./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor141654793
<...>
Warning: Permanently added '10.128.1.2' (ECDSA) to the list of known hosts.
execve("./syz-executor141654793", ["./syz-executor141654793"], 0x7ffe89045c20 /* 10 vars */) = 0
brk(NULL) = 0x55555631c000
brk(0x55555631cc40) = 0x55555631cc40
arch_prctl(ARCH_SET_FS, 0x55555631c300) = 0
uname({sysname="Linux", nodename="syzkaller", ...}) = 0
readlink("/proc/self/exe", "/root/syz-executor141654793", 4096) = 27
brk(0x55555633dc40) = 0x55555633dc40
brk(0x55555633e000) = 0x55555633e000
mprotect(0x7fbe0d4b7000, 16384, PROT_READ) = 0
mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000
mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000
mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
getpid() = 5069
mkdir("./syzkaller.fzqNuv", 0700) = 0
chmod("./syzkaller.fzqNuv", 0777) = 0
chdir("./syzkaller.fzqNuv") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631c5d0) = 5070
./strace-static-x86_64: Process 5070 attached
[pid 5070] chdir("./0") = 0
[pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5070] setpgid(0, 0) = 0
[pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5070] write(3, "1000", 4) = 4
[pid 5070] close(3) = 0
[pid 5070] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5070] memfd_create("syzkaller", 0) = 3
[pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe04ff6000
[ 63.646964][ T5070] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5070 'syz-executor141'
[pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5070] munmap(0x7fbe04ff6000, 16777216) = 0
[pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5070] close(3) = 0
[pid 5070] mkdir("./file0", 0777) = 0
[ 63.833370][ T5070] loop0: detected capacity change from 0 to 32768
[ 63.847542][ T5070] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor141 (5070)
[ 63.870413][ T5070] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[pid 5070] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5070] chdir("./file0") = 0
[pid 5070] ioctl(4, LOOP_CLR_FD) = 0
[pid 5070] close(4) = 0
[ 63.879295][ T5070] BTRFS info (device loop0): enabling ssd optimizations
[ 63.886301][ T5070] BTRFS info (device loop0): using spread ssd allocation scheme
[ 63.894436][ T5070] BTRFS info (device loop0): turning on sync discard
[ 63.901438][ T5070] BTRFS info (device loop0): using free space tree
[pid 5070] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[pid 5070] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5070] creat("./file0/file0", 000) = 5
[pid 5070] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5070] write(6, "5", 1) = 1
[ 64.018909][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 64.029072][ T5070] FAULT_INJECTION: forcing a failure.
[ 64.029072][ T5070] name failslab, interval 1, probability 0, space 0, times 1
[ 64.042053][ T5070] CPU: 0 PID: 5070 Comm: syz-executor141 Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[ 64.052507][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.062608][ T5070] Call Trace:
[ 64.065920][ T5070]
[ 64.068880][ T5070] dump_stack_lvl+0x1e7/0x2d0
[ 64.073628][ T5070] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.079127][ T5070] ? panic+0x770/0x770
[ 64.083239][ T5070] ? tomoyo_init_log+0x1d1b/0x2060
[ 64.088398][ T5070] should_fail_ex+0x3aa/0x4e0
[ 64.093124][ T5070] should_failslab+0x9/0x20
[ 64.097668][ T5070] slab_pre_alloc_hook+0x59/0x2b0
[ 64.102737][ T5070] ? tomoyo_supervisor+0xede/0x12d0
[ 64.107960][ T5070] __kmem_cache_alloc_node+0x4b/0x290
[ 64.113373][ T5070] ? rcu_lock_release+0x30/0x30
[ 64.118278][ T5070] ? tomoyo_supervisor+0xede/0x12d0
[ 64.123506][ T5070] __kmalloc+0xa8/0x230
[ 64.127683][ T5070] tomoyo_supervisor+0xede/0x12d0
[ 64.132733][ T5070] ? ptr_to_hashval+0x80/0x80
[ 64.137426][ T5070] ? tomoyo_profile+0x50/0x50
[ 64.142126][ T5070] ? snprintf+0xda/0x120
[ 64.146388][ T5070] ? tomoyo_print_ulong+0x27/0xa0
[ 64.151429][ T5070] ? vscnprintf+0x80/0x80
[ 64.155813][ T5070] ? tomoyo_check_acl+0x378/0x3f0
[ 64.160846][ T5070] tomoyo_path_number_perm+0x5be/0x840
[ 64.166318][ T5070] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.171788][ T5070] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.177376][ T5070] ? do_notify_parent+0xf50/0xf50
[ 64.182422][ T5070] ? print_irqtrace_events+0x220/0x220
[ 64.187911][ T5070] security_file_ioctl+0x71/0xa0
[ 64.192868][ T5070] __se_sys_ioctl+0x47/0x160
[ 64.197470][ T5070] do_syscall_64+0x41/0xc0
[ 64.201907][ T5070] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.207811][ T5070] RIP: 0033:0x7fbe0d443b99
[ 64.212245][ T5070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 64.231864][ T5070] RSP: 002b:00007fffe2488ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 64.240290][ T5070] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbe0d443b99
[ 64.248353][ T5070] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 64.256337][ T5070] RBP: 00007fffe2488b00 R08: 0000000000000001 R09: 00007fffe2488b10
[pid 5070] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 5070] exit_group(0) = ?
[pid 5070] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=5 /* 0.05 s */, si_stime=28 /* 0.28 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555631d620 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./0/binderfs") = 0
[ 64.264321][ T5070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 64.272294][ T5070] R13: 00007fffe2488b40 R14: 00007fffe2488b20 R15: 0000000000000000
[ 64.280288][ T5070]
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556325660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556325660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555631d620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555631c5d0) = 5096
./strace-static-x86_64: Process 5096 attached
[pid 5096] chdir("./1") = 0
[pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5096] setpgid(0, 0) = 0
[pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5096] write(3, "1000", 4) = 4
[pid 5096] close(3) = 0
[pid 5096] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5096] memfd_create("syzkaller", 0) = 3
[pid 5096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe04ff6000
[pid 5096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5096] munmap(0x7fbe04ff6000, 16777216) = 0
[pid 5096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5096] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5096] close(3) = 0
[pid 5096] mkdir("./file0", 0777) = 0
[ 64.664806][ T5096] loop0: detected capacity change from 0 to 32768
[ 64.675084][ T5096] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor141 (5096)
[ 64.692252][ T5096] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 64.700960][ T5096] BTRFS info (device loop0): enabling ssd optimizations
[pid 5096] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5096] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5096] chdir("./file0") = 0
[pid 5096] ioctl(4, LOOP_CLR_FD) = 0
[pid 5096] close(4) = 0
[pid 5096] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 64.707918][ T5096] BTRFS info (device loop0): using spread ssd allocation scheme
[ 64.715641][ T5096] BTRFS info (device loop0): turning on sync discard
[ 64.722417][ T5096] BTRFS info (device loop0): using free space tree
[pid 5096] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5096] creat("./file0/file0", 000) = 5
[pid 5096] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5096] write(6, "5", 1) = 1
[ 64.786235][ T41] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 64.809002][ T5096] FAULT_INJECTION: forcing a failure.
[ 64.809002][ T5096] name failslab, interval 1, probability 0, space 0, times 0
[ 64.822238][ T5096] CPU: 1 PID: 5096 Comm: syz-executor141 Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[ 64.832781][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 64.842896][ T5096] Call Trace:
[ 64.846202][ T5096]
[ 64.849163][ T5096] dump_stack_lvl+0x1e7/0x2d0
[ 64.853892][ T5096] ? nf_tcp_handle_invalid+0x650/0x650
[ 64.859397][ T5096] ? panic+0x770/0x770
[ 64.863533][ T5096] ? tomoyo_init_log+0x1d1b/0x2060
[ 64.868714][ T5096] should_fail_ex+0x3aa/0x4e0
[ 64.873451][ T5096] should_failslab+0x9/0x20
[ 64.877994][ T5096] slab_pre_alloc_hook+0x59/0x2b0
[ 64.883077][ T5096] ? tomoyo_supervisor+0xede/0x12d0
[ 64.888339][ T5096] __kmem_cache_alloc_node+0x4b/0x290
[ 64.893754][ T5096] ? rcu_lock_release+0x30/0x30
[ 64.898649][ T5096] ? tomoyo_supervisor+0xede/0x12d0
[ 64.903979][ T5096] __kmalloc+0xa8/0x230
[ 64.908176][ T5096] tomoyo_supervisor+0xede/0x12d0
[ 64.913420][ T5096] ? ptr_to_hashval+0x80/0x80
[ 64.918147][ T5096] ? tomoyo_profile+0x50/0x50
[ 64.922862][ T5096] ? snprintf+0xda/0x120
[ 64.927122][ T5096] ? tomoyo_print_ulong+0x27/0xa0
[ 64.932165][ T5096] ? vscnprintf+0x80/0x80
[ 64.936515][ T5096] ? tomoyo_check_acl+0x378/0x3f0
[ 64.941557][ T5096] tomoyo_path_number_perm+0x5be/0x840
[ 64.947043][ T5096] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 64.952525][ T5096] ? _raw_spin_lock_irqsave+0x120/0x120
[ 64.958111][ T5096] ? do_notify_parent+0xf50/0xf50
[ 64.963248][ T5096] ? print_irqtrace_events+0x220/0x220
[ 64.968733][ T5096] security_file_ioctl+0x71/0xa0
[ 64.973689][ T5096] __se_sys_ioctl+0x47/0x160
[ 64.978296][ T5096] do_syscall_64+0x41/0xc0
[ 64.982731][ T5096] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 64.988639][ T5096] RIP: 0033:0x7fbe0d443b99
[ 64.993083][ T5096] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.012696][ T5096] RSP: 002b:00007fffe2488ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.021123][ T5096] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbe0d443b99
[ 65.029096][ T5096] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[pid 5096] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = 0
[pid 5096] exit_group(0) = ?
[pid 5096] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555631d620 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./1/binderfs") = 0
[ 65.037082][ T5096] RBP: 00007fffe2488b00 R08: 0000000000000001 R09: 00007fffe2488b10
[ 65.045057][ T5096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 65.053047][ T5096] R13: 00007fffe2488b40 R14: 00007fffe2488b20 R15: 0000000000000001
[ 65.061052][ T5096]
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(4, 0x555556325660 /* 2 entries */, 32768) = 48
getdents64(4, 0x555556325660 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555631d620 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5115 attached
, child_tidptr=0x55555631c5d0) = 5115
[pid 5115] chdir("./2") = 0
[pid 5115] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5115] setpgid(0, 0) = 0
[pid 5115] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5115] write(3, "1000", 4) = 4
[pid 5115] close(3) = 0
[pid 5115] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5115] memfd_create("syzkaller", 0) = 3
[pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbe04ff6000
[pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5115] munmap(0x7fbe04ff6000, 16777216) = 0
[pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5115] close(3) = 0
[pid 5115] mkdir("./file0", 0777) = 0
[ 65.399648][ T5115] loop0: detected capacity change from 0 to 32768
[ 65.411429][ T5115] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop0 scanned by syz-executor141 (5115)
[ 65.428444][ T5115] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 65.437354][ T5115] BTRFS info (device loop0): enabling ssd optimizations
[pid 5115] mount("/dev/loop0", "./file0", "btrfs", 0, "noacl,subvolid=0x0000000000000000,ssd_spread,space_cache=v2,discard,enospc_debug,space_cache=v2,nofl"...) = 0
[pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5115] chdir("./file0") = 0
[pid 5115] ioctl(4, LOOP_CLR_FD) = 0
[pid 5115] close(4) = 0
[pid 5115] openat(AT_FDCWD, "cgroup.controllers", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4
[ 65.444476][ T5115] BTRFS info (device loop0): using spread ssd allocation scheme
[ 65.452352][ T5115] BTRFS info (device loop0): turning on sync discard
[ 65.459072][ T5115] BTRFS info (device loop0): using free space tree
[pid 5115] ioctl(4, BTRFS_IOC_QUOTA_CTL, {cmd=BTRFS_QUOTA_CTL_ENABLE}) = 0
[pid 5115] creat("./file0/file0", 000) = 5
[pid 5115] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 6
[pid 5115] write(6, "5", 1) = 1
[ 65.530954][ T56] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[ 65.543589][ T5115] FAULT_INJECTION: forcing a failure.
[ 65.543589][ T5115] name failslab, interval 1, probability 0, space 0, times 0
[ 65.559289][ T5115] CPU: 1 PID: 5115 Comm: syz-executor141 Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[ 65.569747][ T5115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.579836][ T5115] Call Trace:
[ 65.583236][ T5115]
[ 65.586465][ T5115] dump_stack_lvl+0x1e7/0x2d0
[ 65.591200][ T5115] ? nf_tcp_handle_invalid+0x650/0x650
[ 65.596711][ T5115] ? panic+0x770/0x770
[ 65.600826][ T5115] ? __might_sleep+0xc0/0xc0
[ 65.605471][ T5115] should_fail_ex+0x3aa/0x4e0
[ 65.610206][ T5115] should_failslab+0x9/0x20
[ 65.614764][ T5115] slab_pre_alloc_hook+0x59/0x2b0
[ 65.619851][ T5115] kmem_cache_alloc+0x52/0x2e0
[ 65.624761][ T5115] ? __btrfs_free_extent+0x20a/0x2ef0
[ 65.630203][ T5115] __btrfs_free_extent+0x20a/0x2ef0
[ 65.635506][ T5115] ? __btrfs_inc_extent_ref+0x5f0/0x5f0
[ 65.641103][ T5115] ? _raw_read_unlock+0x28/0x40
[ 65.646013][ T5115] ? do_raw_spin_unlock+0x13b/0x8b0
[ 65.651277][ T5115] __btrfs_run_delayed_refs+0x10c6/0x4100
[ 65.657084][ T5115] ? unwind_get_return_address+0x4d/0x90
[ 65.662866][ T5115] ? __lock_acquire+0x125b/0x1f80
[ 65.667964][ T5115] ? btrfs_run_delayed_refs+0x480/0x480
[ 65.673667][ T5115] ? reacquire_held_locks+0x660/0x660
[ 65.679089][ T5115] ? read_lock_is_recursive+0x20/0x20
[ 65.684510][ T5115] ? mark_lock+0x9a/0x340
[ 65.688903][ T5115] btrfs_run_delayed_refs+0x140/0x480
[ 65.694337][ T5115] ? btrfs_trans_release_metadata+0x158/0x1c0
[ 65.700442][ T5115] btrfs_commit_transaction+0x42c/0x3440
[ 65.706117][ T5115] ? btrfs_commit_transaction_async+0x450/0x450
[ 65.712383][ T5115] ? read_lock_is_recursive+0x20/0x20
[ 65.717769][ T5115] ? btrfs_ioctl_set_fslabel+0x265/0x2b0
[ 65.723427][ T5115] ? __lock_acquire+0x1f80/0x1f80
[ 65.728460][ T5115] ? do_raw_spin_lock+0x14d/0x3a0
[ 65.733515][ T5115] ? do_raw_spin_unlock+0x13b/0x8b0
[ 65.738735][ T5115] btrfs_ioctl_set_fslabel+0x26d/0x2b0
[ 65.744213][ T5115] ? btrfs_ioctl_get_fslabel+0x1e0/0x1e0
[ 65.749895][ T5115] ? do_notify_parent+0xf50/0xf50
[ 65.754955][ T5115] btrfs_ioctl+0xa00/0xd40
[ 65.759404][ T5115] ? btrfs_ioctl_get_supported_features+0x50/0x50
[ 65.765837][ T5115] __se_sys_ioctl+0xf1/0x160
[ 65.770456][ T5115] do_syscall_64+0x41/0xc0
[ 65.774891][ T5115] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 65.780803][ T5115] RIP: 0033:0x7fbe0d443b99
[ 65.785240][ T5115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 65.804859][ T5115] RSP: 002b:00007fffe2488ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 65.813288][ T5115] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbe0d443b99
[ 65.821274][ T5115] RDX: 00000000200001c0 RSI: 0000000041009432 RDI: 0000000000000005
[ 65.829256][ T5115] RBP: 00007fffe2488b00 R08: 0000000000000001 R09: 00007fffe2488b10
[ 65.837234][ T5115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[ 65.845220][ T5115] R13: 00007fffe2488b40 R14: 00007fffe2488b20 R15: 0000000000000002
[ 65.853217][ T5115]
[ 65.857124][ T5115] BTRFS error (device loop0): failed to run delayed ref for logical 5345280 num_bytes 4096 type 176 action 2 ref_mod 1: -12
[ 65.870819][ T5115] BTRFS: error (device loop0: state A) in btrfs_run_delayed_refs:2150: errno=-12 Out of memory
[pid 5115] ioctl(5, FS_IOC_SETFSLABEL, "\x81\xb3\xde\x25\x34\x83\x1d\xeb\x49\x60\x7b\x06\x03\xf5\xb5\x27\x60\x4b\x34\xb8\xc5\x7a\xa0\x99\xf4\xe8\xaf\xa5\x56\xb5\x42\x72\x9f\xc5\x90\xb6\x82\x1c\x6d\x50\x58\xb4\xd8\xe3\x40\x22\xeb\xa5\x6a\x71\x18\x8f\xc9\x01\xa5\xb7\x80\xa0\xcb\xec\x86\xb5\x2e\xd2\xc4\xeb\x32\x88\x98\xbe\x74\xce\xed\x81\x6b\x79\x57\xd9\xc6\xd8\xb5\x9b\x97\x48\x60\x51\x39\x67\xae\xe2\xc9\xaa\x33\x9d\x8e\xde\x28\x96\x65\xd6\xe9\x4e\x20\x1c\xd2\x48\x05\xd2\x5c\xd0\xf6\x3e\x48\xb4\xdd\x5e\xa8\xf1\x01\x57\x35\x2f\x59\x48\xec\x81\x4a\xc7\xda\x25\x05\x4e\x12\x90\x69\x19\xe7\x14\x3e\x2a\x60\x3e\xc6\x49") = -1 ENOMEM (Cannot allocate memory)
[pid 5115] exit_group(0) = ?
[pid 5115] +++ exited with 0 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5115, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
getdents64(3, 0x55555631d620 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0
unlink("./2/binderfs") = 0
[ 65.882635][ T5115] BTRFS info (device loop0: state EA): forced readonly
[ 65.892503][ T5131] ------------[ cut here ]------------
[ 65.898627][ T5131] WARNING: CPU: 1 PID: 5131 at fs/btrfs/transaction.c:145 btrfs_put_transaction+0x37f/0x3e0
[ 65.908946][ T5131] Modules linked in:
[ 65.912892][ T5131] CPU: 1 PID: 5131 Comm: btrfs-transacti Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[ 65.923349][ T5131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 65.933453][ T5131] RIP: 0010:btrfs_put_transaction+0x37f/0x3e0
[ 65.939571][ T5131] Code: 48 89 da e8 a3 08 1b 07 e9 00 fe ff ff e8 89 9f 06 fe 0f 0b e9 ef fc ff ff e8 7d 9f 06 fe 0f 0b e9 72 fd ff ff e8 71 9f 06 fe <0f> 0b e9 9b fd ff ff e8 65 9f 06 fe 48 89 df be 03 00 00 00 48 83
[ 65.959258][ T5131] RSP: 0018:ffffc9000457fbe0 EFLAGS: 00010293
[ 65.965372][ T5131] RAX: ffffffff8383cdaf RBX: ffff88802b40b330 RCX: ffff88801fe53a80
[ 65.973423][ T5131] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 65.981454][ T5131] RBP: 0000000000000001 R08: ffffffff8383caaf R09: ffffed1005681603
[ 65.989489][ T5131] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88802b40b028
[ 65.997483][ T5131] R13: ffff88802b40b000 R14: ffff88802b40b000 R15: ffff8880798d4c10
[ 66.005510][ T5131] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 66.014516][ T5131] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 66.021148][ T5131] CR2: 000055bf519b2018 CR3: 000000002a532000 CR4: 00000000003506e0
[ 66.029201][ T5131] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 66.037205][ T5131] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 66.045229][ T5131] Call Trace:
[ 66.048523][ T5131]
[ 66.051611][ T5131] btrfs_cleanup_transaction+0x543/0x1a60
[ 66.057398][ T5131] ? __lock_acquire+0x1f80/0x1f80
[ 66.062499][ T5131] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 66.068437][ T5131] ? btrfs_check_uuid_tree+0x80/0x80
[ 66.073804][ T5131] ? __mutex_unlock_slowpath+0x21c/0x750
[ 66.079521][ T5131] ? mutex_unlock+0x10/0x10
[ 66.084049][ T5131] ? do_raw_spin_unlock+0x13b/0x8b0
[ 66.089317][ T5131] transaction_kthread+0x424/0x4c0
[ 66.094498][ T5131] kthread+0x270/0x300
[ 66.098588][ T5131] ? cleaner_kthread+0x3c0/0x3c0
[ 66.103583][ T5131] ? kthread_blkcg+0xd0/0xd0
[ 66.108234][ T5131] ret_from_fork+0x1f/0x30
[ 66.112738][ T5131]
[ 66.115777][ T5131] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 66.123055][ T5131] CPU: 1 PID: 5131 Comm: btrfs-transacti Not tainted 6.3.0-rc3-syzkaller-00026-gfff5a5e7f528 #0
[ 66.133553][ T5131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 66.143611][ T5131] Call Trace:
[ 66.146887][ T5131]
[ 66.149828][ T5131] dump_stack_lvl+0x1e7/0x2d0
[ 66.154529][ T5131] ? nf_tcp_handle_invalid+0x650/0x650
[ 66.160017][ T5131] ? panic+0x770/0x770
[ 66.164118][ T5131] ? vscnprintf+0x5d/0x80
[ 66.168468][ T5131] panic+0x31c/0x770
[ 66.172372][ T5131] ? __warn+0x171/0x4a0
[ 66.176882][ T5131] ? memcpy_page_flushcache+0x100/0x100
[ 66.182443][ T5131] ? ret_from_fork+0x1f/0x30
[ 66.187048][ T5131] __warn+0x314/0x4a0
[ 66.191040][ T5131] ? btrfs_put_transaction+0x37f/0x3e0
[ 66.196518][ T5131] report_bug+0x2b3/0x500
[ 66.200861][ T5131] ? btrfs_put_transaction+0x37f/0x3e0
[ 66.206327][ T5131] handle_bug+0x3d/0x70
[ 66.210499][ T5131] exc_invalid_op+0x1a/0x50
[ 66.215024][ T5131] asm_exc_invalid_op+0x1a/0x20
[ 66.219889][ T5131] RIP: 0010:btrfs_put_transaction+0x37f/0x3e0
[ 66.225974][ T5131] Code: 48 89 da e8 a3 08 1b 07 e9 00 fe ff ff e8 89 9f 06 fe 0f 0b e9 ef fc ff ff e8 7d 9f 06 fe 0f 0b e9 72 fd ff ff e8 71 9f 06 fe <0f> 0b e9 9b fd ff ff e8 65 9f 06 fe 48 89 df be 03 00 00 00 48 83
[ 66.245602][ T5131] RSP: 0018:ffffc9000457fbe0 EFLAGS: 00010293
[ 66.251690][ T5131] RAX: ffffffff8383cdaf RBX: ffff88802b40b330 RCX: ffff88801fe53a80
[ 66.259668][ T5131] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001
[ 66.267640][ T5131] RBP: 0000000000000001 R08: ffffffff8383caaf R09: ffffed1005681603
[ 66.275620][ T5131] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88802b40b028
[ 66.283597][ T5131] R13: ffff88802b40b000 R14: ffff88802b40b000 R15: ffff8880798d4c10
[ 66.291581][ T5131] ? btrfs_put_transaction+0x7f/0x3e0
[ 66.296982][ T5131] ? btrfs_put_transaction+0x37f/0x3e0
[ 66.302463][ T5131] btrfs_cleanup_transaction+0x543/0x1a60
[ 66.308209][ T5131] ? __lock_acquire+0x1f80/0x1f80
[ 66.313235][ T5131] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 66.319147][ T5131] ? btrfs_check_uuid_tree+0x80/0x80
[ 66.324453][ T5131] ? __mutex_unlock_slowpath+0x21c/0x750
[ 66.330103][ T5131] ? mutex_unlock+0x10/0x10
[ 66.334621][ T5131] ? do_raw_spin_unlock+0x13b/0x8b0
[ 66.339830][ T5131] transaction_kthread+0x424/0x4c0
[ 66.344957][ T5131] kthread+0x270/0x300
[ 66.349034][ T5131] ? cleaner_kthread+0x3c0/0x3c0
[ 66.353984][ T5131] ? kthread_blkcg+0xd0/0xd0
[ 66.358583][ T5131] ret_from_fork+0x1f/0x30
[ 66.363029][ T5131]
[ 66.366327][ T5131] Kernel Offset: disabled
[ 66.370753][ T5131] Rebooting in 86400 seconds..