./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1583227577
<...>
syzkaller
syzkaller login: [ 65.060778][ T26] kauditd_printk_skb: 42 callbacks suppressed
[ 65.060794][ T26] audit: type=1400 audit(1686937869.613:77): avc: denied { transition } for pid=4860 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 65.089212][ T26] audit: type=1400 audit(1686937869.623:78): avc: denied { noatsecure } for pid=4860 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 65.108816][ T26] audit: type=1400 audit(1686937869.653:79): avc: denied { write } for pid=4860 comm="sh" path="pipe:[29513]" dev="pipefs" ino=29513 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 65.131731][ T26] audit: type=1400 audit(1686937869.653:80): avc: denied { rlimitinh } for pid=4860 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 65.150624][ T26] audit: type=1400 audit(1686937869.653:81): avc: denied { siginh } for pid=4860 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 66.897594][ T26] audit: type=1400 audit(1686937871.453:82): avc: denied { read } for pid=4429 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
Warning: Permanently added '10.128.0.181' (ECDSA) to the list of known hosts.
execve("./syz-executor1583227577", ["./syz-executor1583227577"], 0x7ffdf4ccb5a0 /* 10 vars */) = 0
brk(NULL) = 0x555556afe000
brk(0x555556afec40) = 0x555556afec40
arch_prctl(ARCH_SET_FS, 0x555556afe300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor1583227577", 4096) = 28
brk(0x555556b1fc40) = 0x555556b1fc40
brk(0x555556b20000) = 0x555556b20000
mprotect(0x7f119ee08000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
[ 83.974901][ T26] audit: type=1400 audit(1686937888.533:83): avc: denied { write } for pid=4993 comm="strace-static-x" path="pipe:[29675]" dev="pipefs" ino=29675 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 4996
mkdir("./syzkaller.KlUdGY", 0700) = 0
chmod("./syzkaller.KlUdGY", 0777) = 0
chdir("./syzkaller.KlUdGY") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556afe5d0) = 4997
./strace-static-x86_64: Process 4997 attached
[ 84.021458][ T26] audit: type=1400 audit(1686937888.573:84): avc: denied { execmem } for pid=4996 comm="syz-executor158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 84.041693][ T26] audit: type=1400 audit(1686937888.593:85): avc: denied { read write } for pid=4996 comm="syz-executor158" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 4997] chdir("./0") = 0
[pid 4997] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 4997] setpgid(0, 0) = 0
[pid 4997] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 4997] write(3, "1000", 4) = 4
[pid 4997] close(3) = 0
[pid 4997] symlink("/dev/binderfs", "./binderfs") = 0
[ 84.067105][ T26] audit: type=1400 audit(1686937888.593:86): avc: denied { open } for pid=4996 comm="syz-executor158" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 84.094076][ T26] audit: type=1400 audit(1686937888.593:87): avc: denied { ioctl } for pid=4996 comm="syz-executor158" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[pid 4997] memfd_create("syzkaller", 0) = 3
[pid 4997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1196946000
[ 84.115097][ T4997] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4997 'syz-executor158'
[pid 4997] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 4997] munmap(0x7f1196946000, 16777216) = 0
[pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 4997] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 4997] close(3) = 0
[pid 4997] mkdir("./file0", 0777) = 0
[ 84.377253][ T4997] loop0: detected capacity change from 0 to 32768
[ 84.387112][ T26] audit: type=1400 audit(1686937888.943:88): avc: denied { mounton } for pid=4997 comm="syz-executor158" path="/root/syzkaller.KlUdGY/0/file0" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 84.391842][ T4997] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor158 (4997)
[ 84.438242][ T4997] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 84.448154][ T4997] BTRFS info (device loop0): setting nodatasum
[ 84.454741][ T4997] BTRFS info (device loop0): allowing degraded mounts
[ 84.456244][ T26] audit: type=1400 audit(1686937889.013:89): avc: denied { append } for pid=4429 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 84.462141][ T4997] BTRFS info (device loop0): use zlib compression, level 3
[ 84.484534][ T26] audit: type=1400 audit(1686937889.013:90): avc: denied { open } for pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 84.491585][ T4997] BTRFS info (device loop0): using free space tree
[pid 4997] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,noautodefrag,nodatasum,rescan_uuid_tree,degraded,compress,") = 0
[pid 4997] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 4997] chdir("./file0") = 0
[pid 4997] ioctl(4, LOOP_CLR_FD) = 0
[pid 4997] close(4) = 0
[pid 4997] open(".", O_RDONLY) = 4
[pid 4997] open(".", O_RDONLY) = 5
[ 84.514327][ T26] audit: type=1400 audit(1686937889.013:91): avc: denied { getattr } for pid=4429 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 84.548960][ T4997] BTRFS info (device loop0): enabling ssd optimizations
[ 84.556740][ T4997] BTRFS info (device loop0): auto enabling async discard
[ 84.567329][ T4997] BTRFS info (device loop0): checking UUID tree
[pid 4997] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 4997] write(6, "18", 2) = 2
[ 84.578879][ T26] audit: type=1400 audit(1686937889.133:92): avc: denied { mount } for pid=4997 comm="syz-executor158" name="/" dev="loop0" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 84.595102][ T4997] FAULT_INJECTION: forcing a failure.
[ 84.595102][ T4997] name failslab, interval 1, probability 0, space 0, times 1
[ 84.614505][ T4997] CPU: 1 PID: 4997 Comm: syz-executor158 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0
[ 84.624980][ T4997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 84.635095][ T4997] Call Trace:
[ 84.638419][ T4997]
[ 84.641389][ T4997] dump_stack_lvl+0x136/0x150
[ 84.646143][ T4997] should_fail_ex+0x4a3/0x5b0
[ 84.650915][ T4997] should_failslab+0x9/0x20
[ 84.655499][ T4997] __kmem_cache_alloc_node+0x5b/0x3f0
[ 84.660927][ T4997] ? sidtab_sid2str_get+0x180/0x700
[ 84.666192][ T4997] __kmalloc_node_track_caller+0x4f/0x1a0
[ 84.671992][ T4997] kmemdup+0x2c/0x60
[ 84.675947][ T4997] sidtab_sid2str_get+0x180/0x700
[ 84.681065][ T4997] sidtab_entry_to_string+0x33/0x110
[ 84.686435][ T4997] security_sid_to_context_core+0x337/0x630
[ 84.692413][ T4997] avc_audit_post_callback+0xfa/0x860
[ 84.697846][ T4997] ? avc_xperms_populate.part.0+0x360/0x360
[ 84.703804][ T4997] ? common_lsm_audit+0x10bc/0x1ed0
[ 84.709079][ T4997] ? lock_downgrade+0x690/0x690
[ 84.714009][ T4997] ? avc_xperms_populate.part.0+0x360/0x360
[ 84.719964][ T4997] common_lsm_audit+0x230/0x1ed0
[ 84.724980][ T4997] ? ipv6_skb_to_auditdata+0xdd0/0xdd0
[ 84.730507][ T4997] ? debug_object_deactivate+0x300/0x300
[ 84.736210][ T4997] ? find_held_lock+0x2d/0x110
[ 84.741053][ T4997] slow_avc_audit+0x13b/0x1c0
[ 84.745792][ T4997] ? avc_get_hash_stats+0x2f0/0x2f0
[ 84.751051][ T4997] ? mark_held_locks+0x9f/0xe0
[ 84.755884][ T4997] ? lockdep_hardirqs_on+0x7d/0x100
[ 84.761145][ T4997] ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 84.767068][ T4997] ? avc_update_node.isra.0+0x4b5/0x820
[ 84.772674][ T4997] audit_inode_permission+0x1d3/0x2a0
[ 84.778142][ T4997] ? ptrace_parent_sid+0x2d0/0x2d0
[ 84.783324][ T4997] ? avc_has_perm_noaudit+0x2f5/0x3a0
[ 84.788896][ T4997] ? avc_has_perm_noaudit+0x148/0x3a0
[ 84.794339][ T4997] selinux_inode_permission+0x45e/0x610
[ 84.799965][ T4997] ? __inode_security_revalidate+0x140/0x140
[ 84.806046][ T4997] ? generic_permission+0x237/0x6a0
[ 84.811314][ T4997] ? fs_param_is_u32+0xd/0x300
[ 84.816171][ T4997] security_inode_permission+0x96/0xf0
[ 84.821718][ T4997] inode_permission.part.0+0x121/0x520
[ 84.827247][ T4997] ? from_kuid_munged+0x130/0x130
[ 84.832350][ T4997] inode_permission+0x40/0x140
[ 84.837181][ T4997] btrfs_mksubvol+0x461/0x1310
[ 84.842019][ T4997] ? create_subvol+0x16f0/0x16f0
[ 84.847025][ T4997] ? make_vfsuid+0x113/0x170
[ 84.851704][ T4997] btrfs_mksnapshot+0xaf/0xf0
[ 84.856490][ T4997] __btrfs_ioctl_snap_create+0x42b/0x4d0
[ 84.862366][ T4997] btrfs_ioctl_snap_create+0x15f/0x200
[ 84.867892][ T4997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 84.873859][ T4997] btrfs_ioctl+0x50e/0x5b30
[ 84.878430][ T4997] ? tomoyo_path_number_perm+0x166/0x570
[ 84.884144][ T4997] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 84.890030][ T4997] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 84.896514][ T4997] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 84.902505][ T4997] ? do_vfs_ioctl+0x132/0x1670
[ 84.907339][ T4997] ? vfs_fileattr_set+0xc40/0xc40
[ 84.912421][ T4997] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 84.918982][ T4997] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 84.925545][ T4997] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 84.931588][ T4997] ? find_held_lock+0x2d/0x110
[ 84.936415][ T4997] ? do_one_initcall+0x270/0x540
[ 84.941423][ T4997] ? lock_downgrade+0x690/0x690
[ 84.946343][ T4997] ? selinux_file_ioctl+0xba/0x280
[ 84.951512][ T4997] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 84.957994][ T4997] __x64_sys_ioctl+0x197/0x210
[ 84.962833][ T4997] do_syscall_64+0x39/0xb0
[ 84.967320][ T4997] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 84.973376][ T4997] RIP: 0033:0x7f119ed93a39
[ 84.977823][ T4997] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 84.997477][ T4997] RSP: 002b:00007fff67b0b728 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.005922][ T4997] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f119ed93a39
[ 85.013931][ T4997] RDX: 0000000020001280 RSI: 0000000050009401 RDI: 0000000000000004
[ 85.021932][ T4997] RBP: 00007fff67b0b750 R08: 0000000000000002 R09: 00007fff67b0b760
[ 85.029943][ T4997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[pid 4997] ioctl(4, BTRFS_IOC_SNAP_CREATE, {fd=5, name="\x58\xe4\xf7\x32\xbe\x38\xe8\xfa\xa8\xe7\xfd"}) = 0
[pid 4997] exit_group(0) = ?
[pid 4997] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4997, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=40 /* 0.40 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
[ 85.037980][ T4997] R13: 00007fff67b0b790 R14: 00007fff67b0b770 R15: 0000000000000000
[ 85.045998][ T4997]
getdents64(3, 0x555556aff620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556b07660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556b07660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x555556aff620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556afe5d0) = 5022
./strace-static-x86_64: Process 5022 attached
[pid 5022] chdir("./1") = 0
[pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5022] setpgid(0, 0) = 0
[pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5022] write(3, "1000", 4) = 4
[pid 5022] close(3) = 0
[pid 5022] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5022] memfd_create("syzkaller", 0) = 3
[pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1196946000
[pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5022] munmap(0x7f1196946000, 16777216) = 0
[pid 5022] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5022] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5022] close(3) = 0
[pid 5022] mkdir("./file0", 0777) = 0
[ 85.513070][ T5022] loop0: detected capacity change from 0 to 32768
[ 85.523771][ T5022] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz-executor158 (5022)
[ 85.541999][ T5022] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[ 85.551749][ T5022] BTRFS info (device loop0): setting nodatasum
[ 85.558120][ T5022] BTRFS info (device loop0): allowing degraded mounts
[ 85.565077][ T5022] BTRFS info (device loop0): use zlib compression, level 3
[ 85.572314][ T5022] BTRFS info (device loop0): using free space tree
[ 85.593387][ T5022] BTRFS info (device loop0): enabling ssd optimizations
[ 85.600504][ T5022] BTRFS info (device loop0): auto enabling async discard
[pid 5022] mount("/dev/loop0", "./file0", "btrfs", MS_SYNCHRONOUS|MS_STRICTATIME, "datacow,noautodefrag,nodatasum,rescan_uuid_tree,degraded,compress,") = 0
[pid 5022] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5022] chdir("./file0") = 0
[pid 5022] ioctl(4, LOOP_CLR_FD) = 0
[pid 5022] close(4) = 0
[pid 5022] open(".", O_RDONLY) = 4
[pid 5022] open(".", O_RDONLY) = 5
[pid 5022] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5022] write(6, "18", 2) = 2
[ 85.609086][ T5022] BTRFS info (device loop0): checking UUID tree
[ 85.636013][ T5022] FAULT_INJECTION: forcing a failure.
[ 85.636013][ T5022] name failslab, interval 1, probability 0, space 0, times 0
[ 85.649186][ T5022] CPU: 1 PID: 5022 Comm: syz-executor158 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0
[ 85.659679][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 85.669791][ T5022] Call Trace:
[ 85.673123][ T5022]
[ 85.676111][ T5022] dump_stack_lvl+0x136/0x150
[ 85.680864][ T5022] should_fail_ex+0x4a3/0x5b0
[ 85.685628][ T5022] should_failslab+0x9/0x20
[ 85.690234][ T5022] kmem_cache_alloc+0x5d/0x3f0
[ 85.695247][ T5022] ? __radix_tree_lookup+0x215/0x2a0
[ 85.700592][ T5022] btrfs_set_inode_index_count+0xd5/0x340
[ 85.706367][ T5022] ? get_extent_allocation_hint+0x130/0x130
[ 85.712318][ T5022] ? btrfs_get_delayed_node+0xfd/0x5b0
[ 85.717850][ T5022] ? ktime_get_coarse_real_ts64+0x15f/0x200
[ 85.723811][ T5022] ? btrfs_async_run_delayed_root+0x720/0x720
[ 85.729947][ T5022] ? current_time+0x1fe/0x2c0
[ 85.734693][ T5022] btrfs_set_inode_index+0xe9/0x150
[ 85.739974][ T5022] create_pending_snapshot+0x863/0x2d30
[ 85.745579][ T5022] ? __btrfs_abort_transaction+0x180/0x180
[ 85.751471][ T5022] ? rcu_is_watching+0x12/0xb0
[ 85.756318][ T5022] ? trace_contention_end+0xd8/0x100
[ 85.761654][ T5022] ? __mutex_lock+0x231/0x1350
[ 85.766479][ T5022] ? btrfs_commit_transaction+0xf06/0x3fa0
[ 85.772355][ T5022] ? lock_sync+0x190/0x190
[ 85.776836][ T5022] ? btrfs_commit_transaction+0xd1c/0x3fa0
[ 85.782700][ T5022] create_pending_snapshots+0x174/0x2c0
[ 85.788306][ T5022] btrfs_commit_transaction+0xf0e/0x3fa0
[ 85.794010][ T5022] ? radix_tree_tag_set+0x260/0x300
[ 85.799287][ T5022] ? create_pending_snapshots+0x2c0/0x2c0
[ 85.805064][ T5022] ? start_transaction+0x2aa/0x14c0
[ 85.810335][ T5022] btrfs_mksubvol+0xa6f/0x1310
[ 85.815255][ T5022] ? create_subvol+0x16f0/0x16f0
[ 85.820252][ T5022] ? make_vfsuid+0x113/0x170
[ 85.824937][ T5022] btrfs_mksnapshot+0xaf/0xf0
[ 85.829679][ T5022] __btrfs_ioctl_snap_create+0x42b/0x4d0
[ 85.835391][ T5022] btrfs_ioctl_snap_create+0x15f/0x200
[ 85.840928][ T5022] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 85.846973][ T5022] btrfs_ioctl+0x50e/0x5b30
[ 85.851540][ T5022] ? tomoyo_path_number_perm+0x166/0x570
[ 85.857262][ T5022] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 85.863174][ T5022] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 85.869668][ T5022] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 85.875736][ T5022] ? do_vfs_ioctl+0x132/0x1670
[ 85.880658][ T5022] ? vfs_fileattr_set+0xc40/0xc40
[ 85.885848][ T5022] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 85.892874][ T5022] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 85.899466][ T5022] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 85.905702][ T5022] ? find_held_lock+0x2d/0x110
[ 85.910712][ T5022] ? do_one_initcall+0x270/0x540
[ 85.915740][ T5022] ? lock_downgrade+0x690/0x690
[ 85.920749][ T5022] ? selinux_file_ioctl+0xba/0x280
[ 85.925933][ T5022] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 85.932542][ T5022] __x64_sys_ioctl+0x197/0x210
[ 85.937332][ T5022] do_syscall_64+0x39/0xb0
[ 85.941791][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 85.947723][ T5022] RIP: 0033:0x7f119ed93a39
[ 85.952250][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 85.972083][ T5022] RSP: 002b:00007fff67b0b728 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.980554][ T5022] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f119ed93a39
[ 85.988545][ T5022] RDX: 0000000020001280 RSI: 0000000050009401 RDI: 0000000000000004
[ 85.996540][ T5022] RBP: 00007fff67b0b750 R08: 0000000000000002 R09: 00007fff67b0b760
[ 86.004549][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 86.012556][ T5022] R13: 00007fff67b0b790 R14: 00007fff67b0b770 R15: 0000000000000001
[ 86.020594][ T5022]
[ 86.024955][ T5022] ------------[ cut here ]------------
[ 86.030571][ T5022] kernel BUG at fs/btrfs/transaction.c:1691!
[ 86.036734][ T5022] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 86.042823][ T5022] CPU: 1 PID: 5022 Comm: syz-executor158 Not tainted 6.4.0-rc6-syzkaller-00049-g62d8779610bb #0
[ 86.053440][ T5022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 86.063968][ T5022] RIP: 0010:create_pending_snapshot+0x1854/0x2d30
[ 86.070579][ T5022] Code: 89 e8 ba b3 06 00 00 4c 89 ff 44 8b ad d0 fd ff ff 48 c7 c6 80 00 95 8a 44 89 e9 e8 36 e6 ff ff e9 54 ee ff ff e8 9c 7d 1c fe <0f> 0b e8 95 7d 1c fe 48 8b bd 90 fe ff ff e8 b9 6d 0e 00 48 8b bd
[ 86.090289][ T5022] RSP: 0018:ffffc9000353f5f8 EFLAGS: 00010293
[ 86.096384][ T5022] RAX: 0000000000000000 RBX: ffff888028fcc400 RCX: 0000000000000000
[ 86.104381][ T5022] RDX: ffff88801a370180 RSI: ffffffff8366ea14 RDI: 0000000000000005
[ 86.112366][ T5022] RBP: ffffc9000353f868 R08: 0000000000000005 R09: 0000000000000000
[ 86.120365][ T5022] R10: 00000000fffffff4 R11: 0000000000000001 R12: ffff88807cd80000
[ 86.128401][ T5022] R13: 00000000fffffff4 R14: ffff88807970e000 R15: ffff888071b1ad20
[ 86.136390][ T5022] FS: 0000555556afe300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 86.145403][ T5022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.152005][ T5022] CR2: 0000000020002000 CR3: 0000000018bc5000 CR4: 00000000003506e0
[ 86.159995][ T5022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 86.167981][ T5022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 86.175970][ T5022] Call Trace:
[ 86.179258][ T5022]
[ 86.182198][ T5022] ? die+0x32/0x90
[ 86.185956][ T5022] ? do_trap+0x1b2/0x3f0
[ 86.190222][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.196047][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.201882][ T5022] ? do_error_trap+0xb1/0x170
[ 86.206616][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.212440][ T5022] ? handle_invalid_op+0x2c/0x30
[ 86.217401][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.223223][ T5022] ? exc_invalid_op+0x2f/0x50
[ 86.227920][ T5022] ? asm_exc_invalid_op+0x1a/0x20
[ 86.232980][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.238803][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.244629][ T5022] ? create_pending_snapshot+0x1854/0x2d30
[ 86.250472][ T5022] ? __btrfs_abort_transaction+0x180/0x180
[ 86.256330][ T5022] ? rcu_is_watching+0x12/0xb0
[ 86.261142][ T5022] ? trace_contention_end+0xd8/0x100
[ 86.266448][ T5022] ? __mutex_lock+0x231/0x1350
[ 86.271236][ T5022] ? btrfs_commit_transaction+0xf06/0x3fa0
[ 86.277063][ T5022] ? lock_sync+0x190/0x190
[ 86.281507][ T5022] ? btrfs_commit_transaction+0xd1c/0x3fa0
[ 86.287331][ T5022] create_pending_snapshots+0x174/0x2c0
[ 86.292899][ T5022] btrfs_commit_transaction+0xf0e/0x3fa0
[ 86.298550][ T5022] ? radix_tree_tag_set+0x260/0x300
[ 86.303787][ T5022] ? create_pending_snapshots+0x2c0/0x2c0
[ 86.309527][ T5022] ? start_transaction+0x2aa/0x14c0
[ 86.314745][ T5022] btrfs_mksubvol+0xa6f/0x1310
[ 86.319534][ T5022] ? create_subvol+0x16f0/0x16f0
[ 86.324496][ T5022] ? make_vfsuid+0x113/0x170
[ 86.329124][ T5022] btrfs_mksnapshot+0xaf/0xf0
[ 86.333829][ T5022] __btrfs_ioctl_snap_create+0x42b/0x4d0
[ 86.339493][ T5022] btrfs_ioctl_snap_create+0x15f/0x200
[ 86.344978][ T5022] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 86.350893][ T5022] btrfs_ioctl+0x50e/0x5b30
[ 86.355418][ T5022] ? tomoyo_path_number_perm+0x166/0x570
[ 86.361084][ T5022] ? tomoyo_execute_permission+0x4a0/0x4a0
[ 86.366923][ T5022] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.373372][ T5022] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 86.379319][ T5022] ? do_vfs_ioctl+0x132/0x1670
[ 86.384103][ T5022] ? vfs_fileattr_set+0xc40/0xc40
[ 86.389143][ T5022] ? ioctl_has_perm.constprop.0.isra.0+0x28c/0x420
[ 86.395666][ T5022] ? ioctl_has_perm.constprop.0.isra.0+0x295/0x420
[ 86.402183][ T5022] ? selinux_bprm_creds_for_exec+0xb20/0xb20
[ 86.408180][ T5022] ? find_held_lock+0x2d/0x110
[ 86.413052][ T5022] ? do_one_initcall+0x270/0x540
[ 86.418019][ T5022] ? lock_downgrade+0x690/0x690
[ 86.422900][ T5022] ? selinux_file_ioctl+0xba/0x280
[ 86.428032][ T5022] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 86.434483][ T5022] __x64_sys_ioctl+0x197/0x210
[ 86.439265][ T5022] do_syscall_64+0x39/0xb0
[ 86.443697][ T5022] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 86.449623][ T5022] RIP: 0033:0x7f119ed93a39
[ 86.454053][ T5022] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 86.473768][ T5022] RSP: 002b:00007fff67b0b728 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.482298][ T5022] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f119ed93a39
[ 86.490288][ T5022] RDX: 0000000020001280 RSI: 0000000050009401 RDI: 0000000000000004
[ 86.498276][ T5022] RBP: 00007fff67b0b750 R08: 0000000000000002 R09: 00007fff67b0b760
[ 86.506264][ T5022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 86.514250][ T5022] R13: 00007fff67b0b790 R14: 00007fff67b0b770 R15: 0000000000000001
[ 86.522243][ T5022]
[ 86.525275][ T5022] Modules linked in:
[ 86.530042][ T5022] ---[ end trace 0000000000000000 ]---
[ 86.535570][ T5022] RIP: 0010:create_pending_snapshot+0x1854/0x2d30
[ 86.542104][ T5022] Code: 89 e8 ba b3 06 00 00 4c 89 ff 44 8b ad d0 fd ff ff 48 c7 c6 80 00 95 8a 44 89 e9 e8 36 e6 ff ff e9 54 ee ff ff e8 9c 7d 1c fe <0f> 0b e8 95 7d 1c fe 48 8b bd 90 fe ff ff e8 b9 6d 0e 00 48 8b bd
[ 86.561842][ T5022] RSP: 0018:ffffc9000353f5f8 EFLAGS: 00010293
[ 86.567994][ T5022] RAX: 0000000000000000 RBX: ffff888028fcc400 RCX: 0000000000000000
[ 86.576034][ T5022] RDX: ffff88801a370180 RSI: ffffffff8366ea14 RDI: 0000000000000005
[ 86.584040][ T5022] RBP: ffffc9000353f868 R08: 0000000000000005 R09: 0000000000000000
[ 86.592064][ T5022] R10: 00000000fffffff4 R11: 0000000000000001 R12: ffff88807cd80000
[ 86.600099][ T5022] R13: 00000000fffffff4 R14: ffff88807970e000 R15: ffff888071b1ad20
[ 86.608133][ T5022] FS: 0000555556afe300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 86.617134][ T5022] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 86.623749][ T5022] CR2: 0000000020002000 CR3: 0000000018bc5000 CR4: 00000000003506e0
[ 86.631770][ T5022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 86.639820][ T5022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 86.647850][ T5022] Kernel panic - not syncing: Fatal exception
[ 86.654188][ T5022] Kernel Offset: disabled
[ 86.658525][ T5022] Rebooting in 86400 seconds..