./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2452778611 <...> Warning: Permanently added '10.128.10.56' (ECDSA) to the list of known hosts. execve("./syz-executor2452778611", ["./syz-executor2452778611"], 0x7ffe8fe3a8d0 /* 10 vars */) = 0 brk(NULL) = 0x5555570f6000 brk(0x5555570f6c40) = 0x5555570f6c40 arch_prctl(ARCH_SET_FS, 0x5555570f6300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555570f65d0) = 5067 set_robust_list(0x5555570f65e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fd74c6bb4b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fd74c6bbb80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fd74c6bb550, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fd74c6bbb80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2452778611", 4096) = 28 brk(0x555557117c40) = 0x555557117c40 brk(0x555557118000) = 0x555557118000 mprotect(0x7fd74c77e000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 5067 mkdir("./syzkaller.KmgHGn", 0700) = 0 chmod("./syzkaller.KmgHGn", 0777) = 0 chdir("./syzkaller.KmgHGn") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555570f65d0) = 5068 ./strace-static-x86_64: Process 5068 attached [pid 5068] set_robust_list(0x5555570f65e0, 24) = 0 [pid 5068] chdir("./0") = 0 [pid 5068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5068] setpgid(0, 0) = 0 [pid 5068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5068] write(3, "1000", 4) = 4 [pid 5068] close(3) = 0 [pid 5068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5068] futex(0x7fd74c7847ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd74c68a000 [pid 5068] mprotect(0x7fd74c68b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] clone(child_stack=0x7fd74c6aa3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7fd74c6aa700, child_tidptr=0x7fd74c6aa9d0) = 5070 [pid 5068] futex(0x7fd74c7847a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5070 attached ) = 0 [pid 5068] futex(0x7fd74c7847ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] set_robust_list(0x7fd74c6aa9e0, 24) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd74428a000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 4194304) = 4194304 [pid 5070] munmap(0x7fd74428a000, 4194304) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file0", 0777) = 0 [ 51.227896][ T5070] loop0: detected capacity change from 0 to 8192 [ 51.241045][ T5070] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 51.254187][ T5070] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 51.263586][ T5070] REISERFS (device loop0): using ordered data mode [ 51.270131][ T5070] reiserfs: using flush barriers [ 51.276207][ T5070] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 51.293070][ T5070] REISERFS (device loop0): checking transaction log (loop0) [pid 5070] mount("/dev/loop0", "./file0", "reiserfs", MS_NOEXEC|MS_I_VERSION, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7fd74c7847ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7fd74c7847a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fd74c7847a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] futex(0x7fd74c7847ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 0 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_LARGEFILE|O_NOATIME, 000) = 4 [pid 5070] futex(0x7fd74c7847ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fd74c7847a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7fd74c7847ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5070] ftruncate(4, 3608577) = 0 [pid 5070] futex(0x7fd74c7847ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7fd74c7847a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7fd74c7847bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fd744669000 [pid 5068] mprotect(0x7fd74466a000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5068] clone(child_stack=0x7fd7446893f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5072], tls=0x7fd744689700, child_tidptr=0x7fd7446899d0) = 5072 [pid 5068] futex(0x7fd74c7847b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5068] futex(0x7fd74c7847bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x7fd7446899e0, 24) = 0 [pid 5072] mknod("./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 000 [pid 5070] <... futex resumed>) = 1 [pid 5070] openat(AT_FDCWD, ".log", O_WRONLY|O_CREAT|O_TRUNC, 000 [pid 5072] <... mknod resumed>) = 0 [pid 5072] futex(0x7fd74c7847bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [ 51.343376][ T5070] REISERFS (device loop0): Using r5 hash to sort names [ 51.351371][ T5070] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 51.393868][ T5070] REISERFS panic (device loop0): vs-12195 balance_leaf: CFR not initialized [ 51.403151][ T5070] ------------[ cut here ]------------ [ 51.408696][ T5070] kernel BUG at fs/reiserfs/prints.c:390! [ 51.414578][ T5070] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 51.420662][ T5070] CPU: 0 PID: 5070 Comm: syz-executor245 Not tainted 6.2.0-rc2-syzkaller #0 [ 51.429333][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.439394][ T5070] RIP: 0010:__reiserfs_panic+0x12f/0x140 [ 51.445034][ T5070] Code: c0 50 03 8b 48 0f 44 c8 48 0f 44 d8 48 c7 c7 80 51 03 8b 4c 89 fe 48 89 da 4d 89 f0 49 c7 c1 40 46 16 92 31 c0 e8 01 ec 82 08 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 [ 51.464635][ T5070] RSP: 0018:ffffc90003d5e7e0 EFLAGS: 00010246 [ 51.470704][ T5070] RAX: 0000000000000049 RBX: ffffffff8b02e520 RCX: 37780e38b943e200 [ 51.478685][ T5070] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 51.486665][ T5070] RBP: ffffc90003d5e8d0 R08: ffffffff816f2c9d R09: fffff520007abcb5 [ 51.494635][ T5070] R10: fffff520007abcb5 R11: 1ffff920007abcb4 R12: ffffffff8b02e540 [ 51.502613][ T5070] R13: ffffc90003d5e800 R14: ffffffff8cc70ec0 R15: ffff888028b806a8 [ 51.510584][ T5070] FS: 00007fd74c6aa700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 51.519512][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 51.526100][ T5070] CR2: 00007fd744689718 CR3: 0000000079f45000 CR4: 00000000003506f0 [ 51.534064][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [pid 5072] futex(0x7fd74c7847b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] exit_group(0) = ? [ 51.542027][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 51.549999][ T5070] Call Trace: [ 51.553273][ T5070] [ 51.556200][ T5070] ? reiserfs_debug+0x10/0x10 [ 51.560884][ T5070] ? journal_mark_dirty+0x1d1/0xe00 [ 51.566095][ T5070] ? balance_leaf+0x57d9/0x123a0 [ 51.571051][ T5070] balance_leaf+0x109eb/0x123a0 [ 51.575918][ T5070] ? trace_lock_release+0x95/0x220 [ 51.581038][ T5070] ? __lock_acquire+0x1292/0x1f60 [ 51.586055][ T5070] ? do_balance+0x8d0/0x8d0 [pid 5072] <... futex resumed>) = ? [pid 5072] +++ exited with 0 +++ [ 51.590555][ T5070] ? rcu_read_lock_sched_held+0x87/0x110 [ 51.596189][ T5070] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 51.602157][ T5070] ? trace_raw_output_contention_end+0xd0/0xd0 [ 51.608297][ T5070] ? trace_contention_end+0x72/0x1d0 [ 51.613568][ T5070] ? __mutex_lock_common+0x45f/0x26e0 [ 51.619022][ T5070] ? write_boundary_block+0xb0/0xb0 [ 51.624231][ T5070] ? __mutex_unlock_slowpath+0x222/0x770 [ 51.629869][ T5070] ? __might_sleep+0xc0/0xc0 [ 51.634488][ T5070] ? reiserfs_write_lock_nested+0x5b/0xd0 [ 51.640209][ T5070] ? mutex_lock_io_nested+0x60/0x60 [ 51.645400][ T5070] ? get_empty_nodes+0x5a3/0xd00 [ 51.650332][ T5070] ? __wake_up+0x1f0/0x1f0 [ 51.654748][ T5070] ? get_neighbors+0x1020/0x1020 [ 51.659743][ T5070] ? create_virtual_node+0x1f0/0x1b70 [ 51.665107][ T5070] ? mutex_lock_nested+0x17/0x20 [ 51.670045][ T5070] ? reiserfs_write_lock_nested+0x5b/0xd0 [ 51.675767][ T5070] ? reiserfs_prepare_for_journal+0x239/0x250 [ 51.681822][ T5070] ? fix_nodes+0x73e4/0x8560 [ 51.686407][ T5070] do_balance+0x2d6/0x8d0 [ 51.690738][ T5070] ? get_right_neighbor_position+0x200/0x200 [ 51.696707][ T5070] ? print_irqtrace_events+0x220/0x220 [ 51.702153][ T5070] ? reiserfs_insert_item+0x67b/0xcb0 [ 51.707511][ T5070] reiserfs_insert_item+0xb54/0xcb0 [ 51.712700][ T5070] ? reiserfs_paste_into_item+0x880/0x880 [ 51.718447][ T5070] ? do_raw_spin_unlock+0x134/0x8a0 [ 51.723676][ T5070] ? lockdep_unregister_key+0x5b0/0x5b0 [ 51.729306][ T5070] ? _raw_spin_unlock+0x24/0x40 [ 51.734212][ T5070] ? inode_get_bytes+0x71/0xa0 [ 51.738987][ T5070] ? inode2sd+0x5a4/0xb60 [ 51.743309][ T5070] reiserfs_new_inode+0x11c7/0x1cd0 [ 51.748498][ T5070] ? reiserfs_write_inode+0x2a0/0x2a0 [ 51.753867][ T5070] ? do_journal_begin_r+0xe10/0x1070 [ 51.759169][ T5070] ? journal_begin+0x1f1/0x350 [ 51.763917][ T5070] reiserfs_create+0x3a6/0x660 [ 51.768677][ T5070] ? reiserfs_lookup+0x490/0x490 [ 51.773615][ T5070] ? inode_permission+0xf5/0x450 [ 51.778543][ T5070] ? bpf_lsm_inode_create+0x5/0x10 [ 51.783644][ T5070] ? security_inode_create+0xdd/0x120 [ 51.789011][ T5070] ? reiserfs_lookup+0x490/0x490 [ 51.793935][ T5070] path_openat+0x12ac/0x2dd0 [ 51.798521][ T5070] ? do_filp_open+0x4f0/0x4f0 [ 51.803281][ T5070] do_filp_open+0x264/0x4f0 [ 51.808224][ T5070] ? vfs_tmpfile+0x490/0x490 [ 51.812943][ T5070] ? do_raw_spin_unlock+0x134/0x8a0 [ 51.818413][ T5070] ? _raw_spin_unlock+0x24/0x40 [ 51.823345][ T5070] ? alloc_fd+0x5a7/0x640 [ 51.827681][ T5070] do_sys_openat2+0x124/0x4e0 [ 51.832367][ T5070] ? print_irqtrace_events+0x220/0x220 [ 51.837820][ T5070] ? ptrace_stop+0x74d/0x970 [ 51.842412][ T5070] ? do_sys_open+0x220/0x220 [ 51.847012][ T5070] ? lockdep_hardirqs_on+0x8d/0x130 [ 51.852223][ T5070] ? _raw_spin_unlock_irq+0x2a/0x40 [ 51.857423][ T5070] ? ptrace_notify+0x245/0x340 [ 51.862193][ T5070] __x64_sys_openat+0x243/0x290 [ 51.867043][ T5070] ? __ia32_sys_open+0x270/0x270 [ 51.871977][ T5070] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 51.878042][ T5070] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 51.884189][ T5070] do_syscall_64+0x3d/0xb0 [ 51.888598][ T5070] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.894492][ T5070] RIP: 0033:0x7fd74c6fe559 [ 51.898904][ T5070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 51.918586][ T5070] RSP: 002b:00007fd74c6aa2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 51.926993][ T5070] RAX: ffffffffffffffda RBX: 00007fd74c7847a0 RCX: 00007fd74c6fe559 [ 51.934964][ T5070] RDX: 0000000000000241 RSI: 0000000020000000 RDI: 00000000ffffff9c [ 51.942932][ T5070] RBP: 00007fd74c7512b0 R08: 0000000000000000 R09: 0000000000000000 [ 51.950896][ T5070] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd74c7511b8 [ 51.958858][ T5070] R13: 0030656c69662f2e R14: 7366726573696572 R15: 00007fd74c7847a8 [ 51.966825][ T5070] [ 51.969833][ T5070] Modules linked in: [ 51.974340][ T5070] ---[ end trace 0000000000000000 ]--- [ 51.979858][ T5070] RIP: 0010:__reiserfs_panic+0x12f/0x140 [ 51.985507][ T5070] Code: c0 50 03 8b 48 0f 44 c8 48 0f 44 d8 48 c7 c7 80 51 03 8b 4c 89 fe 48 89 da 4d 89 f0 49 c7 c1 40 46 16 92 31 c0 e8 01 ec 82 08 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 [ 52.005292][ T5070] RSP: 0018:ffffc90003d5e7e0 EFLAGS: 00010246 [ 52.011492][ T5070] RAX: 0000000000000049 RBX: ffffffff8b02e520 RCX: 37780e38b943e200 [ 52.019644][ T5070] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 52.027807][ T5070] RBP: ffffc90003d5e8d0 R08: ffffffff816f2c9d R09: fffff520007abcb5 [ 52.036561][ T5070] R10: fffff520007abcb5 R11: 1ffff920007abcb4 R12: ffffffff8b02e540 [ 52.044578][ T5070] R13: ffffc90003d5e800 R14: ffffffff8cc70ec0 R15: ffff888028b806a8 [ 52.052599][ T5070] FS: 00007fd74c6aa700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 52.061585][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 52.068172][ T5070] CR2: 00007fd744689718 CR3: 0000000079f45000 CR4: 00000000003506f0 [ 52.076239][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 52.084263][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 52.092359][ T5070] Kernel panic - not syncing: Fatal exception [ 52.098593][ T5070] Kernel Offset: disabled [ 52.102914][ T5070] Rebooting in 86400 seconds..