./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor75684646
<...>
Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts.
execve("./syz-executor75684646", ["./syz-executor75684646"], 0x7ffd295478e0 /* 10 vars */) = 0
brk(NULL) = 0x555555bbb000
brk(0x555555bbbc40) = 0x555555bbbc40
arch_prctl(ARCH_SET_FS, 0x555555bbb300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor75684646", 4096) = 26
brk(0x555555bdcc40) = 0x555555bdcc40
brk(0x555555bdd000) = 0x555555bdd000
mprotect(0x7f7d17c29000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
getpid() = 4991
mkdir("./syzkaller.w2SBfA", 0700) = 0
chmod("./syzkaller.w2SBfA", 0777) = 0
chdir("./syzkaller.w2SBfA") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555bbb5d0) = 4992
./strace-static-x86_64: Process 4992 attached
[pid 4992] chdir("./0") = 0
[pid 4992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4992] setpgid(0, 0) = 0
[pid 4992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4992] write(3, "1000", 4) = 4
[pid 4992] close(3) = 0
[pid 4992] symlink("/dev/binderfs", "./binderfs") = 0
[pid 4992] memfd_create("syzkaller", 0) = 3
[pid 4992] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7d0f76c000
syzkaller login: [ 66.190591][ T4992] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4992 'syz-executor756'
[pid 4992] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304
[pid 4992] munmap(0x7f7d0f76c000, 4194304) = 0
[pid 4992] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4992] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4992] close(3) = 0
[pid 4992] mkdir("./file0", 0777) = 0
[ 66.258630][ T4992] loop0: detected capacity change from 0 to 8192
[ 66.271218][ T4992] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 66.284346][ T4992] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 66.294046][ T4992] REISERFS (device loop0): using ordered data mode
[ 66.300956][ T4992] reiserfs: using flush barriers
[ 66.307885][ T4992] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 66.324497][ T4992] REISERFS (device loop0): checking transaction log (loop0)
[pid 4992] mount("/dev/loop0", "./file0", "reiserfs", MS_DIRSYNC, "") = 0
[pid 4992] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4992] chdir("./file0") = 0
[pid 4992] ioctl(4, LOOP_CLR_FD) = 0
[pid 4992] close(4) = 0
[pid 4992] mkdir(".", 0777) = -1 EEXIST (File exists)
[ 66.380876][ T4992] REISERFS (device loop0): Using r5 hash to sort names
[ 66.388073][ T4992] REISERFS (device loop0): using 3.5.x disk format
[ 66.395644][ T4992] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[pid 4992] mount(NULL, ".", 0x20000180, MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_DIRSYNC|MS_NOATIME|MS_PRIVATE|MS_RELATIME|MS_I_VERSION|MS_STRICTATIME, "\x14\x27\x0e\x2d\x25\xcc\xcf\xf0\x78\xb9\x14\x0e\x8a\x1e\x19\xf3\xbc\xc3\xbd\x09\x96\x8d\xd1\x91\x1a\xce\xf2\x43\x21\xd7\x64\xd9\xe1\x17\xda\x79\x06\x3a\x62\xe3\xa5\x92\xfb\x42\xf7\xd9\xdd\xb2\x68\x2b\x4c\x2f\xf5\x80\xea\x5f\xa8\xef\xfb\xd5\x3a\xcf\xb0\xf8\x70\xbc\x1e\x49\xd0\x1a\x5b\x7f\xf5\x51\x50\xd2\xbf\x3b\x04\x28\x58\xc5\x32\x5c\x2b\x56\x9b\x32\x0c\xd4\x4e\x49\xe2\x46\xcc\x1e\x41\xf0\x4d\x2e"...) = -1 EINVAL (Invalid argument)
[pid 4992] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4
[ 66.422220][ T4992] REISERFS warning (device loop0): super-6502 reiserfs_getopt: unknown mount option "�'�-%���x�������ý ��ё���C!�d����y�:b㥒�B��ݲh+L/���_����:ϰ�p��I��[�QPҿ;�(X�2\+V�2��NI�F��A�M.IJ��Z�u�|�o�k�<�yS���wJ��� "
[ 66.447078][ T27] audit: type=1800 audit(1686434342.236:2): pid=4992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor756" name="bus" dev="loop0" ino=2 res=0 errno=0
[ 66.469497][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.483813][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.497920][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.511776][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.525747][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.540173][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.553927][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[pid 4992] ftruncate(4, 33587199) = 0
[ 66.567680][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.584319][ T4992] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 2 0x0 SD] (nlink == 1) not found (pos 0)
[ 66.599818][ T4992] REISERFS warning: reiserfs-5090 is_tree_node: node level 0 does not match to the expected one 1
[ 66.610485][ T4992] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[ 66.621080][ T4992] REISERFS (device loop0): Remounting filesystem read-only
[ 66.628377][ T4992] REISERFS warning: reiserfs-5090 is_tree_node: node level 0 does not match to the expected one 1
[ 66.639046][ T4992] REISERFS error (device loop0): vs-5150 search_by_key: invalid format found in block 531. Fsck?
[ 66.649638][ T4992] REISERFS error (device loop0): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 2 0x0 SD] stat data
[ 66.662977][ T4992] REISERFS warning (device loop0): clm-6006 reiserfs_dirty_inode: writing inode 2 on readonly FS
[pid 4992] ftruncate(4, 32) = 0
[pid 4992] exit_group(0) = ?
[pid 4992] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4992, si_uid=0, si_status=0, si_utime=0, si_stime=38 /* 0.38 s */} ---
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x555555bbc620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 66.708956][ T4991] ------------[ cut here ]------------
[ 66.714519][ T4991] kernel BUG at fs/reiserfs/journal.c:1452!
[ 66.720542][ T4991] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 66.726666][ T4991] CPU: 1 PID: 4991 Comm: syz-executor756 Not tainted 6.4.0-rc5-syzkaller-00245-g64569520920a #0
[ 66.737075][ T4991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 66.747119][ T4991] RIP: 0010:flush_journal_list+0x1c33/0x1c70
[ 66.753119][ T4991] Code: dc 38 85 8c 48 c7 c1 c0 07 fc 8a e8 07 58 fb ff e8 d2 13 59 ff 0f 0b e8 cb 13 59 ff 0f 0b e8 c4 13 59 ff 0f 0b e8 bd 13 59 ff <0f> 0b e8 b6 13 59 ff 0f 0b e8 af 13 59 ff 0f 0b e8 a8 13 59 ff 0f
[ 66.772720][ T4991] RSP: 0018:ffffc900039ff5f0 EFLAGS: 00010293
[ 66.778782][ T4991] RAX: ffffffff82326be3 RBX: 0000000000000001 RCX: ffff888021d43b80
[ 66.786758][ T4991] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 66.794718][ T4991] RBP: 0000000000000000 R08: ffffffff82325675 R09: ffffed100e89fd06
[ 66.802677][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880744fe828
[ 66.810637][ T4991] R13: ffffc90003a930d8 R14: 1ffff1100e89fd05 R15: 1ffff9200075261d
[ 66.818598][ T4991] FS: 0000555555bbb300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 66.827527][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.834112][ T4991] CR2: 0000555555bc4628 CR3: 0000000019345000 CR4: 00000000003506e0
[ 66.842091][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 66.850062][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 66.858032][ T4991] Call Trace:
[ 66.861312][ T4991] <TASK>
[ 66.864242][ T4991] ? __die_body+0x5e/0xa0
[ 66.868581][ T4991] ? die+0x87/0xb0
[ 66.872302][ T4991] ? do_trap+0x11e/0x350
[ 66.876551][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.881924][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.887301][ T4991] ? do_error_trap+0x141/0x1f0
[ 66.892075][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.897450][ T4991] ? do_int3+0x30/0x30
[ 66.901539][ T4991] ? handle_invalid_op+0x2c/0x40
[ 66.906488][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.911863][ T4991] ? exc_invalid_op+0x33/0x50
[ 66.916550][ T4991] ? asm_exc_invalid_op+0x1a/0x20
[ 66.921595][ T4991] ? flush_journal_list+0x6c5/0x1c70
[ 66.926881][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.932257][ T4991] ? flush_journal_list+0x1c33/0x1c70
[ 66.937642][ T4991] flush_journal_list+0xea7/0x1c70
[ 66.942765][ T4991] do_journal_end+0x3170/0x4770
[ 66.947636][ T4991] ? journal_mark_dirty+0xe40/0xe40
[ 66.952838][ T4991] ? trace_contention_end+0x3c/0xf0
[ 66.958049][ T4991] ? journal_mark_dirty+0x22f/0xe40
[ 66.963257][ T4991] do_journal_release+0x47c/0x4d0
[ 66.968284][ T4991] ? journal_release+0x30/0x30
[ 66.973060][ T4991] journal_release+0x1f/0x30
[ 66.977654][ T4991] reiserfs_put_super+0x23b/0x4c0
[ 66.982686][ T4991] ? hook_inode_free_security+0xb0/0xb0
[ 66.988234][ T4991] ? reiserfs_dirty_inode+0x240/0x240
[ 66.993617][ T4991] ? fscrypt_destroy_keyring+0x273/0x290
[ 66.999269][ T4991] ? reiserfs_dirty_inode+0x240/0x240
[ 67.004662][ T4991] generic_shutdown_super+0x134/0x340
[ 67.010049][ T4991] kill_block_super+0x84/0xf0
[ 67.014735][ T4991] deactivate_locked_super+0xa4/0x110
[ 67.020110][ T4991] cleanup_mnt+0x426/0x4c0
[ 67.024540][ T4991] ? _raw_spin_unlock_irq+0x23/0x50
[ 67.029752][ T4991] task_work_run+0x24a/0x300
[ 67.034711][ T4991] ? dput+0x3a1/0x420
[ 67.038700][ T4991] ? task_work_cancel+0x2b0/0x2b0
[ 67.043745][ T4991] ? __x64_sys_umount+0x126/0x170
[ 67.048780][ T4991] ptrace_notify+0x2cd/0x380
[ 67.053375][ T4991] ? do_notify_parent+0xf50/0xf50
[ 67.058404][ T4991] ? user_path_at_empty+0x12f/0x180
[ 67.063700][ T4991] ? __x64_sys_umount+0x126/0x170
[ 67.068728][ T4991] ? path_umount+0xea0/0xea0
[ 67.073323][ T4991] ? syscall_enter_from_user_mode+0x32/0x230
[ 67.079319][ T4991] syscall_exit_to_user_mode+0x157/0x280
[ 67.085134][ T4991] do_syscall_64+0x4d/0xc0
[ 67.089551][ T4991] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 67.095460][ T4991] RIP: 0033:0x7f7d17bbaf57
[ 67.099873][ T4991] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 67.119561][ T4991] RSP: 002b:00007fff15fe9e38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 67.127976][ T4991] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d17bbaf57
[ 67.135949][ T4991] RDX: 00007fff15fe9ef9 RSI: 000000000000000a RDI: 00007fff15fe9ef0
[ 67.143926][ T4991] RBP: 00007fff15fe9ef0 R08: 00000000ffffffff R09: 00007fff15fe9cd0
[ 67.151897][ T4991] R10: 0000555555bbc653 R11: 0000000000000202 R12: 00007fff15feaf60
[ 67.159864][ T4991] R13: 0000555555bbc5f0 R14: 00007fff15fe9e60 R15: 0000000000000001
[ 67.167931][ T4991] </TASK>
[ 67.170959][ T4991] Modules linked in:
[ 67.175277][ T4991] ---[ end trace 0000000000000000 ]---
[ 67.180758][ T4991] RIP: 0010:flush_journal_list+0x1c33/0x1c70
[ 67.186965][ T4991] Code: dc 38 85 8c 48 c7 c1 c0 07 fc 8a e8 07 58 fb ff e8 d2 13 59 ff 0f 0b e8 cb 13 59 ff 0f 0b e8 c4 13 59 ff 0f 0b e8 bd 13 59 ff <0f> 0b e8 b6 13 59 ff 0f 0b e8 af 13 59 ff 0f 0b e8 a8 13 59 ff 0f
[ 67.206932][ T4991] RSP: 0018:ffffc900039ff5f0 EFLAGS: 00010293
[ 67.213019][ T4991] RAX: ffffffff82326be3 RBX: 0000000000000001 RCX: ffff888021d43b80
[ 67.221073][ T4991] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 67.229094][ T4991] RBP: 0000000000000000 R08: ffffffff82325675 R09: ffffed100e89fd06
[ 67.237164][ T4991] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880744fe828
[ 67.245240][ T4991] R13: ffffc90003a930d8 R14: 1ffff1100e89fd05 R15: 1ffff9200075261d
[ 67.253254][ T4991] FS: 0000555555bbb300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 67.262266][ T4991] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 67.268895][ T4991] CR2: 000000000045bd60 CR3: 0000000019345000 CR4: 00000000003506f0
[ 67.276921][ T4991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 67.284916][ T4991] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 67.293141][ T4991] Kernel panic - not syncing: Fatal exception
[ 67.299437][ T4991] Kernel Offset: disabled
[ 67.303766][ T4991] Rebooting in 86400 seconds..