_CLOEXEC) = 3
[pid 5078] write(3, "0 65535", 7) = 7
[pid 5078] close(3) = 0
[pid 5078] mkdir("/dev/binderfs", 0777) = 0
[pid 5078] mount("binder", "/dev/binderfs", "binder", 0, NULL) = 0
[pid 5078] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5078] memfd_create("syzkaller", 0) = 3
[pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f48f2db3000
[pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 5078] munmap(0x7f48f2db3000, 4194304) = 0
[pid 5078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
syzkaller login: [ 67.440381][ T5078] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5078 'syz-executor206'
[pid 5078] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5078] close(3) = 0
[pid 5078] mkdir("./file0", 0777) = 0
[ 67.493716][ T5078] loop0: detected capacity change from 0 to 8192
[ 67.508037][ T5078] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 67.521266][ T5078] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 67.532367][ T5078] REISERFS (device loop0): using ordered data mode
[ 67.539038][ T5078] reiserfs: using flush barriers
[pid 5078] mount("/dev/loop0", "./file0", "reiserfs", MS_RDONLY|MS_NOEXEC|MS_SYNCHRONOUS|MS_SILENT, "") = 0
[pid 5078] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5078] chdir("./file0") = 0
[pid 5078] ioctl(4, LOOP_CLR_FD) = 0
[pid 5078] close(4) = 0
[pid 5078] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 67.553079][ T5078] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 67.570215][ T5078] REISERFS (device loop0): checking transaction log (loop0)
[ 67.579974][ T5078] REISERFS (device loop0): Using r5 hash to sort names
[ 67.595143][ T5078] reiserfs: enabling write barrier flush mode
[ 67.614446][ T5078] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[ 67.630123][ T5078] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[ 67.641209][ T5078] REISERFS (device loop0): Remounting filesystem read-only
[ 67.649813][ T5078] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data
[ 67.663344][ T5078] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[ 67.678770][ T5078] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[ 67.689533][ T5078] REISERFS error (device loop0): zam-7001 reiserfs_find_entry: io error
[ 67.698126][ T5078] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2
[pid 5078] mount(NULL, ".", 0x200000c0, MS_SYNCHRONOUS|MS_REMOUNT|MS_NODIRATIME|MS_REC|MS_SILENT|MS_SHARED, "") = 0
[pid 5078] openat(AT_FDCWD, ".", O_RDONLY|O_DIRECTORY) = 4
[pid 5078] chdir(".") = 0
[pid 5078] exit_group(1) = ?
[ 67.713581][ T5078] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[ 67.724155][ T5078] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data
[ 67.737902][ T5078] REISERFS warning (device loop0): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount.
[ 67.769049][ T5078] ------------[ cut here ]------------
[ 67.774671][ T5078] kernel BUG at fs/reiserfs/journal.c:1916!
[ 67.780972][ T5078] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 67.787099][ T5078] CPU: 1 PID: 5078 Comm: syz-executor206 Not tainted 6.2.0-rc7-next-20230208-syzkaller #0
[ 67.796992][ T5078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 67.807074][ T5078] RIP: 0010:journal_release+0x378/0x630
[ 67.812736][ T5078] Code: 02 00 0f 85 6d 02 00 00 48 8b 33 4c 89 f7 e8 6f 70 ff ff be 01 00 00 00 4c 89 f7 e8 82 94 ff ff e9 48 fe ff ff e8 e8 a4 64 ff <0f> 0b e8 e1 a4 64 ff ba 38 00 00 00 31 f6 4c 8d 74 24 20 4c 89 f7
[ 67.832359][ T5078] RSP: 0018:ffffc90003d3fae8 EFLAGS: 00010293
[ 67.838453][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 67.846626][ T5078] RDX: ffff888024e1ba80 RSI: ffffffff821fc8f8 RDI: 0000000000000005
[ 67.854713][ T5078] RBP: ffff888146846000 R08: 0000000000000005 R09: 0000000000000000
[ 67.862784][ T5078] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920007a7f5d
[ 67.870788][ T5078] R13: ffff888146846678 R14: ffffc90003d3fbe0 R15: ffffc90003dae000
[ 67.878795][ T5078] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 67.887771][ T5078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 67.894389][ T5078] CR2: 00007f48fb273140 CR3: 000000000c56f000 CR4: 00000000003506e0
[ 67.902401][ T5078] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 67.910416][ T5078] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 67.918417][ T5078] Call Trace:
[ 67.921733][ T5078] <TASK>
[ 67.924809][ T5078] ? reiserfs_end_persistent_transaction+0x1b0/0x1b0
[ 67.931568][ T5078] ? do_raw_spin_unlock+0x175/0x230
[ 67.936841][ T5078] reiserfs_put_super+0xe4/0x5c0
[ 67.941831][ T5078] ? reiserfs_quota_read+0x4f0/0x4f0
[ 67.947240][ T5078] ? sync_blockdev+0x73/0x90
[ 67.951901][ T5078] ? reiserfs_quota_read+0x4f0/0x4f0
[ 67.957238][ T5078] generic_shutdown_super+0x158/0x480
[ 67.962821][ T5078] kill_block_super+0x9b/0xf0
[ 67.967551][ T5078] deactivate_locked_super+0x98/0x160
[ 67.973063][ T5078] deactivate_super+0xb1/0xd0
[ 67.977805][ T5078] cleanup_mnt+0x2ae/0x3d0
[ 67.982274][ T5078] task_work_run+0x16f/0x270
[ 67.986944][ T5078] ? task_work_cancel+0x30/0x30
[ 67.991867][ T5078] do_exit+0xb42/0x2b60
[ 67.996067][ T5078] ? mm_update_next_owner+0x7b0/0x7b0
[ 68.001489][ T5078] ? _raw_spin_unlock_irq+0x23/0x50
[ 68.006746][ T5078] do_group_exit+0xd4/0x2a0
[ 68.011291][ T5078] __x64_sys_exit_group+0x3e/0x50
[ 68.016825][ T5078] do_syscall_64+0x39/0xb0
[ 68.021315][ T5078] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 68.027263][ T5078] RIP: 0033:0x7f48fb1feb59
[ 68.031713][ T5078] Code: Unable to access opcode bytes at 0x7f48fb1feb2f.
[ 68.038751][ T5078] RSP: 002b:00007ffc44a8b588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 68.047463][ T5078] RAX: ffffffffffffffda RBX: 00007f48fb275330 RCX: 00007f48fb1feb59
[ 68.055465][ T5078] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001
[ 68.063471][ T5078] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000
[ 68.071469][ T5078] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f48fb275330
[ 68.079477][ T5078] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001
[ 68.087498][ T5078] </TASK>
[ 68.090631][ T5078] Modules linked in:
[ 68.094837][ T5078] ---[ end trace 0000000000000000 ]---
[ 68.100357][ T5078] RIP: 0010:journal_release+0x378/0x630
[ 68.106062][ T5078] Code: 02 00 0f 85 6d 02 00 00 48 8b 33 4c 89 f7 e8 6f 70 ff ff be 01 00 00 00 4c 89 f7 e8 82 94 ff ff e9 48 fe ff ff e8 e8 a4 64 ff <0f> 0b e8 e1 a4 64 ff ba 38 00 00 00 31 f6 4c 8d 74 24 20 4c 89 f7
[ 68.126513][ T5078] RSP: 0018:ffffc90003d3fae8 EFLAGS: 00010293
[ 68.132687][ T5078] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 68.140760][ T5078] RDX: ffff888024e1ba80 RSI: ffffffff821fc8f8 RDI: 0000000000000005
[ 68.148802][ T5078] RBP: ffff888146846000 R08: 0000000000000005 R09: 0000000000000000
[ 68.156881][ T5078] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff920007a7f5d
[ 68.165066][ T5078] R13: ffff888146846678 R14: ffffc90003d3fbe0 R15: ffffc90003dae000
[ 68.173062][ T5078] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 68.182080][ T5078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 68.188799][ T5078] CR2: 00007f48fb273140 CR3: 000000000c56f000 CR4: 00000000003506e0
[ 68.196879][ T5078] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 68.205090][ T5078] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 68.213138][ T5078] Kernel panic - not syncing: Fatal exception
[ 68.219428][ T5078] Kernel Offset: disabled
[ 68.223777][ T5078] Rebooting in 86400 seconds..