./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1108036820
<...>
[ 102.826708][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts.
execve("./syz-executor1108036820", ["./syz-executor1108036820"], 0x7ffd0a5be0f0 /* 10 vars */) = 0
brk(NULL) = 0x5555565a2000
brk(0x5555565a2d00) = 0x5555565a2d00
arch_prctl(ARCH_SET_FS, 0x5555565a2380) = 0
set_tid_address(0x5555565a2650) = 5035
set_robust_list(0x5555565a2660, 24) = 0
rseq(0x5555565a2ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1108036820", 4096) = 28
getrandom("\xdf\xa1\x87\x78\xd9\xe5\x2a\x80", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x5555565a2d00
brk(0x5555565c3d00) = 0x5555565c3d00
brk(0x5555565c4000) = 0x5555565c4000
mprotect(0x7f34724a1000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
mkdir("./syzkaller.EPeBBS", 0700) = 0
chmod("./syzkaller.EPeBBS", 0777) = 0
chdir("./syzkaller.EPeBBS") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555565a2650) = 5036
./strace-static-x86_64: Process 5036 attached
[pid 5036] set_robust_list(0x5555565a2660, 24) = 0
[ 107.520422][ T27] audit: type=1400 audit(1695692454.001:87): avc: denied { execmem } for pid=5035 comm="syz-executor110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[pid 5036] chdir("./0") = 0
[pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5036] setpgid(0, 0) = 0
[pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5036] write(3, "1000", 4) = 4
[pid 5036] close(3) = 0
[pid 5036] symlink("/dev/binderfs", "./binderfs") = 0
[ 107.548409][ T27] audit: type=1400 audit(1695692454.011:88): avc: denied { read write } for pid=5035 comm="syz-executor110" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 107.580347][ T27] audit: type=1400 audit(1695692454.021:89): avc: denied { open } for pid=5035 comm="syz-executor110" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 107.604761][ T5036] syz-executor110[5036]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[pid 5036] memfd_create("syzkaller", 0) = 3
[pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3469fcf000
[ 107.607663][ T27] audit: type=1400 audit(1695692454.021:90): avc: denied { ioctl } for pid=5035 comm="syz-executor110" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 5036] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5036] munmap(0x7f3469fcf000, 16777216) = 0
[pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5036] close(3) = 0
[pid 5036] mkdir("./file0", 0777) = 0
[ 108.095704][ T5036] loop0: detected capacity change from 0 to 32768
[ 108.107480][ T27] audit: type=1400 audit(1695692454.591:91): avc: denied { mounton } for pid=5036 comm="syz-executor110" path="/root/syzkaller.EPeBBS/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 108.120647][ T5036] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 108.142156][ T5036] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 108.166017][ T5036] gfs2: fsid=syz:syz.0: journal 0 mapped with 4 extents in 0ms
[ 108.178057][ T7] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[ 108.185987][ T7] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[ 108.303868][ T7] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 117ms
[ 108.316290][ T7] gfs2: fsid=syz:syz.0: jid=0: Done
[ 108.322226][ T5036] gfs2: fsid=syz:syz.0: first mount done, others may mount
[pid 5036] mount("/dev/loop0", "./file0", "gfs2", 0, "lockproto=lock_nolock,") = 0
[pid 5036] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5036] chdir("./file0") = 0
[pid 5036] ioctl(4, LOOP_CLR_FD) = 0
[pid 5036] close(4) = 0
[pid 5036] exit_group(0) = ?
[pid 5036] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=6 /* 0.06 s */, si_stime=85 /* 0.85 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x5555565a36f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 108.729119][ T5036] gfs2: fsid=syz:syz.0: found 1 quota changes
[ 108.747164][ T27] audit: type=1400 audit(1695692455.231:92): avc: denied { mount } for pid=5036 comm="syz-executor110" name="/" dev="loop0" ino=4674 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 108.792438][ T27] audit: type=1400 audit(1695692455.271:93): avc: denied { unmount } for pid=5035 comm="syz-executor110" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 108.842863][ T5035] syz-executor110: attempt to access beyond end of device
[ 108.842863][ T5035] loop0: rw=1, sector=131324, nr_sectors = 4 limit=32768
[ 108.858028][ T5035] gfs2: fsid=syz:syz.0: Error 10 writing to journal, jid=0
[ 108.867226][ T5035] gfs2: fsid=syz:syz.0: fatal: I/O error(s)
[ 108.873574][ T5035] gfs2: fsid=syz:syz.0: about to withdraw this file system
[ 108.881752][ T5035] BUG: sleeping function called from invalid context at fs/gfs2/util.c:157
[ 108.891087][ T5035] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 5035, name: syz-executor110
[ 108.901705][ T5035] preempt_count: 1, expected: 0
[ 108.906974][ T5035] RCU nest depth: 0, expected: 0
[ 108.912085][ T5035] 5 locks held by syz-executor110/5035:
[ 108.917978][ T5035] #0: ffff888078fe40e0 (&type->s_umount_key#61){+.+.}-{3:3}, at: deactivate_super+0xd6/0x100
[ 108.929308][ T5035] #1: ffff88802b5a4b78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x19e/0x630
[ 108.940323][ T5035] #2: ffff88802b5a5060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xe4/0x27f0
[ 108.951790][ T5035] #3: ffff88802b5a4e88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x60/0x90
[ 108.962538][ T5035] #4: ffff88802b5a5248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0xc38/0x1280
[ 108.972937][ T5035] Preemption disabled at:
[ 108.972955][ T5035] [<0000000000000000>] 0x0
[ 108.982091][ T5035] CPU: 1 PID: 5035 Comm: syz-executor110 Not tainted 6.6.0-rc3-syzkaller #0
[ 108.991072][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 109.001702][ T5035] Call Trace:
[ 109.005465][ T5035]
[ 109.008528][ T5035] dump_stack_lvl+0x125/0x1b0
[ 109.013258][ T5035] __might_resched+0x3c3/0x5e0
[ 109.018087][ T5035] ? preempt_count_sub+0x150/0x150
[ 109.023333][ T5035] gfs2_withdraw+0xc7d/0x1280
[ 109.028553][ T5035] ? gfs2_lm+0x210/0x210
[ 109.033472][ T5035] ? gfs2_ail1_empty+0x84d/0xab0
[ 109.038594][ T5035] ? do_raw_spin_lock+0x12e/0x2b0
[ 109.044139][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.048636][ T5035] gfs2_ail1_empty+0x8cc/0xab0
[ 109.054429][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.058806][ T5035] ? buf_lo_before_commit+0xa4/0xe0
[ 109.064250][ T5035] ? gfs2_log_write_page+0x3c0/0x3c0
[ 109.070251][ T5035] gfs2_flush_revokes+0x6b/0x90
[ 109.075773][ T5035] revoke_lo_before_commit+0x22/0x640
[ 109.083307][ T5035] ? do_raw_spin_unlock+0x173/0x230
[ 109.090148][ T5035] ? gfs2_log_write_page+0x3c0/0x3c0
[ 109.095953][ T5035] gfs2_log_flush+0x105e/0x27f0
[ 109.101146][ T5035] ? gfs2_ail_drain+0x6b0/0x6b0
[ 109.106663][ T5035] ? lockdep_hardirqs_on+0x7d/0x100
[ 109.112095][ T5035] do_sync+0x550/0xd30
[ 109.116378][ T5035] ? do_qc+0x680/0x680
[ 109.120480][ T5035] ? gfs2_quota_sync+0x4ad/0x630
[ 109.125641][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.130028][ T5035] gfs2_quota_sync+0x419/0x630
[ 109.134920][ T5035] gfs2_sync_fs+0x44/0xb0
[ 109.139309][ T5035] ? rgrp_unlock_local+0x20/0x20
[ 109.145431][ T5035] sync_filesystem+0x109/0x280
[ 109.150919][ T5035] generic_shutdown_super+0x7e/0x3c0
[ 109.156525][ T5035] kill_block_super+0x3b/0x70
[ 109.161869][ T5035] gfs2_kill_sb+0x361/0x410
[ 109.166606][ T5035] deactivate_locked_super+0x9a/0x170
[ 109.172475][ T5035] deactivate_super+0xde/0x100
[ 109.178433][ T5035] cleanup_mnt+0x222/0x3d0
[ 109.184400][ T5035] task_work_run+0x14d/0x240
[ 109.189128][ T5035] ? task_work_cancel+0x30/0x30
[ 109.194037][ T5035] ptrace_notify+0x10c/0x130
[ 109.198743][ T5035] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 109.205112][ T5035] syscall_exit_to_user_mode+0xd/0x60
[ 109.210997][ T5035] do_syscall_64+0x44/0xb0
[ 109.215560][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 109.221582][ T5035] RIP: 0033:0x7f347240f307
[ 109.226281][ T5035] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 109.246747][ T5035] RSP: 002b:00007ffdb4a6a238 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 109.256146][ T5035] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f347240f307
[ 109.267128][ T5035] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdb4a6a2f0
[ 109.276467][ T5035] RBP: 00007ffdb4a6a2f0 R08: 0000000000000000 R09: 0000000000000000
[ 109.284815][ T5035] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffdb4a6b350
[ 109.293076][ T5035] R13: 00005555565a36c0 R14: 0000000000000001 R15: 431bde82d7b634db
[ 109.301081][ T5035]
[ 109.305654][ T5035] BUG: scheduling while atomic: syz-executor110/5035/0x00000002
[ 109.314460][ T5035] 5 locks held by syz-executor110/5035:
[ 109.320306][ T5035] #0: ffff888078fe40e0 (&type->s_umount_key#61){+.+.}-{3:3}, at: deactivate_super+0xd6/0x100
[ 109.330961][ T5035] #1: ffff88802b5a4b78 (&sdp->sd_quota_sync_mutex){+.+.}-{3:3}, at: gfs2_quota_sync+0x19e/0x630
[ 109.341932][ T5035] #2: ffff88802b5a5060 (&sdp->sd_log_flush_lock){++++}-{3:3}, at: gfs2_log_flush+0xe4/0x27f0
[ 109.352667][ T5035] #3: ffff88802b5a4e88 (&sdp->sd_log_lock){+.+.}-{2:2}, at: gfs2_flush_revokes+0x60/0x90
[ 109.363029][ T5035] #4: ffff88802b5a5248 (&sdp->sd_freeze_mutex){+.+.}-{3:3}, at: gfs2_withdraw+0xc38/0x1280
[ 109.373403][ T5035] Modules linked in:
[ 109.377550][ T5035] Preemption disabled at:
[ 109.377566][ T5035] [<0000000000000000>] 0x0
[ 109.386492][ T5035] Kernel panic - not syncing: scheduling while atomic: panic_on_warn set ...
[ 109.395365][ T5035] CPU: 1 PID: 5035 Comm: syz-executor110 Tainted: G W 6.6.0-rc3-syzkaller #0
[ 109.405944][ T5035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
[ 109.416186][ T5035] Call Trace:
[ 109.419486][ T5035]
[ 109.422516][ T5035] dump_stack_lvl+0xd9/0x1b0
[ 109.427249][ T5035] panic+0x6a6/0x750
[ 109.431195][ T5035] ? panic_smp_self_stop+0xa0/0xa0
[ 109.436442][ T5035] ? syslog_print_all+0x3f0/0x3f0
[ 109.441522][ T5035] ? __module_text_address+0x140/0x140
[ 109.447019][ T5035] check_panic_on_warn+0xab/0xb0
[ 109.452002][ T5035] __schedule_bug+0x11e/0x170
[ 109.456753][ T5035] __schedule+0x3be2/0x5a10
[ 109.461306][ T5035] ? lockdep_hardirqs_on+0x7d/0x100
[ 109.466549][ T5035] ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 109.472393][ T5035] ? io_schedule_timeout+0x150/0x150
[ 109.477727][ T5035] ? timer_fixup_activate+0x2b0/0x2b0
[ 109.483172][ T5035] ? mark_held_locks+0x9f/0xe0
[ 109.487995][ T5035] schedule+0xe7/0x1b0
[ 109.492128][ T5035] schedule_timeout+0x157/0x2c0
[ 109.497130][ T5035] ? usleep_range_state+0x1a0/0x1a0
[ 109.502474][ T5035] ? destroy_timer_on_stack+0x20/0x20
[ 109.507885][ T5035] ? _raw_spin_unlock_irqrestore+0x3b/0x70
[ 109.513722][ T5035] ? prepare_to_wait_event+0xce/0x690
[ 109.519149][ T5035] gfs2_withdraw+0xed5/0x1280
[ 109.523873][ T5035] ? gfs2_lm+0x210/0x210
[ 109.528239][ T5035] ? gfs2_ail1_empty+0x84d/0xab0
[ 109.533221][ T5035] ? cpuacct_percpu_seq_show+0x10/0x10
[ 109.538720][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.543267][ T5035] gfs2_ail1_empty+0x8cc/0xab0
[ 109.548249][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.552613][ T5035] ? buf_lo_before_commit+0xa4/0xe0
[ 109.557853][ T5035] ? gfs2_log_write_page+0x3c0/0x3c0
[ 109.563177][ T5035] gfs2_flush_revokes+0x6b/0x90
[ 109.568066][ T5035] revoke_lo_before_commit+0x22/0x640
[ 109.573485][ T5035] ? do_raw_spin_unlock+0x173/0x230
[ 109.578723][ T5035] ? gfs2_log_write_page+0x3c0/0x3c0
[ 109.584347][ T5035] gfs2_log_flush+0x105e/0x27f0
[ 109.589363][ T5035] ? gfs2_ail_drain+0x6b0/0x6b0
[ 109.594269][ T5035] ? lockdep_hardirqs_on+0x7d/0x100
[ 109.600062][ T5035] do_sync+0x550/0xd30
[ 109.604351][ T5035] ? do_qc+0x680/0x680
[ 109.608734][ T5035] ? gfs2_quota_sync+0x4ad/0x630
[ 109.613982][ T5035] ? spin_bug+0x1d0/0x1d0
[ 109.618447][ T5035] gfs2_quota_sync+0x419/0x630
[ 109.623349][ T5035] gfs2_sync_fs+0x44/0xb0
[ 109.627894][ T5035] ? rgrp_unlock_local+0x20/0x20
[ 109.633063][ T5035] sync_filesystem+0x109/0x280
[ 109.637873][ T5035] generic_shutdown_super+0x7e/0x3c0
[ 109.643208][ T5035] kill_block_super+0x3b/0x70
[ 109.648111][ T5035] gfs2_kill_sb+0x361/0x410
[ 109.652736][ T5035] deactivate_locked_super+0x9a/0x170
[ 109.658245][ T5035] deactivate_super+0xde/0x100
[ 109.663060][ T5035] cleanup_mnt+0x222/0x3d0
[ 109.667762][ T5035] task_work_run+0x14d/0x240
[ 109.672481][ T5035] ? task_work_cancel+0x30/0x30
[ 109.677553][ T5035] ptrace_notify+0x10c/0x130
[ 109.682360][ T5035] syscall_exit_to_user_mode_prepare+0x120/0x220
[ 109.689002][ T5035] syscall_exit_to_user_mode+0xd/0x60
[ 109.694458][ T5035] do_syscall_64+0x44/0xb0
[ 109.699086][ T5035] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 109.705238][ T5035] RIP: 0033:0x7f347240f307
[ 109.709731][ T5035] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 109.730066][ T5035] RSP: 002b:00007ffdb4a6a238 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[ 109.738885][ T5035] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f347240f307
[ 109.747180][ T5035] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffdb4a6a2f0
[ 109.755174][ T5035] RBP: 00007ffdb4a6a2f0 R08: 0000000000000000 R09: 0000000000000000
[ 109.763972][ T5035] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffdb4a6b350
[ 109.772087][ T5035] R13: 00005555565a36c0 R14: 0000000000000001 R15: 431bde82d7b634db
[ 109.780309][ T5035]
[ 109.784406][ T5035] Kernel Offset: disabled
[ 109.789005][ T5035] Rebooting in 86400 seconds..