./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3274937833
<...>
Warning: Permanently added '10.128.1.191' (ECDSA) to the list of known hosts.
execve("./syz-executor3274937833", ["./syz-executor3274937833"], 0x7ffe47a12920 /* 10 vars */) = 0
brk(NULL) = 0x55555689b000
brk(0x55555689bc40) = 0x55555689bc40
arch_prctl(ARCH_SET_FS, 0x55555689b300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor3274937833", 4096) = 28
brk(0x5555568bcc40) = 0x5555568bcc40
brk(0x5555568bd000) = 0x5555568bd000
mprotect(0x7fa0ceb47000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5071
mkdir("./syzkaller.go282B", 0700) = 0
chmod("./syzkaller.go282B", 0777) = 0
chdir("./syzkaller.go282B") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555689b5d0) = 5072
./strace-static-x86_64: Process 5072 attached
[pid 5072] chdir("./0") = 0
[pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5072] setpgid(0, 0) = 0
[pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5072] write(3, "1000", 4) = 4
[pid 5072] close(3) = 0
[pid 5072] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5072] memfd_create("syzkaller", 0) = 3
[pid 5072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0c6682000
[ 63.512780][ T5072] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5072 'syz-executor327'
[pid 5072] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5072] munmap(0x7fa0c6682000, 16777216) = 0
[pid 5072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5072] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5072] close(3) = 0
[pid 5072] mkdir("./file0", 0777) = 0
[ 63.712361][ T5072] loop0: detected capacity change from 0 to 32768
[ 63.722471][ T5072] XFS: ikeep mount option is deprecated.
[ 63.735427][ T5072] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5072] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5072] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5072] chdir("./file0") = 0
[pid 5072] ioctl(4, LOOP_CLR_FD) = 0
[pid 5072] close(4) = 0
[pid 5072] open("./file0", O_RDONLY) = 4
[pid 5072] dup2(4, 4) = 4
[pid 5072] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5072] write(5, "7", 1) = 1
[ 63.766153][ T5072] XFS (loop0): Ending clean mount
[ 63.775300][ T5072] XFS (loop0): Quotacheck needed: Please wait.
[ 63.799475][ T5072] XFS (loop0): Quotacheck: Done.
[ 63.819177][ T5072] FAULT_INJECTION: forcing a failure.
[ 63.819177][ T5072] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 63.832743][ T5072] CPU: 0 PID: 5072 Comm: syz-executor327 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 63.843225][ T5072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 63.853318][ T5072] Call Trace:
[ 63.856709][ T5072]
[ 63.859646][ T5072] dump_stack_lvl+0x1e7/0x2d0
[ 63.864355][ T5072] ? nf_tcp_handle_invalid+0x650/0x650
[ 63.869838][ T5072] ? panic+0x770/0x770
[ 63.873938][ T5072] ? __lock_acquire+0x1f80/0x1f80
[ 63.879007][ T5072] should_fail_ex+0x3aa/0x4e0
[ 63.883713][ T5072] _copy_from_user+0x2f/0x170
[ 63.888431][ T5072] do_vfs_ioctl+0x775/0x2b10
[ 63.893064][ T5072] ? __x64_compat_sys_ioctl+0x90/0x90
[ 63.898452][ T5072] ? __lock_acquire+0x1f80/0x1f80
[ 63.903578][ T5072] ? lockdep_hardirqs_on+0x98/0x140
[ 63.908798][ T5072] ? __kmem_cache_free+0x264/0x3c0
[ 63.913962][ T5072] ? tomoyo_path_number_perm+0x663/0x840
[ 63.919610][ T5072] ? tomoyo_path_number_perm+0x6e4/0x840
[ 63.925254][ T5072] ? smack_log+0x123/0x540
[ 63.929704][ T5072] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 63.935175][ T5072] ? smk_access+0x4b0/0x4b0
[ 63.939694][ T5072] ? _raw_spin_lock_irqsave+0x120/0x120
[ 63.945260][ T5072] ? smk_access+0x477/0x4b0
[ 63.949781][ T5072] ? smk_tskacc+0x2ff/0x360
[ 63.954308][ T5072] ? smack_file_ioctl+0x295/0x390
[ 63.959350][ T5072] ? smack_file_alloc_security+0xe0/0xe0
[ 63.965020][ T5072] ? do_notify_parent+0xf50/0xf50
[ 63.970096][ T5072] ? print_irqtrace_events+0x220/0x220
[ 63.975588][ T5072] ? bpf_lsm_file_ioctl+0x9/0x10
[ 63.980556][ T5072] ? security_file_ioctl+0x81/0xa0
[ 63.985691][ T5072] __se_sys_ioctl+0x81/0x160
[ 63.990395][ T5072] do_syscall_64+0x41/0xc0
[ 63.994851][ T5072] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.000773][ T5072] RIP: 0033:0x7fa0ceacfa79
[ 64.005209][ T5072] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.024827][ T5072] RSP: 002b:00007fff69971028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 64.033254][ T5072] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa0ceacfa79
[ 64.041237][ T5072] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 64.049223][ T5072] RBP: 00007fff69971050 R08: 0000000000000001 R09: 00007fff69971060
[ 64.057203][ T5072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[pid 5072] ioctl(4, FS_IOC_FSSETXATTR, {fsx_xflags=0, fsx_extsize=0, fsx_projid=0xfffffffe, fsx_cowextsize=0}) = -1 EFAULT (Bad address)
[pid 5072] exit_group(0) = ?
[pid 5072] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555689c620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 64.065209][ T5072] R13: 00007fff69971090 R14: 00007fff69971070 R15: 0000000000000000
[ 64.073214][ T5072]
[ 64.092473][ T5071] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555568a4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555568a4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555689c620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555689b5d0) = 5082
./strace-static-x86_64: Process 5082 attached
[pid 5082] chdir("./1") = 0
[pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5082] setpgid(0, 0) = 0
[pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5082] write(3, "1000", 4) = 4
[pid 5082] close(3) = 0
[pid 5082] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5082] memfd_create("syzkaller", 0) = 3
[pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0c6682000
[pid 5082] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5082] munmap(0x7fa0c6682000, 16777216) = 0
[pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5082] close(3) = 0
[pid 5082] mkdir("./file0", 0777) = 0
[ 64.412173][ T5082] loop0: detected capacity change from 0 to 32768
[ 64.421519][ T5082] XFS: ikeep mount option is deprecated.
[ 64.431898][ T5082] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5082] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5082] chdir("./file0") = 0
[pid 5082] ioctl(4, LOOP_CLR_FD) = 0
[pid 5082] close(4) = 0
[pid 5082] open("./file0", O_RDONLY) = 4
[pid 5082] dup2(4, 4) = 4
[pid 5082] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5082] write(5, "7", 1) = 1
[ 64.460311][ T5082] XFS (loop0): Ending clean mount
[ 64.469116][ T5082] XFS (loop0): Quotacheck needed: Please wait.
[ 64.487816][ T5082] XFS (loop0): Quotacheck: Done.
[ 64.501508][ T5082] FAULT_INJECTION: forcing a failure.
[ 64.501508][ T5082] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 64.515036][ T5082] CPU: 0 PID: 5082 Comm: syz-executor327 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 64.525501][ T5082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.535674][ T5082] Call Trace:
[ 64.538960][ T5082]
[ 64.541895][ T5082] dump_stack_lvl+0x1e7/0x2d0
[ 64.546602][ T5082] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.552084][ T5082] ? panic+0x770/0x770
[ 64.556164][ T5082] ? __lock_acquire+0x1f80/0x1f80
[ 64.561200][ T5082] should_fail_ex+0x3aa/0x4e0
[ 64.565938][ T5082] _copy_from_user+0x2f/0x170
[ 64.570678][ T5082] do_vfs_ioctl+0x775/0x2b10
[ 64.575307][ T5082] ? __x64_compat_sys_ioctl+0x90/0x90
[ 64.580804][ T5082] ? __lock_acquire+0x1f80/0x1f80
[ 64.585851][ T5082] ? lockdep_hardirqs_on+0x98/0x140
[ 64.591070][ T5082] ? __kmem_cache_free+0x264/0x3c0
[ 64.596219][ T5082] ? tomoyo_path_number_perm+0x663/0x840
[ 64.601886][ T5082] ? tomoyo_path_number_perm+0x6e4/0x840
[ 64.607554][ T5082] ? smack_log+0x123/0x540
[ 64.611994][ T5082] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.617472][ T5082] ? smk_access+0x4b0/0x4b0
[ 64.621992][ T5082] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.627559][ T5082] ? smk_access+0x477/0x4b0
[ 64.632084][ T5082] ? smk_tskacc+0x2ff/0x360
[ 64.636604][ T5082] ? smack_file_ioctl+0x295/0x390
[ 64.641644][ T5082] ? smack_file_alloc_security+0xe0/0xe0
[ 64.647294][ T5082] ? do_notify_parent+0xf50/0xf50
[ 64.652344][ T5082] ? print_irqtrace_events+0x220/0x220
[ 64.657815][ T5082] ? bpf_lsm_file_ioctl+0x9/0x10
[ 64.662785][ T5082] ? security_file_ioctl+0x81/0xa0
[ 64.667932][ T5082] __se_sys_ioctl+0x81/0x160
[ 64.672564][ T5082] do_syscall_64+0x41/0xc0
[ 64.677017][ T5082] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.682939][ T5082] RIP: 0033:0x7fa0ceacfa79
[ 64.687373][ T5082] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[pid 5082] ioctl(4, FS_IOC_FSSETXATTR, {fsx_xflags=0, fsx_extsize=0, fsx_projid=0xfffffffe, fsx_cowextsize=0}) = -1 EFAULT (Bad address)
[pid 5082] exit_group(0) = ?
[pid 5082] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555689c620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 64.707012][ T5082] RSP: 002b:00007fff69971028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 64.715452][ T5082] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa0ceacfa79
[ 64.723439][ T5082] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 64.731436][ T5082] RBP: 00007fff69971050 R08: 0000000000000001 R09: 00007fff69971060
[ 64.739415][ T5082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 64.747388][ T5082] R13: 00007fff69971090 R14: 00007fff69971070 R15: 0000000000000001
[ 64.755381][ T5082]
[ 64.769527][ T5071] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x5555568a4660 /* 2 entries */, 32768) = 48
getdents64(4, 0x5555568a4660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555689c620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555689b5d0) = 5092
./strace-static-x86_64: Process 5092 attached
[pid 5092] chdir("./2") = 0
[pid 5092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5092] setpgid(0, 0) = 0
[pid 5092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5092] write(3, "1000", 4) = 4
[pid 5092] close(3) = 0
[pid 5092] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5092] memfd_create("syzkaller", 0) = 3
[pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa0c6682000
[pid 5092] write(3, "\x58\x46\x53\x42\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc4\x96\xe0\x5e\x54\x0d\x4c\x72\xb5\x91\x04\xd7\x9d\x8b\x4e\xeb\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x11\x40\x00\x00\x00\x00\x00\x00\x11\x41\x00\x00\x00\x00\x00\x00\x11\x42\x00\x00\x00\x01\x00\x00\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x04\x3e"..., 16777216) = 16777216
[pid 5092] munmap(0x7fa0c6682000, 16777216) = 0
[pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5092] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5092] close(3) = 0
[pid 5092] mkdir("./file0", 0777) = 0
[ 65.082536][ T5092] loop0: detected capacity change from 0 to 32768
[ 65.091971][ T5092] XFS: ikeep mount option is deprecated.
[ 65.101886][ T5092] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[pid 5092] mount("/dev/loop0", "./file0", "xfs", MS_SYNCHRONOUS|MS_SILENT, "gqnoenforce,pqnoenforce,ikeep,,nouuid") = 0
[pid 5092] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5092] chdir("./file0") = 0
[pid 5092] ioctl(4, LOOP_CLR_FD) = 0
[pid 5092] close(4) = 0
[pid 5092] open("./file0", O_RDONLY) = 4
[pid 5092] dup2(4, 4) = 4
[pid 5092] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 5
[pid 5092] write(5, "7", 1) = 1
[ 65.130020][ T5092] XFS (loop0): Ending clean mount
[ 65.137324][ T5092] XFS (loop0): Quotacheck needed: Please wait.
[ 65.157360][ T5092] XFS (loop0): Quotacheck: Done.
[ 65.184645][ T5092] FAULT_INJECTION: forcing a failure.
[ 65.184645][ T5092] name failslab, interval 1, probability 0, space 0, times 1
[ 65.198263][ T5092] CPU: 0 PID: 5092 Comm: syz-executor327 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 65.208706][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.218782][ T5092] Call Trace:
[ 65.222069][ T5092]
[ 65.225002][ T5092] dump_stack_lvl+0x1e7/0x2d0
[ 65.229696][ T5092] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.235177][ T5092] ? panic+0x770/0x770
[ 65.239255][ T5092] ? __might_sleep+0xc0/0xc0
[ 65.243877][ T5092] should_fail_ex+0x3aa/0x4e0
[ 65.248570][ T5092] should_failslab+0x9/0x20
[ 65.253081][ T5092] slab_pre_alloc_hook+0x59/0x2b0
[ 65.258126][ T5092] kmem_cache_alloc+0x52/0x2e0
[ 65.262897][ T5092] ? radix_tree_node_alloc+0x8b/0x3b0
[ 65.268267][ T5092] ? __mutex_lock_common+0x42d/0x2530
[ 65.273668][ T5092] radix_tree_node_alloc+0x8b/0x3b0
[ 65.278877][ T5092] radix_tree_extend+0x148/0x5b0
[ 65.283820][ T5092] ? mutex_lock_io_nested+0x60/0x60
[ 65.289035][ T5092] radix_tree_insert+0x15c/0x680
[ 65.293979][ T5092] xfs_qm_dqget_cache_insert+0x37/0x110
[ 65.299537][ T5092] xfs_qm_dqget+0x2b3/0x4e0
[ 65.304052][ T5092] ? xfs_dquot_to_disk+0x600/0x600
[ 65.309174][ T5092] ? rcu_is_watching+0x15/0xb0
[ 65.313944][ T5092] ? xfs_qm_vop_dqalloc+0x8f2/0xee0
[ 65.319156][ T5092] xfs_qm_vop_dqalloc+0x913/0xee0
[ 65.324200][ T5092] ? xfs_qm_quotacheck+0x650/0x650
[ 65.329354][ T5092] xfs_fileattr_set+0x3ff/0x1910
[ 65.334395][ T5092] ? xfs_iunlock+0x157/0x330
[ 65.338990][ T5092] ? __up_read+0x2bd/0x690
[ 65.343433][ T5092] ? make_kprojid+0x205/0x720
[ 65.348109][ T5092] ? xfs_fill_fsxattr+0x6a0/0x6a0
[ 65.353143][ T5092] ? from_kgid_munged+0x7a0/0x7a0
[ 65.358169][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 65.363030][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 65.367886][ T5092] ? fscrypt_prepare_setflags+0x61/0x220
[ 65.373534][ T5092] vfs_fileattr_set+0x8f7/0xd40
[ 65.378416][ T5092] ? copy_fsxattr_to_user+0x3a0/0x3a0
[ 65.383809][ T5092] do_vfs_ioctl+0x1860/0x2b10
[ 65.388499][ T5092] ? __x64_compat_sys_ioctl+0x90/0x90
[ 65.393879][ T5092] ? __lock_acquire+0x1f80/0x1f80
[ 65.398913][ T5092] ? lockdep_hardirqs_on+0x98/0x140
[ 65.404122][ T5092] ? __kmem_cache_free+0x264/0x3c0
[ 65.409244][ T5092] ? tomoyo_path_number_perm+0x663/0x840
[ 65.414883][ T5092] ? tomoyo_path_number_perm+0x6e4/0x840
[ 65.420524][ T5092] ? smack_log+0x123/0x540
[ 65.424951][ T5092] ? smk_access+0x4b0/0x4b0
[ 65.429460][ T5092] ? _raw_spin_lock_irqsave+0x120/0x120
[ 65.435013][ T5092] ? smk_access+0x477/0x4b0
[ 65.439530][ T5092] ? smk_tskacc+0x2ff/0x360
[ 65.444044][ T5092] ? smack_file_ioctl+0x295/0x390
[ 65.449160][ T5092] ? smack_file_alloc_security+0xe0/0xe0
[ 65.454803][ T5092] ? do_notify_parent+0xf50/0xf50
[ 65.459855][ T5092] ? print_irqtrace_events+0x220/0x220
[ 65.465329][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10
[ 65.470363][ T5092] ? security_file_ioctl+0x81/0xa0
[ 65.475480][ T5092] __se_sys_ioctl+0x81/0x160
[ 65.480081][ T5092] do_syscall_64+0x41/0xc0
[ 65.484531][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.490447][ T5092] RIP: 0033:0x7fa0ceacfa79
[ 65.494877][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.514503][ T5092] RSP: 002b:00007fff69971028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.523012][ T5092] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa0ceacfa79
[ 65.530989][ T5092] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 65.538962][ T5092] RBP: 00007fff69971050 R08: 0000000000000001 R09: 00007fff69971060
[ 65.546943][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.554936][ T5092] R13: 00007fff69971090 R14: 00007fff69971070 R15: 0000000000000002
[ 65.562936][ T5092]
[ 65.566992][ T5092] ------------[ cut here ]------------
[ 65.572717][ T5092] WARNING: CPU: 0 PID: 5092 at fs/xfs/xfs_dquot.c:801 xfs_qm_dqget_cache_insert+0x101/0x110
[ 65.582885][ T5092] Modules linked in:
[ 65.586812][ T5092] CPU: 0 PID: 5092 Comm: syz-executor327 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 65.597338][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.607490][ T5092] RIP: 0010:xfs_qm_dqget_cache_insert+0x101/0x110
[ 65.614002][ T5092] Code: 38 c1 7c a2 48 89 ef e8 ad c5 a8 fe eb 98 44 89 e1 80 e1 07 80 c1 03 38 c1 7c a8 4c 89 e7 e8 f6 c4 a8 fe eb 9e e8 5f 0e 53 fe <0f> 0b eb b8 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 56 53 48 89 fb
[ 65.633705][ T5092] RSP: 0018:ffffc90003bbf5b0 EFLAGS: 00010293
[ 65.639871][ T5092] RAX: ffffffff83375ec1 RBX: 00000000fffffffe RCX: ffff88807d50d7c0
[ 65.647882][ T5092] RDX: 0000000000000000 RSI: ffffffff8d371380 RDI: 00000000fffffff4
[ 65.655986][ T5092] RBP: ffff88801db9ed80 R08: 0000000000000005 R09: ffffffff83375e08
[ 65.664039][ T5092] R10: 0000000000000002 R11: ffff88807d50d7c0 R12: ffff888022f8f800
[ 65.672129][ T5092] R13: dffffc0000000000 R14: ffff888022f8f8f0 R15: 00000000fffffff4
[ 65.680168][ T5092] FS: 000055555689b300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[ 65.689210][ T5092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 65.695833][ T5092] CR2: 00007fa0ceb4b140 CR3: 0000000076213000 CR4: 00000000003506f0
[ 65.703982][ T5092] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 65.712030][ T5092] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 65.720120][ T5092] Call Trace:
[ 65.723449][ T5092]
[ 65.726425][ T5092] xfs_qm_dqget+0x2b3/0x4e0
[ 65.731059][ T5092] ? xfs_dquot_to_disk+0x600/0x600
[ 65.736243][ T5092] ? rcu_is_watching+0x15/0xb0
[ 65.741128][ T5092] ? xfs_qm_vop_dqalloc+0x8f2/0xee0
[ 65.746402][ T5092] xfs_qm_vop_dqalloc+0x913/0xee0
[ 65.751558][ T5092] ? xfs_qm_quotacheck+0x650/0x650
[ 65.756758][ T5092] xfs_fileattr_set+0x3ff/0x1910
[ 65.761816][ T5092] ? xfs_iunlock+0x157/0x330
[ 65.766460][ T5092] ? __up_read+0x2bd/0x690
[ 65.770998][ T5092] ? make_kprojid+0x205/0x720
[ 65.775729][ T5092] ? xfs_fill_fsxattr+0x6a0/0x6a0
[ 65.780873][ T5092] ? from_kgid_munged+0x7a0/0x7a0
[ 65.785936][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 65.790886][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 65.795791][ T5092] ? fscrypt_prepare_setflags+0x61/0x220
[ 65.801565][ T5092] vfs_fileattr_set+0x8f7/0xd40
[ 65.806485][ T5092] ? copy_fsxattr_to_user+0x3a0/0x3a0
[ 65.811995][ T5092] do_vfs_ioctl+0x1860/0x2b10
[ 65.816735][ T5092] ? __x64_compat_sys_ioctl+0x90/0x90
[ 65.822208][ T5092] ? __lock_acquire+0x1f80/0x1f80
[ 65.827301][ T5092] ? lockdep_hardirqs_on+0x98/0x140
[ 65.832620][ T5092] ? __kmem_cache_free+0x264/0x3c0
[ 65.837793][ T5092] ? tomoyo_path_number_perm+0x663/0x840
[ 65.843532][ T5092] ? tomoyo_path_number_perm+0x6e4/0x840
[ 65.849254][ T5092] ? smack_log+0x123/0x540
[ 65.853693][ T5092] ? smk_access+0x4b0/0x4b0
[ 65.858211][ T5092] ? _raw_spin_lock_irqsave+0x120/0x120
[ 65.863850][ T5092] ? smk_access+0x477/0x4b0
[ 65.868464][ T5092] ? smk_tskacc+0x2ff/0x360
[ 65.872990][ T5092] ? smack_file_ioctl+0x295/0x390
[ 65.878040][ T5092] ? smack_file_alloc_security+0xe0/0xe0
[ 65.883944][ T5092] ? do_notify_parent+0xf50/0xf50
[ 65.889080][ T5092] ? print_irqtrace_events+0x220/0x220
[ 65.894574][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10
[ 65.899620][ T5092] ? security_file_ioctl+0x81/0xa0
[ 65.904814][ T5092] __se_sys_ioctl+0x81/0x160
[ 65.909509][ T5092] do_syscall_64+0x41/0xc0
[ 65.913972][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.919952][ T5092] RIP: 0033:0x7fa0ceacfa79
[ 65.924419][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.944108][ T5092] RSP: 002b:00007fff69971028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.952626][ T5092] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa0ceacfa79
[ 65.960712][ T5092] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 65.968764][ T5092] RBP: 00007fff69971050 R08: 0000000000000001 R09: 00007fff69971060
[ 65.976774][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 65.984833][ T5092] R13: 00007fff69971090 R14: 00007fff69971070 R15: 0000000000000002
[ 65.992975][ T5092]
[ 65.996022][ T5092] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 66.003308][ T5092] CPU: 0 PID: 5092 Comm: syz-executor327 Not tainted 6.3.0-rc3-syzkaller-00317-g65aca32efdcb #0
[ 66.013746][ T5092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.023812][ T5092] Call Trace:
[ 66.027101][ T5092]
[ 66.030061][ T5092] dump_stack_lvl+0x1e7/0x2d0
[ 66.034772][ T5092] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.040270][ T5092] ? panic+0x770/0x770
[ 66.044357][ T5092] ? vscnprintf+0x5d/0x80
[ 66.048705][ T5092] panic+0x31c/0x770
[ 66.052614][ T5092] ? __warn+0x171/0x4a0
[ 66.056795][ T5092] ? memcpy_page_flushcache+0x100/0x100
[ 66.062411][ T5092] __warn+0x314/0x4a0
[ 66.066425][ T5092] ? xfs_qm_dqget_cache_insert+0x101/0x110
[ 66.072339][ T5092] report_bug+0x2b3/0x500
[ 66.076687][ T5092] ? xfs_qm_dqget_cache_insert+0x101/0x110
[ 66.082520][ T5092] handle_bug+0x3d/0x70
[ 66.086694][ T5092] exc_invalid_op+0x1a/0x50
[ 66.091217][ T5092] asm_exc_invalid_op+0x1a/0x20
[ 66.096115][ T5092] RIP: 0010:xfs_qm_dqget_cache_insert+0x101/0x110
[ 66.102561][ T5092] Code: 38 c1 7c a2 48 89 ef e8 ad c5 a8 fe eb 98 44 89 e1 80 e1 07 80 c1 03 38 c1 7c a8 4c 89 e7 e8 f6 c4 a8 fe eb 9e e8 5f 0e 53 fe <0f> 0b eb b8 66 2e 0f 1f 84 00 00 00 00 00 90 55 41 56 53 48 89 fb
[ 66.122182][ T5092] RSP: 0018:ffffc90003bbf5b0 EFLAGS: 00010293
[ 66.128263][ T5092] RAX: ffffffff83375ec1 RBX: 00000000fffffffe RCX: ffff88807d50d7c0
[ 66.136244][ T5092] RDX: 0000000000000000 RSI: ffffffff8d371380 RDI: 00000000fffffff4
[ 66.144226][ T5092] RBP: ffff88801db9ed80 R08: 0000000000000005 R09: ffffffff83375e08
[ 66.152214][ T5092] R10: 0000000000000002 R11: ffff88807d50d7c0 R12: ffff888022f8f800
[ 66.160195][ T5092] R13: dffffc0000000000 R14: ffff888022f8f8f0 R15: 00000000fffffff4
[ 66.168186][ T5092] ? xfs_qm_dqget_cache_insert+0x48/0x110
[ 66.173939][ T5092] ? xfs_qm_dqget_cache_insert+0x101/0x110
[ 66.179772][ T5092] xfs_qm_dqget+0x2b3/0x4e0
[ 66.184301][ T5092] ? xfs_dquot_to_disk+0x600/0x600
[ 66.189431][ T5092] ? rcu_is_watching+0x15/0xb0
[ 66.194206][ T5092] ? xfs_qm_vop_dqalloc+0x8f2/0xee0
[ 66.199426][ T5092] xfs_qm_vop_dqalloc+0x913/0xee0
[ 66.204477][ T5092] ? xfs_qm_quotacheck+0x650/0x650
[ 66.209621][ T5092] xfs_fileattr_set+0x3ff/0x1910
[ 66.214581][ T5092] ? xfs_iunlock+0x157/0x330
[ 66.219183][ T5092] ? __up_read+0x2bd/0x690
[ 66.223620][ T5092] ? make_kprojid+0x205/0x720
[ 66.228312][ T5092] ? xfs_fill_fsxattr+0x6a0/0x6a0
[ 66.233354][ T5092] ? from_kgid_munged+0x7a0/0x7a0
[ 66.238385][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 66.243251][ T5092] ? xfs_fileattr_get+0xac/0xe0
[ 66.248119][ T5092] ? fscrypt_prepare_setflags+0x61/0x220
[ 66.253778][ T5092] vfs_fileattr_set+0x8f7/0xd40
[ 66.258654][ T5092] ? copy_fsxattr_to_user+0x3a0/0x3a0
[ 66.264056][ T5092] do_vfs_ioctl+0x1860/0x2b10
[ 66.268758][ T5092] ? __x64_compat_sys_ioctl+0x90/0x90
[ 66.274150][ T5092] ? __lock_acquire+0x1f80/0x1f80
[ 66.279199][ T5092] ? lockdep_hardirqs_on+0x98/0x140
[ 66.284419][ T5092] ? __kmem_cache_free+0x264/0x3c0
[ 66.289551][ T5092] ? tomoyo_path_number_perm+0x663/0x840
[ 66.295196][ T5092] ? tomoyo_path_number_perm+0x6e4/0x840
[ 66.300866][ T5092] ? smack_log+0x123/0x540
[ 66.305300][ T5092] ? smk_access+0x4b0/0x4b0
[ 66.309818][ T5092] ? _raw_spin_lock_irqsave+0x120/0x120
[ 66.315380][ T5092] ? smk_access+0x477/0x4b0
[ 66.319902][ T5092] ? smk_tskacc+0x2ff/0x360
[ 66.324421][ T5092] ? smack_file_ioctl+0x295/0x390
[ 66.329459][ T5092] ? smack_file_alloc_security+0xe0/0xe0
[ 66.335105][ T5092] ? do_notify_parent+0xf50/0xf50
[ 66.340157][ T5092] ? print_irqtrace_events+0x220/0x220
[ 66.345630][ T5092] ? bpf_lsm_file_ioctl+0x9/0x10
[ 66.350578][ T5092] ? security_file_ioctl+0x81/0xa0
[ 66.355723][ T5092] __se_sys_ioctl+0x81/0x160
[ 66.360333][ T5092] do_syscall_64+0x41/0xc0
[ 66.364770][ T5092] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.370684][ T5092] RIP: 0033:0x7fa0ceacfa79
[ 66.375195][ T5092] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.394908][ T5092] RSP: 002b:00007fff69971028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 66.403343][ T5092] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fa0ceacfa79
[ 66.411324][ T5092] RDX: 0000000020000140 RSI: 00000000401c5820 RDI: 0000000000000004
[ 66.419302][ T5092] RBP: 00007fff69971050 R08: 0000000000000001 R09: 00007fff69971060
[ 66.427393][ T5092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 66.435394][ T5092] R13: 00007fff69971090 R14: 00007fff69971070 R15: 0000000000000002
[ 66.443388][ T5092]
[ 66.446670][ T5092] Kernel Offset: disabled
[ 66.451075][ T5092] Rebooting in 86400 seconds..